Cong Li,Qingni Shen,Zhikang Xie,Jisheng Dong,Yuejian Fang,Zhonghai Wu

DOI: https://doi.org/10.1109/icassp43922.2022.9746617

2022-01-01

Abstract:Online/offline identity-based signature (OO-IBS) is an adequate cryptographic tool to provide the message authentication and integrity in mobile devices, since it lightens the computational burden after the signer receives the message and eliminates the overhead of certificate management. It has several valuable applications, such as wireless sensor networks and automatic dependent surveillance-broadcast systems. Identity-based chameleon hash (IB-CH), as an alternative building block to construct OO-IBS, has been explored in several literatures. Nevertheless, almost all of the prior IB-CH schemes are in the random oracle model, which may lead to security risks in practicality. The only IB-CH scheme in the standard model proposed by Xie et al. (ICC'21) suffers from the large size of public parameters and inefficient setup process. In this paper, we propose an efficient IB-CH scheme in the standard model, significantly reducing the computational costs of all the algorithms and the size of public parameters compared with Xie's scheme. The security and experimental analyses demonstrate the security and good performance of our scheme. Furthermore, we applied our scheme to optimize the existing generic OO-IBS construction. Our optimized construction reduces computational overhead by 50.0% in the online phase compared with the original construction.

Qi Xie,Deren Chen

DOI: https://doi.org/10.1109/icie.2010.292

2010-01-01

Journal of Networks

Abstract:To use the network services provided by multiple servers in mobile wireless network, a hash function and smart card based multi-server authentication scheme without verification tables and servers' public keys is proposed. The new protocol has many advantages, such as no encryption, signature, verification tables, timestamp, and public keys directory.

Jianqing Fu,Jian Chen,Rong Fan,XiaoPing Chen,Lingdi Ping

DOI: https://doi.org/10.1109/wcse.2009.731

2009-01-01

Abstract:With the widespread use of mobile devices, authentication and privacy of identification become important issues. We analyzed the security flaws and shortcomings of a delegation-based authentication protocol which was proposed by Caimu Tang, et al., and provided an improved protocol. We use elliptic-curve cryptography and hash chain to ensure the safety of system in our scheme. The research results reveal that the improved protocol can not only corrects the security flaws but also improve the efficiency of key management and reduce the computational load.

Y Lei,DR Chen,ZD Jiang

DOI: https://doi.org/10.1109/aina.2004.1283860

2004-01-01

Abstract:With the explosion of the mobile communication market, more and more handheld devices act as clients in the Internet. People use these devices to purchase books, play games, receive emails, etc. For protecting privacies, such applications should integrate digital signature schemes. Since handheld devices have poor computational capabilities and limited battery life, traditional computation intensive digital signature protocols that are based on asymmetric cryptographic algorithms are not suitable for mobile devices. In this paper we propose a Server Based Signature (SBS) scheme for mobile devices. Besides achieving the same security level of the traditional digital signature protocols, the SBS scheme also: 1) reduces the computation complexity on the mobile devices; 2) reduces the communication consumption between signer and verifier Application results show that our scheme is very useful for mobile communication systems.

Fagen Li,Muhammad Khurram Khan,Khaled Alghathbar,Tsuyoshi Takagi

DOI: https://doi.org/10.1016/j.jnca.2011.08.001

IF: 7.574

2012-01-01

Journal of Network and Computer Applications

Abstract:Confidentiality and authentication are the basic security requirements for many cryptographic applications. In this paper, we propose an efficient identity-based online/offline signcryption scheme, which is very suitable for low power devices such as smart cards or mobile devices. Our scheme has the following advantages: (i) It does not need to authenticate a public key and fulfills both confidentiality and authentication simultaneously at a lower cost. (ii) Most of computations are carried out offline and online part is very efficient. (iii) It does not require the message and the receiver's identity in the offline stage. The message and the receiver's identity are only needed in the online stage. Compared with the existing schemes, our scheme have the great advantage of the offline storage and ciphertext length.

P Thanalakshmi,R Anitha,N Anbazhagan,Woong Cho,Gyanendra Prasad Joshi,Eunmok Yang

DOI: https://doi.org/10.3390/s21248417

2021-12-16

Abstract:As a standard digital signature may be verified by anybody, it is unsuitable for personal or economically sensitive applications. The chameleon signature system was presented by Krawczyk and Rabin as a solution to this problem. It is based on a hash then sign model. The chameleon hash function enables the trapdoor information holder to compute a message digest collision. The holder of a chameleon signature is the recipient of a chameleon signature. He could compute collision on the hash value using the trapdoor information. This keeps the recipient from disclosing his conviction to a third party and ensures the privacy of the signature. The majority of the extant chameleon signature methods are built on the computationally infeasible number theory problems, like integer factorization and discrete log. Unfortunately, the construction of quantum computers would be rendered insecure to those schemes. This creates a solid requirement for construct chameleon signatures for the quantum world. Hence, this paper proposes a novel quantum secure chameleon signature scheme based on hash functions. As a hash-based cryptosystem is an essential candidate of a post-quantum cryptosystem, the proposed hash-based chameleon signature scheme would be a promising alternative to the number of theoretic-based methods. Furthermore, the proposed method is key exposure-free and satisfies the security requirements such as semantic security, non-transferability, and unforgeability.

Yiming Li,Shengli Liu

DOI: https://doi.org/10.3233/jcs-220121

2024-01-01

Journal of Computer Security

Abstract:Identity-based chameleon hash (IBCH) is a cryptographic primitive with nice properties. IBCH equips each user with a trapdoor and the hash values can be publicly evaluated w.r.t. the identity of any user. On the one hand, it is hard to find collisions for the hash values without the user’s trapdoor. On the other hand, with the help of the user’s trapdoor, finding collisions becomes easy. An important application of IBCH is to upgrade an identity-based signature (IBS) scheme to an on-line/off-line identity-based signature (OO-IBS) scheme. OO-IBS is a useful tool to provide authenticity in lightweight smart devices, since it only involves light on-line computations and does not need key certificate. Up to now, there are many IBCH constructions from traditional number-theoretic assumptions like RSA, CDH, etc. However, none of the existing IBCH schemes achieve the post-quantum security in the standard model. In this paper, we propose a new IBCH scheme from lattices. The security of our IBCH is reduced to a well-accepted lattice-based assumption – the Short Integer Solution (SIS) assumption in the standard model. Our work provides the first post-quantum solution to IBCH in the standard model.

Jie Song,Xiangyu Pan,Fagen Li

DOI: https://doi.org/10.1007/978-981-99-9331-4_8

2024-01-01

Abstract:With the rapid development of network technology, the number of mobile devices is increasing at a phenomenal speed. However, many wireless communications are established on public wireless networks, which makes it a challenge to ensure the message confidentiality and user privacy. Besides, mobile devices usually have limited resources. It is necessary to design a secure and efficient cryptographic scheme for wireless communication. In this paper, we propose an identity-based mutual authentication scheme for resource-constrained mobile devices. With the help of random oracle model, we show that the scheme is provably secure under extended Canetti-Krawczyk (eCK) security model. Finally, through comparative experiments with six related works, we demonstrate that the proposed scheme is the most suitable for resource-constrained mobile devices in wireless communications.

Miaomiao Zhang,Gongliang Chen,Jianhua Li

DOI: https://doi.org/10.1109/imsccs.2006.218

2006-01-01

Abstract:This paper introduces a new digital signature primitive that allows a proxy signer to sign messages on behalf of the original signer, in a way that do not allow the recipient of the signature to disclose the contents of the signed information to any third party without the proxy signer's consent. The above primitive, called proxy chameleon signature enjoys all the attributes in the normal proxy signature and chameleon signature, and it is also proved secure against existential forgery under adaptive chosen message attack in the random oracle model assuming Weak-DH problem is hard.

Ding Wang,Haibo Cheng,Debiao He,Ping Wang

DOI: https://doi.org/10.1109/jsyst.2016.2585681

IF: 4.802

2018-01-01

IEEE Systems Journal

Abstract:Providing secure, efficient, and privacy-preserving user authentication in mobile networks is a challenging problem due to the inherent mobility of users, variety of attack vectors, and resource-constrained nature of user devices. Recent studies show that identity-based cryptosystems can eliminate the certificate overhead and thus address the issues associated with public-key infrastructure technology-which is a rare bit of good news in today's computer security world. In this paper, we employ three representative identity-based remote user authentication schemes (i.e., Truong et al.'s scheme, Li et al.'s scheme, and Zhang et al.'s scheme) as case studies to reveal the challenges and subtleties in designing a practical authentication scheme for mobile devices. First, we demonstrate that Truong et al.'s scheme, which was presented at the IEEE AINA 2012, cannot achieve a few important security goals under our new attacking scenarios: 1) it fails to resist against known session-specific temporary information attack; 2) it cannot withstand key compromise impersonation attack; and 3) it is of poor usability. Second, we show that Li et al.'s privacy-preserving scheme, which was proposed at GLOBECOM 2012, is subject to some subtle (yet severe) efficiency problems that make it virtually impossible for any practical use. Third, we scrutinize a "provably secure" scheme for roaming services in mobile networks designed by Zhang et al. at SCN 2015 and find it prone to collusion attack and replay attack. Further, we investigate into the underlying causes for these identified failures, and figure out an improvement over Truong et al.'s scheme to overcome the revealed challenges while maintaining reasonable efficiency.

Guanglei Zhao,Xianping Si,Jingcheng Wang,Xiao Long,Ting Hu

DOI: https://doi.org/10.1109/ICMIC.2011.5973767

2011-01-01

Abstract:This paper presents a novel mutual identity authentication scheme which can be applied securely in Internet of Things. Based on secure hash algorithm(SHA), feature extraction and elliptic curve cryptography(ECC), we propose an asymmetric mutual authentication scheme between the platform and the terminal node, which imposes light computation and communication cost, through security analysis it is also shown that the proposed scheme is secure and feasible for applications in the Internet of Things.

Qingyang Zhang,Xiaolong Zhou,Hong Zhong,Jie Cui,Jiaxin Li,Debiao He

DOI: https://doi.org/10.1109/tifs.2024.3451357

IF: 7.231

2024-09-11

IEEE Transactions on Information Forensics and Security

Abstract:Several authentication and key agreement (AKA) schemes have been proposed to ensure secure communication in the Industrial Internet of Things (IIoT). However, most of these schemes face two primary problems. First, they cannot resist various attacks, such as impersonation and device capture attacks. Second, these schemes overlook the resource-constrained IIoT devices, failing to guarantee lightweight overhead for device operations. Therefore, we propose a novel and efficient AKA scheme. Utilizing the chameleon hash function and physical unclonable function, the proposed scheme implements a lightweight overhead for both authentication parties while maintaining the overhead of the gateway within a reasonable range. Furthermore, we implement device anonymity based on lightweight operations such as hash and XOR. In addition, we perform a rigorous security analysis using the widely accepted Real-Or-Random model, BAN logic, and Proverif tool. Finally, through heuristic analysis and experiments, we substantiate that our scheme surpasses the compared schemes in terms of both security attributes and system overhead.

computer science, theory & methods,engineering, electrical & electronic

Jie Xu,Kaiping Xue,Hangyu Tian,Jianan Hong,David S. L. Wei,Peilin Hong

DOI: https://doi.org/10.1109/tvt.2020.2986041

IF: 6.8

2020-01-01

IEEE Transactions on Vehicular Technology

Abstract:More and more users are eager to obtain more comprehensive network services without revealing their private information. Traditionally, in order to access a network, a user is authorized with an identity and corresponding keys, which are generated and managed by the network operator. All users' personally identifying information are centralized stored by the network operator. However, this approach makes users lose the control of their personally identifying information. Users are concerned about who can access these sensitive data and whether they have been compromised. In this paper, we propose a blockchain-based identity management and authentication scheme for mobile networks, where users' identifying information are controlled by the users themselves. Our scheme let users generate their self-sovereign identities (SSIs) and corresponding public keys and private keys. The private key used to authenticate the user's identifying information is only known to the user. We use blockchain to record SSIs and public keys of legitimate user, and adopt chameleon hash to delete illegal users' information on the blockchain, while keeping the block head unchanged. Furthermore, other service providers can obtain the user's SSI and public key and authenticate users by querying the blockchain. Experimental results confirm that our scheme can greatly reduce the revocation overhead and communication overhead.

Feng Bao,Robert H. Deng,Xuhua Ding,Junzuo Lai,Yunlei Zhao

DOI: https://doi.org/10.1007/978-3-642-21554-4_12

2011-01-01

Abstract:At ACNS 2008, Canard et al. introduced the notion of trapdoor sanitizable signature (TSS) based on identity-based chameleon hash (IBCH). Trapdoor sanitizable signatures allow the signer of a message to delegate, at any time, the power of sanitization to possibly several entities who can modify predetermined parts of the message and generate a new signature on the sanitized message without interacting with the original signer. In this paper, we introduce the notion of hierarchical identity-based chameleon hash (HIBCH), which is a hierarchical extension of IBCH. We show that HIBCH can be used to construct other cryptographic primitives, including hierarchical trapdoor sanitizable signature (HTSS) and key-exposure free IBCH. HTSS allows an entity who has the sanitization power for a given signed message, to further delegate its power to its descendants in a controlled manner. Finally, we propose a concrete construction of HIBCH and show that it is t-threshold collusion-resistant.

Jakir Hossain,Chunxiang Xu,Chuang Li

DOI: https://doi.org/10.1109/ICCWAMTIP51612.2020.9317383

2020-01-01

Abstract:Authentication schemes employing identity-based encryption are widely used in mobile cloud computing environments. It enables users to get umpteen services from different cloud servers by registering only once with a third-party. However, in existing schemes, the security against chosen-ciphertext attacks and malicious private key generator is not well-considered. These security pitfalls may cause security and privacy issues in some application scenarios since an active attacker can send a number of adaptively chosen ciphertext and tries to distinguish the target ciphertext; succeeds may cause the exposure of the underlying secret key. In this paper, we propose a secure and efficient authentication scheme for mobile cloud computing with security against chosen-ciphertext attacks and malicious private key generator based on adaptive one-wayness trapdoor function and learning-parity with noise hardness assumption. Our comprehensive security proof demonstrates that our scheme is indistinguishable against chosen-ciphertext attacks.

Ye JIN,Zhenfu CAO

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.02.053

2006-01-01

Abstract:With the development of the mobile agent, the security problems related to it are receiving an increasing attention. How to protect the mobile agent from the malicious agent platforms is an important nevertheless tough task. This paper argues the problem of how a mobile agent can sign a signature on behalf of its owner in a hostile environment without revealing its owner’s secret key. A new digital signature scheme is proposed here with improved efficiency in time and space cost. What’s more, the new scheme is provably secure in the Random Oracle Model.

Hu Xiong,Songyang Wu,Fagen Li,Zhiguang Qin

DOI: https://doi.org/10.1007/s11277-014-2106-3

IF: 2.017

2015-01-01

Wireless Personal Communications

Abstract:As an important approach to resist the threat of key leakage, key insulated security allows secret keys to be periodically updated by using a physically-secure but computation-limited device. Recently, key insulated mechanism has been introduced into identity based (ID-based) signature to solve the key-leakage problem in ID-based signature scenarios. In this paper, we present two compact ID-based key-insulated signature schemes that try to minimize the total amount of message and signature. Compared with the up-to-date ID-based key-insulated signatures, our schemes enjoy the minimum net bandwidth and computation overhead. We also provide formal security proofs of our schemes under the Computational Diffie–Hellman assumption in the random oracle model. We focus on potential applications of our schemes to secret handshakes, but we believe they will find many other applications as well.

Qun Lin,Hongyang Yan,Zhengan Huang,Wenbin Chen,Jian Shen,Yi Tang

DOI: https://doi.org/10.1109/access.2018.2809426

IF: 3.9

2018-01-01

IEEE Access

Abstract:Identity-based cryptosystems mean that public keys can be directly derived from user identifiers, such as telephone numbers, email addresses, and social insurance number, and so on. So they can simplify key management procedures of certificate-based public key infrastructures and can be used to realize authentication in blockchain. Linearly homomorphic signature schemes allow to perform linear computations on authenticated data. And the correctness of the computation can be publicly verified. Although a series of homomorphic signature schemes have been designed recently, there are few homomorphic signature schemes designed in identity-based cryptography. In this paper, we construct a new ID-based linear homomorphic signature scheme, which avoids the shortcomings of the use of public-key certificates. The scheme is proved secure against existential forgery on adaptively chosen message and ID attack under the random oracle model. The ID-based linearly homomorphic signature schemes can be applied in e-business and cloud computing. Finally, we show how to apply it to realize authentication in blockchain.

computer science, information systems,telecommunications,engineering, electrical & electronic

Andrew Chi-Chih Yao,Yunlei Zhao

DOI: https://doi.org/10.1109/tifs.2012.2232653

IF: 7.231

2012-01-01

IEEE Transactions on Information Forensics and Security

Abstract:When digital signature is applied on low-power devices, like smart cards, wireless sensors and RFID tags, some specific properties, e.g., better offline storage, more modular and flexible deployment, are desired. To meet these needs, a new variant of the Fiat-Shamir transformation for digital signatures, referred to as Γ -transformation, is introduced and formalized in this work. Following this new transformation approach, some new signature schemes (referred to as Γ-signatures) are presented and discussed. In particular, it is shown that the Γ-signatures for discrete logarithm problem (DLP) developed in this work combine, in essence, the advantages of both Schnorr's signature and the digital signature standard (DSS), while saving from the disadvantages of them both.

Xiong Li,Junguo Liao,Saru Kumari,Wei Liang,Fan Wu,Muhammad Khurram Khan

DOI: https://doi.org/10.1007/s11277-015-2737-z

IF: 2.017

2015-01-01

Wireless Personal Communications

Abstract:The remote user authentication scheme is an important security technology, which provides authentication service before a user accesses the service provided by the remote server. In this paper, we analyze the security and design flaws of a recently proposed dynamic ID authentication and key agreement scheme by Lin. We find Lin’s scheme is totally cannot be used in real applications because of the following weaknesses: it has some design drawbacks such as it does not have the wrong password detection mechanism and its password change phase is incorrect; the user can login to the server using any wrong identity or password because of the inherent defects in the design of the authentication message; at the same time, Lin’s scheme is vulnerable to the mobile device loss attack and denial of service attack. For security considerations, we propose some principles which should be followed in the design of the user authentication schemes. According to these design principles, we design a new dynamic ID-based user authentication scheme using mobile device. We formally analyze the security features of the proposed scheme using BAN logic, and give the provable security analysis in random oracle model. Besides, we also discuss our scheme can resist other well known attacks. The functionality and performance comparisons shown that the proposed scheme enhances the security features and keeps the efficiency at the same time.