Peng Li,Junzuo Lai,Yongdong Wu

DOI: https://doi.org/10.1016/j.jisa.2021.102865

IF: 4.96

2021-08-01

Journal of Information Security and Applications

Abstract:<p>In the pursuit of anonymous authentication schemes that balance anonymity and accountability, various authentication schemes have been proposed. However, most of existing schemes cannot achieve linkability while holding public traceability. In this paper, we introduce a new variant of anonymous authentication called <em>event-oriented linkable and traceable anonymous authentication</em> (<span class="sans-serif">EOLTAA</span>) and provide a generic construction. In an <span class="sans-serif">EOLTAA</span> scheme, a message to be authenticated binds an <em>event</em>. If two different messages binding the same event are authenticated by an identical user, anyone can link the two authentications and further reveal the user's identity. Then we formally define the security requirements of <span class="sans-serif">EOLTAA</span>, including unforgeability, anonymity, linkability and public traceability. We give a generic construction satisfying the security requirements. With this new authentication scheme, we construct the first decentralized, anonymous, linkable and publicly traceable e-voting based on blockchain.</p>

computer science, information systems

彭志宇,李善平,杨朝晖,林欣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2010.05.011

2010-01-01

Abstract:An anonymous authorization mechanism was proposed to protect the user's privacy in the process of authorization in trust management. User requested for services using their real identification in most of the classic trust-management language system, which potentially leaded to the privacy leaking. Through dynamically searching for the delegation roles which take over the request, the anonymous authorization mechanism retained the right behavior of credential chain discovery and achieved a quantitative way of anonymity against the resource provider. Results showed that the anonymous mechanism shared the same worst-case time complexity with the traditional forward credential-chain-searching method. A method of caching all the members in the nodes was proposed to improve the performance in time spending. Simulation results showed that the performance in time spending greatly improved in the relative stable systems, in which the credentials change slowly.

Peng Li,Junzuo Lai,Dehua Zhou,Ye Yang,Wei Wu,Junbin Fang

DOI: https://doi.org/10.1016/j.comnet.2023.109828

IF: 5.493

2023-05-25

Computer Networks

Abstract:Incentive-based applications enable users to obtain rewards after they complete a task, but how to balance the privacy and accountability is one of the most serious concerns currently. Publicly accountable anonymous authentication provides an excellent way verifying a user's identity in a privacy-preserving way while ensuring public accountability in case of dispute. Although different kinds of these schemes have been proposed, they all assume that there is a single centralized certificate authority issuing a certificate to users, and are not suitable for an actual scenario which always involves multiple authorities. Therefore, a new primitive called multi-authority linkable and traceable anonymous authentication is proposed to address this issue, enabling privacy protection while holding public accountability under a multi-authority setting. We formally define a security model for this new notion and simultaneously design a generic construction while giving the security proof. Additionally, we implement the proposed scheme to show its efficiency.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Jianqing Fu,Jian Chen,Rong Fan,XiaoPing Chen,Lingdi Ping

DOI: https://doi.org/10.1109/wcse.2009.731

2009-01-01

Abstract:With the widespread use of mobile devices, authentication and privacy of identification become important issues. We analyzed the security flaws and shortcomings of a delegation-based authentication protocol which was proposed by Caimu Tang, et al., and provided an improved protocol. We use elliptic-curve cryptography and hash chain to ensure the safety of system in our scheme. The research results reveal that the improved protocol can not only corrects the security flaws but also improve the efficiency of key management and reduce the computational load.

Jinguang Han,Liqun Chen,Steve Schneider,Helen Treharne,Stephan Wesemeyer

DOI: https://doi.org/10.48550/arXiv.1804.07201

2018-04-19

Abstract:Anonymous Single-Sign-On authentication schemes have been proposed to allow users to access a service protected by a verifier without revealing their identity which has become more important due to the introduction of strong privacy regulations. In this paper we describe a new approach whereby anonymous authentication to different verifiers is achieved via authorisation tags and pseudonyms. The particular innovation of our scheme is authentication can only occur between a user and its designated verifier for a service, and the verification cannot be performed by any other verifier. The benefit of this authentication approach is that it prevents information leakage of a user's service access information, even if the verifiers for these services collude which each other. Our scheme also supports a trusted third party who is authorised to de-anonymise the user and reveal her whole services access information if required. Furthermore, our scheme is lightweight because it does not rely on attribute or policy-based signature schemes to enable access to multiple services. The scheme's security model is given together with a security proof, an implementation and a performance evaluation.

Cryptography and Security

Jinguang Han,Liqun Chen,Steve Schneider,Helen Treharne,Stephan Wesemeyer,Nick Wils

DOI: https://doi.org/10.48550/arXiv.1811.07642

2019-04-11

Abstract:An anonymous Single Sign-On (ASSO) scheme allows users to access multiple services anonymously using one credential. We propose a new ASSO scheme, where users can access services anonymously through the use of anonymous credentials and unlinkably through the provision of designated verifiers. Notably, verifiers cannot link service requests of a user even if they collude. The novelty is that when a designated verifier is unavailable, a central authority can authorise new verifiers to authenticate the user on behalf of the original verifier. Furthermore, if required, a central verifier is authorised to deanonymise users and trace their service requests. We formalise the scheme along with a security proof and provide an empirical evaluation of its performance. This scheme can be applied to smart ticketing where minimising the collection of personal information of users is increasingly important to transport organisations due to privacy regulations such as General Data Protection Regulations (GDPR).

Cryptography and Security

Ding Wang,Debiao He,Ping Wang,Chao-Hsien Chu

DOI: https://doi.org/10.1109/tdsc.2014.2355850

2015-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Despite two decades of intensive research, it remains a challenge to design a practical anonymous two-factor authentication scheme, for the designers are confronted with an impressive list of security requirements (e.g., resistance to smart card loss attack) and desirable attributes (e.g., local password update). Numerous solutions have been proposed, yet most of them are shortly found either unable to satisfy some critical security requirements or short of a few important features. To overcome this unsatisfactory situation, researchers often work around it in hopes of a new proposal (but no one has succeeded so far), while paying little attention to the fundamental question: whether or not there are inherent limitations that prevent us from designing an “ideal” scheme that satisfies all the desirable goals? In this work, we aim to provide a definite answer to this question. We first revisit two foremost proposals, i.e. Tsai et al.'s scheme and Li's scheme, revealing some subtleties and challenges in designing such schemes. Then, we systematically explore the inherent conflicts and unavoidable trade-offs among the design criteria. Our results indicate that, under the current widely accepted adversarial model, certain goals are beyond attainment. This also suggests a negative answer to the open problem left by Huang et al. in 2014. To the best of knowledge, the present study makes the first step towards understanding the underlying evaluation metric for anonymous two-factor authentication, which we believe will facilitate better design of anonymous two-factor protocols that offer acceptable trade-offs among usability, security and privacy.

Deng Yu-qiao

Abstract:In order to protect the users' privacy,based on the theory and construction of k-TAA presented by Teranisi,presented a fair k-TAA scheme used the blind signature.The scheme added trustee that could easily trace the ID of illegal users and kept the other properties remain at the same time.The appearance of trustee confirms the security of the scheme.The paper also gave all the properties' discussion at last.

Computer Science

ZHU Chang-sheng,LIU Peng-hui,WANG Qing-rong,CAO Lai-cheng

DOI: https://doi.org/10.3724/sp.j.1087.2011.01862

2011-01-01

Journal of Computer Applications

Abstract:How to keep mutual anonymity between two entities is one of the critical issues for Trusted Computation(TC).According to the characteristics of TC,an efficient password-based authenticated key exchange scheme was proposed.Adopting threshold cryptography and fuzzy ID set,the scheme achieved mutual anonymity between user and server sharing ID set.On the premise of secure hashing,the analysis and the proving procedure based on the Random Oracle Model(ROM) show this scheme is secure against dictionary attack and resource-depletion DoS(Denial-of-Service) attack under the computational Diffie-Hellman intractability assumption.This scheme effectively preserves the user's privacy and server's privacy,and compared with other schemes such as VIET et al.'s scheme,it is more efficient.

Qi Tao,Xiaohui Cui,Adnan Iftekhar

DOI: https://doi.org/10.1016/j.ins.2023.119839

IF: 8.1

2023-11-08

Information Sciences

Abstract:Social co-governance is an effective way to solve public safety incidents such as COVID-19 incident. But the insiders wouldn't share the firsthand information for fear of cyber-violence. Though most of researches paid attention to the data access control and security, less attention focused on the identity privacy. So, in this work, it constructed a lightweight decentralized attribute-based signature scheme with unconditional full anonymity (LDABS-UFA) scheme to protect user's identity privacy security. It confuses the user's private key with fuzzy factors, and prevents user's privacy in the signature from being disclosed. It outsources some complex computing to cloud servers to reduce the user device performance overhead. The security analysis result shows that the scheme is UFA security, unforgeability and non-collusion. Besides, a social co-governance system based on lightweight blackbox-based traceable decentralized attribute-based signature (LWBT-DABS) scheme is proposed. By generating fingerprints for the data owner in the signature, regulators can monitor the entire system and prevent malicious user from spreading rumors. And it constructs an accountability mechanism to prevent the abuse of supervisory power. The performance analysis shows that the data signature of our scheme size is constant, and the scheme is feasibility and practicability.

computer science, information systems

Qiuyun Lyu,Hao Li,Zhining Deng,Jingyu Wang,Yizhi Ren,Ning Zheng,Junliang Liu,Huaping Liu,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1109/tcc.2022.3216580

IF: 5.697

2022-01-01

IEEE Transactions on Cloud Computing

Abstract:Regulating illegal activities in cyberspace to balance user privacy and cyberspace governance has been a non-trivial challenge when designing anonymous authentication solutions. For example, while several existing anonymous authentication protocols support accountability, they either risk leaking users’ private keys or incur significant overhead for accountability in each ongoing authentication, including in cloud service-based authentication schemes. Seeking to address these limitations, this article proposes an auditable anonymous user authentication (A2UA) protocol based on blockchain for cloud services. The A2UA protocol mainly employs bilinear pairing, partial authentication factors, dynamic credits and fake-public keys (FPKs) to achieve anonymous mutual authentication between users and cloud service providers, and applies ring signature and blockchain to accomplish two-level accountability while maintaining user privacy. Our analysis results show that the A2UA protocol outperforms several other existing schemes in terms of security, computation and communication costs as well as security and privacy features. Additionally, it has good feasibility in terms of the Ethereum Gas cost as demonstrated in our evaluation.

computer science, information systems, theory & methods

Yanwei Gong,Xiaolin Chang,Jelena Mišić,Vojislav B. Mišić

2024-07-20

Abstract:Driverless vehicle as a taxi is gaining more attention due to its potential to enhance urban transportation efficiency. However, both unforeseen incidents led by unsupervised physical users' driverless taxi (DT) rides and personalized needs of users when riding in a DT necessitate the authentication of user identity and attributes. Moreover, safeguarding user identity privacy and quickly tracing malicious users if necessary to enhance the adoption of DTs remains a challenge. This paper proposes a novel Attribute-based Anonymity Enhanced (A2E) authentication scheme for users to access DT service. From the security aspect, A2E has attribute verifiability, which is achieved by designing a user attribute credential based on redactable signature. Meanwhile, this attribute credential also satisfies unlinkability and unforgeability. In addition, A2E has enhanced anonymity, which is achieved by designing a decentralized credential issuance mechanism utilizing ring signature and secret sharing, safeguarding user attributes from association with anonymous identities. Moreover, this mechanism provides traceability and non-frameability to users. From the performance aspect, A2E causes low overhead when tracing malicious users and updating credentials. Besides, both scalability and lightweight are satisfied, which contributes to A2E's practicability. We conduct security analysis and performance evaluation to the security and performance capabilities of A2E.

Cryptography and Security

Jinhua Ma,Shengmin Xu,Jianting Ning,Xinyi Huang,Robert H. Deng

DOI: https://doi.org/10.1109/tsc.2023.3324736

IF: 11.019

2023-01-01

IEEE Transactions on Services Computing

Abstract:Bilateral access control model, emerging as a novel paradigm in access control, has garnered extensive deployment within the domain of fog computing. This model offers on-demand data services, enabling the efficient identification of sensitive data without resorting to resource-intensive decryption procedures. Nonetheless, prevailing solutions exhibit impracticalities. Specifically, they fall short in supporting adaptive security, while presuming unwavering trustworthiness of the central authority. In this paper, we introduce a pioneering fine-grained and adaptively secure bilateral access control system through enhancements to the matchmaking attribute-based encryption (MABE) framework. We give a formalized definition of MABE, incorporating desirable security features such as blindness and unlinkability, aimed at capturing potential misconduct by the central authority. We propose a generic construction of MABE, drawing upon attribute-based encryption (ABE) and anonymous credential schemes (ACS), with provable security via formal security reduction in the adaptive model. We present an efficient instantiation of the MABE framework by introducing a practical ACS solution, wherein a cryptographic accumulator is employed to enhance performance. Experimental simulations substantiate that our solution not only has superior functionalities but also demonstrates performance on par with state-of-the-art solutions.

Mochan Fan,Zhipeng Zhang,Zonghang Li,Gang Sun,Hongfang Yu,Mohsen Guizani

DOI: https://doi.org/10.1109/tvt.2023.3265366

IF: 6.8

2023-01-01

IEEE Transactions on Vehicular Technology

Abstract:Federated learning (FL) is a promising technology for achieving privacy-preserving edge intelligence and has attracted extensive attention from industry and academia. However, in the FL training process, the server directly aggregates local models from mobile devices, which poses serious privacy and security threats. The identity authentication mechanism can provide FL with local model integrity and source authentication. However, the existing schemes are centralized, and most of them are computationally expensive, resulting in limited performance. To address these issues, this paper proposes a decentralized and lightweight anonymous FL identity authentication scheme, namely DAFL. In our scheme, we first design a decentralized and simplified storage FL authentication framework by combining the directed acyclic graph (DAG) blockchain and accumulator. Then, we propose a lightweight digital signature algorithm that supports batch verification for authentication. Finally, nodes interact through pseudonyms to achieve anonymous communication, and the trusted authority (TA) can track and recover the real identities of nodes when malicious behavior occurs. We theoretically prove the security of the proposed DAFL. The extensive experiments demonstrate that DAFL achieves lower authentication overhead and better convergence performance compared to existing authentication schemes and vanilla FL systems.

telecommunications,engineering, electrical & electronic,transportation science & technology

Yukun Niu,Lingbo Wei,Chi Zhang,Jianqing Liu,Yuguang Fang

DOI: https://doi.org/10.1109/TVT.2022.3218528

IF: 6.8

2023-01-01

IEEE Transactions on Vehicular Technology

Abstract:Anonymous yet accountable authentication can protect users' privacy and security and prevent users from misbehaving when they access public Wi-Fi hotspots. However, most existing privacy-enhanced authentication schemes either do not meet the accountability requirements in public Wi-Fi hotspot access or they are inherently dependent on trusted third parties, and therefore are undeployable in practical settings. In this paper, we design and implement an access authentication scheme to simultaneously and efficiently provide anonymity and accountability without relying on any trusted third party by utilizing a permissionless blockchain (e.g., Bitcoin or Ethereum) and Intel SGX. Inspired by the recent progress on Bitcoin techniques such as Colored Coins, we utilize the unmodified Bitcoin blockchain as the powerful platform to manage access credentials without introducing any trusted third party. We leverage SGX-based mixer to allow users to anonymously exchange their access credentials and design the verification path of access credentials to support blacklisting misbehaving access credentials without compromising users' anonymity. By integrating with the anti-double-spending property of the Bitcoin blockchain, our scheme can simultaneously provide users' accountability and anonymity without involving any trusted third party. Finally, we demonstrate that our proposed scheme is compatible with the current Bitcoin system or other permissionless blockchains, and is highly effective and practical for public Wi-Fi hotspot access control systems.

Zhaofeng Ma,Xibin Zhao,Guo Zhi,Gu Ming,Jiaguang Sun

DOI: https://doi.org/10.1007/11577188_58

2005-01-01

Abstract:A new anonymous secure communication protocol with conditional traceability is proposed to provide personal anonymity and privacy protection, in which a secure mapping function is introduced to provide anonymity and personal information protection, when necessary, only authority principal part can act as arbitrator for communication validation. The proposed protocol has 3 advantages: 1) mutual communication; 2) anonymity of communication. 3) conditional traceability.

Can Cui,Fengyin Li,Tao Li,Jiguo Yu,Rui Ge,Hui Liu

DOI: https://doi.org/10.1080/17517575.2019.1599447

2019-04-03

Enterprise Information Systems

Abstract:Privacy leakage is becoming more and more serious in enterprise information management. To solve the poor security problems, by introducing short signatures into enterprise information managements, this paper proposes a novel direct anonymous attestation scheme. The novel scheme is based on a novel short signature scheme, which is applied into the member joining and signature phases. It simplifies the signing and verification process of member certificates and reduces its computing costs. Under the security hypothesis of Decision Diffie–Hellman and q-Strong Diffie-Hellman difficult problems, the novel attestation scheme meets the provable security of the trusted platform module specifications.

computer science, information systems

Yiteng Feng,Yi Mu,Guomin Yang,Joseph K. Liu

DOI: https://doi.org/10.1007/978-3-319-19962-7_22

2015-01-01

Abstract:With a cloud storage, users can store their data files on a remote cloud server with a high quality on-demand cloud service and are able to share their data with other users. Since cloud servers are not usually regarded as fully trusted and the cloud data can be shared amongst users, the integrity checking of the remote files has become an important issue. A number of remote data integrity checking protocols have been proposed in the literature to allow public auditing of cloud data by a third party auditor (TPA). However, user privacy is not taken into account in most of the existing protocols. We believe that preserving the anonymity (i.e., identity privacy) of the data owner is also very importa nt in many applications. In this paper, we propose a new remote integrity checking scheme which allows the cloud server to protect the identity information of the data owner against the TPA. We also define a formal security model to capture the requirement of user anonymity, and prove the anonymity as well as the soundness of the proposed scheme.

Li Fengyin,Liu Zhongxing,Wang Yilei,Wu Nan,National Supercomputer Center in Jinan,Gao Chongzhi,Zhou Huiyu

DOI: https://doi.org/10.1007/s12652-020-02604-9

IF: 3.662

2020-01-01

Journal of Ambient Intelligence and Humanized Computing

Abstract:In the big data background, data privacy becomes more and more important when data leakage and other security events occur more frequently. As one of the key means of privacy protection, anonymous communication attracts large attention. Aiming at the problems such as low efficiency of message forwarding, high communication delay and abusing of anonymity, this paper presents an identity-based traceable anonymous communication model by adding a preprocessing phase, modifying the ciphertext structure and increasing the controllability of anonymity. Firstly, a new identity-based signature algorithm is proposed, and its security is proved via existential unforgeability against chosen-message attacks (EU-CMA). The signature algorithm is further applied to the anonymous communication model to implement the controllability of revocable anonymity. Secondly, by adding a preprocessing Setup phase, the operations of identifications distribution and user authentication are launched before the anonymous communication phase starts, and this practice significantly improves the efficiency of the anonymous communication model. Finally, by adding the hash value of the message and the user identification as the message authentication code, we design a new ciphertext structure, which can efficiently guarantee the integrity of the ciphertext. Performance analysis and simulation results show that the proposed anonymous communication model has high message forwarding efficiency and better security and controllability of anonymity.

Yajuan Shi,Han Shen,Yuanyuan Zhang,Jianhua Chen

DOI: https://doi.org/10.14257/ijseia.2015.9.5.25

2015-01-01

International Journal of Software Engineering and Its Applications

Abstract:To keep the pace with the development of internet technology, remote user authentication techniques become more and more important to protect user's privacy. Recently, Kumari, et al., presented an improved remote user authentication scheme with key agreement based on dynamic-identity using smart card. This scheme allows legal users to change the password at his will without the need to connect the server. They claimed that their scheme could resist smart card stolen or loss attack, user impersonation and server masquerading attack, and provide user anonymity and untraceability and so on. However, our research indicates that their scheme is completely unsafe. Furthermore, the scheme can't provide the proper mutual authentication. In this manuscript, we will propose a new scheme, which can withstand those attacks mentioned above and provide the perfect user anonymity and forward secrecy. Security analysis makes it clear that the improved scheme apparently is more secure and practical.