Yannan Li,Yong Yu,Chunwei Lou,Nadra Guizani,Lianhai Wang

DOI: https://doi.org/10.1109/mnet.011.2000085

IF: 10.294

2020-01-01

IEEE Network

Abstract:The public key infrastructure (PKi) has been widely adopted to create, manage, distribute, store and revoke digital certificates, which plays an important role in bootstrapping secure communications. A PKi system authenticates entities with the corresponding public keys and it lays the security foundation for public-key cryptosystems in public-key encryption and digital signatures. However, traditional PKi systems suffer from security breaches, such as single-point-of-failure and man-in-the-middle attacks due to the existence of a centralized certificate authority. in this article, we review the traditional centralized PKi system as well as the subjected security concerns, and then we propose possible solutions to address these issues with the emerging blockchain technology. Two frameworks are presented where blockchain is utilized as a public bulletin board or trusted majority. We implement the functions to evaluate the off-chain time costs and on-chain gas costs of the proposal, which demonstrate the feasibility and practicality of the proposal.

Dagang Li,Rong Du,Man Ho Au,Yue Fu

DOI: https://doi.org/10.1109/lnet.2019.2891998

2017-01-01

Abstract:In this letter we propose Meta-key, a data-sharing mechanism that enablesusers share their encrypted data under a blockchain-based decentralized storagearchitecture. All the data-encryption keys are encrypted by the owner's publickey and put onto the blockchain for safe and secure storage and easykey-management. Encrypted data are stored in dedicated storage nodes and proxyre-encryption mechanism is used to ensure secure data-sharing in the untrustedenvironment. Security analysis of our model shows that the proxy re-encryptionadopted in our system is naturally free from collusion-attack due to thespecific architecture of Meta-key.

Qianwen Wei,Shujun Li,Wei Li,Hong Li,Mingsheng Wang

DOI: https://doi.org/10.1007/978-3-030-23597-0_29

2019-01-01

Abstract:In Bitcoin, the knowledge of private key equals to the ownership of bitcoin, which occurs two problems: the first problem is that the private key must be kept properly, and the second one is that once the private key is given, it can't be taken back, hence the bitcoin system can only implement the transfer function. In this paper, we first propose a new digital signature algorithm and use it to design an online wallet, which can help the user derive the signature without obtaining the user's private key. Secondly, using our proposed online wallet, we extend the application of private key so that the cryptocurrency system can implement the authorization function. In more detail, we define a new primitive that we call decentralized hierarchical authorized payment scheme (DHAP scheme). We next propose a concrete instantiation and prove its correctness. Finally, we analyze the security and usability of our scheme. For security, we prove our scheme to be secure under the random oracle model. For usability, we examine its performance and compare it with bitcoin's performance.

Mehmet Aydar,Salih Cemil Cetin,Serkan Ayvaz,Betul Aygun

DOI: https://doi.org/10.48550/arXiv.1907.04156

2019-07-09

Cryptography and Security

Abstract:The disruptive technology of blockchain can deliver secure solutions without the need for a central authority. In blockchain protocols, assets that belong to a participant are controlled through the private key of an asymmetric key pair that is owned by the participant. Although, this lets blockchain network participants to have sovereignty on their assets, it comes with the responsibility of managing their own keys. Currently, there exists two major bottlenecks in managing keys; $a)$ users don't have an efficient and secure way to store their keys, $b)$ no efficient recovery mechanism exists in case the keys are lost. In this study, we propose secure methods to efficiently store and recover keys. For the first, we introduce an efficient encryption mechanism to securely encrypt and decrypt the private key using the owner's biometric signature. For the later, we introduce an efficient recovery mechanism using biometrics and secret sharing scheme. By applying the proposed key encryption and recovery mechanism, asset owners are able to securely store their keys on their devices and recover the keys in case they are lost.

Ratna Halder,Dipanjan Das Roy,Dongwan Shin

DOI: https://doi.org/10.3390/jcp4020010

2024-03-31

Journal of Cybersecurity and Privacy

Abstract:Internet applications rely on Secure Socket Layer (SSL)/Transport Security Layer (TSL) certifications to establish secure communication. However, the centralized nature of certificate authorities (CAs) poses a risk, as malicious third parties could exploit the CA to issue fake certificates to malicious web servers, potentially compromising the privacy and integrity of user data. In this paper, we demonstrate how the utilization of decentralized certificate verification with blockchain technology can effectively address and mitigate such attacks. We present a decentralized public key infrastructure (PKI) based on a distributed trust model, e.g., Web of Trust (WoT) and blockchain technologies, to overcome vulnerabilities like single points of failure and to prevent tampering with existing certificates. In addition, our infrastructure establishes a trusted key-ring network that decouples the authentication process from CAs in order to enhance secure certificate issuance and accelerate the revocation process. Furthermore, as a proof of concept, we present the implementation of our proposed system in the Ethereum blockchain, confirming that the proposed framework meets the five identified requirements. Our experimental results demonstrate the effectiveness of our proposed system in practice, albeit with additional overhead compared to conventional PKIs.

computer science, information systems, interdisciplinary applications, software engineering

Zihang Cao,Li Zhao

DOI: https://doi.org/10.1145/3460537.3460556

2021-01-01

Abstract:Digital Rights Management (DRM) is a basic requirement in the Internet era. In order to solve the disadvantages caused by centralization in traditional DRM, many decentralized DRM (DDRM) structure are proposed, and they have achieved decentralization in copyright registration, copyright trading, etc. However, the distribution of content keys is their bottleneck. Different from public copyright and transaction information, content key which is used for digital content decryption cannot be directly disclosed to decentralized nodes. The existing DDRM relies on specific nodes or an ideal trust environment to issue encrypted content keys, which makes the system unable to be completely decentralized. In this paper, we proposed a decentralized key distribution system, and it can be compatible with the existing DDRM structure. We use zero-knowledge proof technology to prove to others the correctness of the encrypted content key without revealing it. We use blockchain technology to achieve decentralized key distribution, without relying on any trusted center. Our system allows consumers and agents to apply for and distribute content keys without trusting each other. Malicious users cannot commit fraud against others, and damaged nodes will not affect the stability and reliability of the system.

Lin Yuxi,Wang Zhaoheng,Wang Xingjun,Che XinYue,Tian Feng,Li Chengyu

2016-01-01

Abstract:Nowadays, more and more people are accustomed to using smart mobiles devices. According to NetMarketShare, in September 2015, Android occupies 53.54% of the smart mobile devices market shares. Digital Right Management (DRM) is recognized as an effective technology to protect the copyright of users. In DRM, the protection of private key is the basis of the system security. This paper presents an improved key distributed storage solution based on user credibility to protect user private key.

Shenwei Chen,Zhen Liu,Yu Long,Dawu Gu

DOI: https://doi.org/10.1007/978-3-031-22301-3_23

2022-01-01

Abstract:In a blockchain system, full nodes store all the history data generated by the whole network. As time goes by, the increasing data will place a heavy burden on the full nodes. Rational nodes may discard history data, which results in the decrease of the number of full nodes. Moreover, huge storage requirement prevents storage-constrained users from participating in the network. These factors weaken decentralization and are harmful to the whole blockchain network. In this paper, we propose a new shard-based blockchain framework called DeChain which distributes the blockchain database into different nodes in protocol level. Specifically, we design a new mechanism to shard the UTXOs into specific nodes and set special rules for transaction generation. Each node in DeChain is in charge of the verification of some specified transactions. We propose an RSA accumulator-based method to support inter-shards verification of transactions. With this framework, users can participate in the consensus of the whole network by only maintaining a small portion of blockchain database. This greatly reduces the storage burden and enhances the decentralization of blockchain network.

Shiwei Xu,Ao Sun,Zhengwei Ren,Yizhi Zhao,Qiufen Ni,Yan Tong

DOI: https://doi.org/10.1007/s10878-023-01047-0

Abstract:Consortium blockchains offer privacy for members while allowing supervision peers access to on-chain data under certain circumstances. However, current key escrow schemes rely on vulnerable traditional asymmetric encryption/decryption algorithms. To address this issue, we have designed and implemented an enhanced post-quantum key escrow system for consortium blockchains. Our system integrates NIST post-quantum public-key encryption/KEM algorithms and various post-quantum cryptographic tools to provide a fine-grained, single-point-of-dishonest-resistant, collusion-proof and privacy-preserving solution. We also offer chaincodes, related APIs, and invoking command lines for development. Finally, we perform detailed security analysis and performance evaluation, including the consumed time of chaincode execution and the needed on-chain storage space, and we also highlight the security and performance of related post-quantum KEM algorithms on consortium blockchain.

Jia Ni,Guowei Fang,Yekang Zhao,Jingjing Ren,Long Chen,Yongjun Ren

DOI: https://doi.org/10.3390/electronics13112216

IF: 2.9

2024-06-07

Electronics

Abstract:Against the backdrop of rapidly advancing cloud storage technology, as well as 5G and 6G communication technologies, group key management faces increasingly daunting challenges. Traditional key management encounters difficulties in key distribution, security threats, management complexity, and issues of trustworthiness. Particularly in scenarios with a large number of members or frequent member turnover within groups, this may lead to security vulnerabilities such as permission confusion, exacerbating the security risks and management complexity faced by the system. To address these issues, this paper utilizes blockchain technology to achieve distributed storage and management of group keys. This solution combines key management with the distributed characteristics of blockchain, enhancing scalability, and enabling tracking of malicious members. Simultaneously, by integrating intelligent authentication mechanisms and lightweight data update mechanisms, it effectively enhances the security, trustworthiness, and scalability of the key management system. This provides important technical support for constructing a more secure and reliable network environment.

engineering, electrical & electronic,physics, applied,computer science, information systems

Yazhou Wang,Bing Li,Yan Zhang,Jiaxin Wu,Guozhu Liu,Yuqi Li,Zhen Mao

DOI: https://doi.org/10.1016/j.jisa.2023.103610

IF: 4.96

2023-09-29

Journal of Information Security and Applications

Abstract:Blockchain technology is widely used in the field of digital currency because of its non-tamperability, traceability, and decentralization. Blockchain's private key is usually used to prove the ownership of the cryptocurrency. However, this private key managed by the blockchain wallet faces the challenge of secure storage. Once the private key is leaked or stolen, the user's digital assets will be permanently lost. To solve the storage issue of the private key, we propose a novel approach based on facial biometrics and a physical unclonable function (PUF) device to generate a secure blockchain's private key. Firstly, to protect user anonymity and enhance the security of the private key, a user's facial biometrics is bound with a device's PUF fingerprint to generate the trusted private keys online without being stored in a third-party server or an external device. Secondly, to prevent the leakage of sensitive data, we utilize the correctness and perfectness of secret sharing to protect the helper data to prevent attackers from obtaining sensitive information about the fusion template. Thirdly, we give the formal security proof of our proposed scheme and conduct the informal security analysis. The experiment results demonstrate our scheme achieves a better EER (Equal Error Rate) of 2.02% in terms of accuracy and takes about 1008ms to generate a private key in terms of efficiency. Moreover, our scheme can resist various attacks such as password guessing , stolen mobile device, user impersonation, physical and cloning, and information leakage attacks. Finally, we develop a blockchain wallet prototype without modifying the blockchain protocol to achieve transfer transactions for demonstrating the usability and security of our proposed approach in a real-world scenario.

computer science, information systems

Jiahe Wang,Songjie Wei,Haozhe Liu

DOI: https://doi.org/10.1007/978-3-030-23404-1_14

2019-01-01

Abstract:To overcome the difficulties in the traditional password-based identity authentication procedure with high security risk and complexity, and to avoid the privacy leaking problems arising from a series of new techniques such as using biometrics as key, this paper proposes a universal solution for decentralized identity authentication by block chain integrated with a trusted execution environment, through a separate hardware to establish a secure area, enabling identity anonymity and avoiding feature disclosure. Smart contract and consensus mechanism are adopted for building trusted identity nodes between decentralized nodes by constructing a traceable identity data structure in blockchain. We conduct formal theoretical and empirical evaluations to show that the proposed can realize user identity registration, cross-platform authentication, and guarantee security in the whole procedure with efficiency and reliability.

Lipeng Wang,Zhi Guan,Zhong Chen,Mingsheng Hu

DOI: https://doi.org/10.1109/tifs.2023.3285489

IF: 7.231

2023-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Emerging blockchain technology has become the cornerstone of many applications providing trusted data services. However, existing blockchain platforms cannot meet the growing demand for big data storage. Blockchain should duplicate both transactions and other user-defined data across nodes for integrity assurance. The rapid expansion of data on blockchain (on-chain data) increases the difficulty of deploying a full node, resulting in decreasing the degree of decentralization and adding the risk of broken data. To tackle these problems, we propose sChain, a novel framework for improving blockchain storage capacity, which does not revise blockchain implementation and can be applied to almost all the existing blockchain platforms. sChain outsources the user data to storage devices that are structurally external to the blockchain network. In theory, a user can outsource unlimited data to sChain. However, those off-chain data may suffer from corruption. To verify the data integrity, we propose a new provable data possession (PDP) scheme, which does not need a centralized entity to maintain any secret keys and therefore eliminates a single point of failure. What is more, we also design a prototype to accelerate the proposed PDP scheme through Intel SGX technology and parallel processing. Security analysis and evaluation results show that sChain can protect data security and effectively improve the blockchain storage capacity, respectively.

Tim Hobson,Lydia France,Sam Greenbury,Luke Hare,Pamela Wochner

DOI: https://doi.org/10.1049/icp.2023.2561

2024-01-05

Abstract:The sharing of public key information is central to the digital credential security model, but the existing Web PKI with its opaque Certification Authorities and synthetic attestations serves a very different purpose. We propose a new approach to decentralised public key infrastructure, designed for digital identity, in which connections between legal entities that are represented digitally correspond to genuine, pre-existing relationships between recognisable institutions. In this scenario, users can judge for themselves the level of trust they are willing to place in a given chain of attestations. Our proposal includes a novel mechanism for establishing a root of trust in a decentralised setting via independently-verifiable timestamping. We also present a reference implementation built on open networks, protocols and standards. The system has minimal setup costs and is freely available for any community to adopt as a digital public good.

Cryptography and Security

Zhongyuan Yao,Heng Pan,Xueming Si,Weihua Zhu

DOI: https://doi.org/10.1007/978-981-15-2777-7_20

2019-01-01

Abstract:Since its invention, the public blockchain has attracted more attention from both the academia and industry because of its fully decentralization and persistency features. However, the privacy issue in public blockchain is still challengeable. While there exists privacy preservation mechanisms proposed for the public blockchain, almost all of them can only solve partial of the privacy issue, either user privacy or data privacy indeed, in it. In this work, we present a decentralized access control encryption scheme which ensures user and data privacy simultaneously in public blockchain. With our cryptographic solution, the validity of one specific transaction can be publicly verified, while its content can only be retrieved by its intended receivers. Moreover, the origin of this transaction cannot be identified by any participant except the receivers in the network. Our analysis shows that our solution is really suitable to deploy in public blockchain and is proven secure under mathematical assumptions.

Beini Zhou,Hui Li,Li Xu

DOI: https://doi.org/10.1109/iscc.2018.8538446

2018-01-01

Abstract:Identity-based encryption is a key distribution system in which the public key of a user is derived directly from his identity information. Compared with PKI, Identity-based encryption simplifies key management issue, but it still suffers from drawbacks inkey escrow and private key delivering. Motivated by this, we propose an improved key distribution solution called BIBE by integrating the technique of blockchain into the identity-based encryption. Specifically, we split the nodes in the chain to complete user authentication and private key protection, respectively. Furthermore, the two sides complete the mutual identity authentication with the identity information key pairs obtained from BIBE. Additionally, to prevent network attack, we employ timestamps, random numbers and hash algorithm in the process of identification. Through the rigorous and mathematical analysis, the proposed scheme demonstratesa far better performance on correctness, safety and efficiency.

Liang Xue,Dongxiao Liu,Cheng Huang,Xuemin Shen,Weihua Zhuang,Rob Sun,Bidi Ying

DOI: https://doi.org/10.1109/JSAC.2022.3213312

IF: 16.4

2022-01-01

IEEE Journal on Selected Areas in Communications

Abstract:Future networks incorporate artificial intelligence to enable smart resource management and adaptive service provisioning. With a heterogeneous architecture and a large number of users in future networks, transparent and decentralized data sharing is required to promote data circulation and break data silos, for which blockchain is a potential solution to allow intelligent access permission control. However, it remains a challenging task to achieve flexible authorization management for blockchain-based data sharing and efficient key update for multi-users in case of key exposure. In this paper, we propose an intelligent blockchain-based data-sharing scheme with key update for future networks. First, we design a new encryption scheme, where keywords of data are extracted using machine learning algorithms that are published on the blockchain. Then, keywords of data and time validity are used to encrypt different types of data for flexible data authorization. Second, using hierarchical identity-based encryption, we construct an efficient key update mechanism, where update tokens are generated by invoking a smart contract deployed on the blockchain to facilitate key and ciphertext updates. We formally prove that the proposed scheme can guarantee three essential security properties: forward security, post-compromise security, and collusion attack resistance. On-chain and off-chain experiment results are provided to demonstrate that the proposed scheme can achieve computational and communication efficiency for key and ciphertext updates.

Hongtao Yu,Suhui Liu,Liquan Chen,Yuan Gao

DOI: https://doi.org/10.1016/j.sysarc.2024.103103

IF: 5.836

2024-03-09

Journal of Systems Architecture

Abstract:In smart wards, data generated by wearables and monitoring devices are periodically transferred to the cloud server for long-term logging and subsequent access. Remote cloud storage inevitably raises security and access control challenges. Encryption can secure data but may severely impact the value generated by sharing data. More importantly, the privacy leakage caused by keyword searches is unacceptable for medical data. The designated-server public-key encryption with keyword search (dPEKS) can realize ciphertext-based search. However, existing dPEKS face an efficiency bottleneck as they only achieve one-to-one data sharing. In addition, cloud-controlled access control creates over-centralized power. In contrast, using blockchain to control who can search has the extra benefit that the blockchain can record access behavior for subsequent tracking. Therefore, this paper proposes a blockchain-assisted dPEKS (BC-dPEKS) scheme, which exploits a permissioned blockchain to perform trapdoor generation on behalf of data users and record data uploading and access for tracing. To the best of our knowledge, this is the first scheme to tightly integrate blockchain to change PEKS primitive to achieve one-to-many search. Formal security models, the corresponding security proofs, and comprehensive performance analysis are presented.

computer science, software engineering, hardware & architecture

Wouter Lueks,Brinda Hampiholi,Greg Alpár,Carmela Troncoso

DOI: https://doi.org/10.48550/arXiv.1809.03390

2020-07-13

Abstract:Users' devices, e.g., smartphones or laptops, are typically incapable of securely storing and processing cryptographic keys. We present Tandem, a novel set of protocols for securing cryptographic keys with support from a central server. Tandem uses one-time-use key-share tokens to preserve users' privacy with respect to a malicious central server. Additionally, Tandem enables users to block their keys if they lose their device, and it enables the server to limit how often an adversary can use an unblocked key. We prove Tandem's security and privacy properties, apply Tandem to attribute-based credentials, and implement a Tandem proof of concept to show that it causes little overhead.

Cryptography and Security

Zeyuan Yin,Bingsheng Zhang,Jingzhong Xu,Kaiyu Lu,Kui Ren

DOI: https://doi.org/10.1109/tifs.2022.3209546

IF: 7.231

2022-01-01

IEEE Transactions on Information Forensics and Security

Abstract:With the advancement of blockchain technology, hundreds of cryptocurrencies have been deployed. The bloom of heterogeneous blockchain platforms brings a new emerging problem: typically, various blockchains are isolated systems, how to securely identify and/or transfer digital properties across blockchains? There are three main kinds of cross-chain approaches: sidechains/relays, notaries, and hashed time-lock contracts. Among them, notary-based cross-chain solutions have the best compatibility and user-friendliness, but they are typically centralized. To resolve this issue, we present Bool Network – an open, distributed, secure cross-chain notary platform powered by MPC-based distributed key management over evolving hidden committees. More specifically, to protect the identities of the committee members, we propose a Ring verifiable random function (Ring VRF) protocol, where the real public key of a VRF instance can be hidden among a ring, which may be of independent interest to other cryptographic protocols. Furthermore, all the key management procedures are executed in the TEE, such as Intel SGX, to ensure the privacy and integrity of partial key components. A prototype of the proposed Bool Network is implemented in Rust language, using Polkadot Substrate.