Man Ho Au,Willy Susilo,Yi Mu

DOI: https://doi.org/10.1007/11832072_8

2006-01-01

Abstract:Abstractk-times anonymous authentication (k-TAA) schemes allow members of a group to be authenticated anonymously by application providers for a bounded number of times. Dynamic k-TAA allows application providers to independently grant or revoke users from their own access group so as to provide better control over their clients. In terms of time and space complexity, existing dynamic k-TAA schemes are of complexities O(k), where k is the allowed number of authentication. In this paper, we construct a dynamic k-TAA scheme with space and time complexities of O(log(k)). We also outline how to construct dynamic k-TAA scheme with a constant proving effort. Public key size of this variant, however, is O(k).We then construct an ordinary k-TAA scheme from the dynamic scheme. We also describe a trade-off between efficiency and setup freeness of AP, in which AP does not need to hold any secret while maintaining control over their clients.To build our system, we modify the short group signature scheme into a signature scheme and provide efficient protocols that allow one to prove in zero-knowledge the knowledge of a signature and to obtain a signature on a committed block of messages. We prove that the signature scheme is secure in the standard model under the q-SDH assumption.Finally, we show that our dynamic k-TAA scheme, constructed from bilinear pairing, is secure in the random oracle model.

Isamu Teranishi,Kazue Sako

DOI: https://doi.org/10.1007/11745853_34

2006-01-01

Abstract:A k-Times Anonymous Authentication (k-TAA) scheme allows users to be authenticated anonymously so long as the number of times that they are authenticated is within an allowable number. Some promising applications are e-voting, e-cash, e-coupons, and trial browsing of contents. However, the previous schemes are not efficient in the case where the allowable number k is large, since they require both users and verifiers to compute O(k) exponentiation in each authentication. We propose a k-TAA scheme where the numbers of exponentiations required for the entities in an authentication are independent of k. Moreover, we propose a notion of public detectability in a k-TAA scheme and present an efficient publicly verifiable k-TAA scheme, where the number of modular exponentiations required for the entities is O(log(k)).

Lan Nguyen,Rei Safavi-Naini

DOI: https://doi.org/10.1007/11496137_22

2005-01-01

Abstract:Abstractk-times anonymous authentication (k-TAA) schemes allow members of a group to be anonymously authenticated by application providers for a bounded number of times. k-TAA has application in e-voting, e-cash, electronic coupons and anonymous trial browsing of content. In this paper, we extend k-TAA model to dynamick-TAA in which application providers can independently grant or revoke users from their own groups and so have the required control on their clients. We give a formal model for dynamic k-TAA, propose a dynamic k-times anonymous authentication scheme from bilinear pairing, and prove its security. We also construct an ordinary k-TAA from the dynamic scheme and show communication efficiency of the schemes compared to the previously proposed schemes.

Lan Nguyen

DOI: https://doi.org/10.1007/11958239_6

2006-01-01

Abstract:In k-times anonymous authentication (k-TAA) schemes, members of a group can be anonymously authenticated to access applications for a bounded number of times determined by application providers. Dynamick-TAA allows application providers to independently grant or revoke group members from accessing their applications. Dynamic k-TAA can be applied in several scenarios, such as k-show anonymous credentials, digital rights management, anonymous trial of Internet services, e-voting, e-coupons etc. This paper proposes the first provably secure dynamic k-TAA scheme, where authentication costs do not depend on k. This efficiency is achieved by using a technique called “efficient provable e-tag”, which could be applicable to other e-tag systems.

Kazue Sako,Jun Furukawa,Isamu Teranishi

DOI: https://doi.org/10.1587/TRANSFUN.E92.A.147

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences

Abstract:We propose an authentication scheme in which users can be authenticated anonymously so long as times that they are authenticated is within an allowable number. The proposed scheme has two features that allow 1) no one, not even an authority, identify users who have been authenticated within the allowable number, and that allow 2) anyone to trace, without help from the authority, dishonest users who have been authenticated beyond the allowable number by using the records of these authentications. Although identity escrow/group signature schemes allow users to be anonymously authenticated, the authorities in these schemes have the unnecessary ability to trace any user. Moreover, since it is only the authority who is able to trace users, one needs to make cumbersome inquiries to the authority to see how many times a user has been authenticated. Our scheme can be applied to e-voting, e-cash, electronic coupons, and trial browsing of content. In these applications, our scheme, unlike the previous one, conceals users' participation from protocols and guarantees that they will remain anonymous to everyone.

Computer Science

Deng Yu-qiao

Abstract:In order to protect the users' privacy,based on the theory and construction of k-TAA presented by Teranisi,presented a fair k-TAA scheme used the blind signature.The scheme added trustee that could easily trace the ID of illegal users and kept the other properties remain at the same time.The appearance of trustee confirms the security of the scheme.The paper also gave all the properties' discussion at last.

Computer Science

Hu Xiong,Zhong Chen,Fagen Li

DOI: https://doi.org/10.1016/j.mcm.2011.10.001

2012-01-01

Mathematical and Computer Modelling

Abstract:Authenticated key agreement (AKA) protocols are multi-party protocols in which entities exchange public information allowing them to create a common secret key that is known only to those entities over an open network. Recently, in order to circumvent the key escrow problem inherent to ID-based cryptography and the certificate management burden in traditional public key infrastructure, the notion of certificateless public key cryptography (CL-PKC) was introduced. In this paper, we first present a security model for certificateless AKA protocols for three parties, and then propose an efficient construction based on bilinear pairings. The security of the proposed scheme can be proved to be equivalent to the computational Diffie–Hellman problem in the random oracle model.

ZHU Chang-sheng,LIU Peng-hui,WANG Qing-rong,CAO Lai-cheng

DOI: https://doi.org/10.3724/sp.j.1087.2011.01862

2011-01-01

Journal of Computer Applications

Abstract:How to keep mutual anonymity between two entities is one of the critical issues for Trusted Computation(TC).According to the characteristics of TC,an efficient password-based authenticated key exchange scheme was proposed.Adopting threshold cryptography and fuzzy ID set,the scheme achieved mutual anonymity between user and server sharing ID set.On the premise of secure hashing,the analysis and the proving procedure based on the Random Oracle Model(ROM) show this scheme is secure against dictionary attack and resource-depletion DoS(Denial-of-Service) attack under the computational Diffie-Hellman intractability assumption.This scheme effectively preserves the user's privacy and server's privacy,and compared with other schemes such as VIET et al.'s scheme,it is more efficient.

T. Yuen,M. Au,Xinyi Huang,Jianying Zhou,Joseph K. Liu,W. Susilo

DOI: https://doi.org/10.1109/TC.2014.2366741

2015-09-01

Abstract:In this paper, we propose a new notion called $k$ -times attribute-based anonymous access control , which is particularly designed for supporting cloud computing environment. In this new notion, a user can authenticate himself/herself to the cloud computing server anonymously. The server only knows the user acquires some required attributes, yet it does not know the identity of this user. In addition, we provide a $k$ -times limit for anonymous access control. That is, the server may limit a particular set of users (i.e., those users with the same set of attribute) to access the system for a maximum $k$ -times within a period or an event. Further additional access will be denied. We also prove the security of our instantiation. Our implementation result shows that our scheme is practical.

Computer Science

Zhiguang Qin,Hu Xiong,Guobin Zhu,Zhong Chen

DOI: https://doi.org/10.1016/j.ins.2013.11.015

IF: 8.1

2014-01-01

Information Sciences

Abstract:There is an increasing demand of ad hoc anonymous authentication (AHAA) to secure communications between ad hoc group members while preserving privacy for the members. The main obstacles in AHAA is that it is difficult to deploy traditional public-key infrastructure (PKI) in this scenario and the end users are usually limited in computation. This paper addresses these obstacles with a pairing-free certificateless ring signature scheme. The scheme does not require a setup procedure and each user can sign on behalf of a group generated in an ad hoc way. The signer does not need any certificate but only a legal signer can generate a valid signature to be validated. The signature verification does not leak any information about the signer's identity, even if the attacker is computationally unbound. The scheme exploits only traditional efficient modular exponentiations, without relying on time-consuming bilinear map operations. The scheme is shown to be secure in the random oracle model. Therefore, our proposal is practical for ad hoc anonymous authentication.

Fan Zhang,Philip Daian,Iddo Bentov

2018-01-01

Abstract:Conventional (M,N )-threshold signature schemes leave users with a painful choice. SettingM = N offers maximum resistance to key compromise. With this choice, though, loss of a single key renders the signing capability unavailable, creating paralysis in systems that use signatures for access control. Lower M improves availability, but at the expense of security. For example, a (3, 3)-multisignature cryptocurrency wallet experiences access-control paralysis upon loss of a single key, but a (2, 3)-multisig allows any two players to collude and steal funds from the third. In this paper, we introduce techniques that address this impasse by making general cryptographic access structures dynamic. Our schemes permit, e.g., a (3, 3)-multisig, to be downgraded to a (2, 3)multisig if a player goes missing. This downgrading is secure in the sense that it occurs only if a player is provably unavailable. Our main tool is what we call a Paralysis Proof, evidence that players, i.e., key holders, are unavailable or incapacitated. Using Paralysis Proofs, we show how to construct a Dynamic Access Structure System, which can securely and flexibly update target access structures without a trusted third party such as a system administrator. We present DASS constructions that combine a trust anchor (a trusted execution environment or smart contract) with a censorshipresistant channel in the form of a blockchain. We offer a formal framework for specifying DASS policies, and define and show how to achieve critical security and usability properties (safety, liveness, and paralysis-freeness) in a DASS. Paralysis Proofs can help address pervasive key-management challenges in many different settings. We present DASS schemes for three important example use cases: recovery of cryptocurrency funds should players become unavailable, returning funds to users when cryptocurrency custodians fail, and remediating critical smartcontract failures such as frozen funds. We report on practical implementations for Bitcoin and Ethereum.

Wenting Li,Haibo Cheng,Ping Wang,Kaitai Liang

DOI: https://doi.org/10.1109/tifs.2021.3081263

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Multi-factor authentication (MFA) has been widely used to safeguard high-value assets. Unlike single-factor authentication (e.g., password-only login), $t$ -factor authentication ( $t$ FA) requires a user always to carry and present $t$ specified factors so as to strengthen the security of login. Nevertheless, this may restrict user experience in limiting the flexibility of factor usage, e.g., the user may prefer to choose any factors at hand for login authentication. To bring back usability and flexibility without loss of security, we introduce a new notion of authentication, called $(t,n)$ threshold MFA, that allows a user to actively choose $t$ factors out of $n$ based on preference. We further define the "most-rigorous" multi-factor security model for the new notion, allowing attackers to control public channels, launch active/passive attacks, and compromise/corrupt any subset of parties as well as factors. We state that the model can capture the most practical security needs in the literature. We design a threshold MFA key exchange (T-MFAKE) protocol built on the top of a threshold oblivious pseudorandom function and an authenticated key exchange protocol. Our protocol achieves the "highest-attainable" security against all attacking attempts in the context of parties/factors being compromised/corrupted. As for efficiency, our design only requires $4+t$ exponentiations, 2 multi-exponentiations and $mathbf {2}$ communication rounds. Compared with existing $t$ FA schemes, even the degenerated $(t,t)$ version of our protocol achieves the strongest security (stronger than most schemes) and higher efficiency on computational and communication. We instantiate our design on real-world platform to highlight its practicability and efficiency.

computer science, theory & methods,engineering, electrical & electronic

Jianbin Hu,Hu Xiong,Zhi Guan,Cong Tang,Yonggang Wang,Wei Xin,Zhong Chen

DOI: https://doi.org/10.1109/ISPAW.2011.15

2011-01-01

Abstract:Key agreement protocols are multi-party protocols in which entities exchange public information allowing them to create a common secret key that is known only to those entities and which cannot be predetermined by any party. Recently, the notion of certificateless public key cryptography was introduced to mitigate the heavy certificate management burden in traditional public key infrastructure and key escrow problem in ID-based cryptosystem. In this paper, we present an efficient certificateless three-party authenticated key agreement protocol based on certificateless signature scheme. We show that the proposed protocol is secure (i.e. conforms to defined security attributes) while being efficient.

X Deng,CH Lee,H Zhu

DOI: https://doi.org/10.1049/ip-cdt:20010207

2001-01-01

IEE Proceedings - Computers and Digital Techniques

Abstract:Two deniable authentication schemes have been developed. One is based on the intractability of the factoring problem, and the other is based on the intractability of the discrete logarithm problem. The computation cost of the first scheme is about (t+2)/2s. The second scheme requires about (2t+3)/4s of a previous scheme; s is the length of a message block and t is the cost of multiplication mod N operations. It is shown that both protocols reserve all cryptographic characterisations of the previous scheme.

Xuelian Cao,Zheng Yang,Jianting Ning,Chenglu Jin,Rongxing Lu,Zhiming Liu,Jianying Zhou

DOI: https://doi.org/10.1109/tifs.2024.3386350

IF: 7.231

2024-05-10

IEEE Transactions on Information Forensics and Security

Abstract:Group time-based one-time passwords (GTOTP) is a novel lightweight cryptographic primitive for achieving anonymous client authentication, which enables the efficient generation of time-based one-time passwords on behalf of a group without revealing any information about the actual client's identity beyond their group membership. The security properties of GTOTP regarding anonymity and traceability have been formulated in a static group management setting (where all group members should be determined during the group initialization phase), yet, a formal treatment for real-world dynamic groups (i.e., group members may join and leave at any time) is still an open question. It is non-trivial to construct an efficient GTOTP scheme that can provide a lightweight password generation procedure run by group members and support dynamic group management, allowing group members to join and leave without affecting other members' states (non-disruptively). To address the above challenge, we first define the notion and the security model of dynamic group time-based one-time passwords (DGTOTP) in this work. We then present an efficient DGTOTP construction that can generically transform an asymmetric time-based one-time passwords scheme into a DGTOTP scheme utilizing a chameleon hash function family and a Merkle tree scheme. Within our construction, we particularly tailor an outsourcing solution realizing an issue-first-and-join-later (IFJL) strategy, enabling smooth joining and revocation without disrupting other group members. Moreover, our scheme minimizes symmetric cryptographic operations and maintains constant storage for group members, compared to the linear storage cost that grows rapidly with respect to the lifetime of the GTOTP instance in the previous static GTOTP scheme. Our DGTOTP scheme satisfies stronger security guarantees in a dynamic group management setting without random oracles. Our experimental results confirm the efficiency of our DGTOTP scheme.

computer science, theory & methods,engineering, electrical & electronic

Yangguang Tian,Yingjiu Li,Binanda Sengupta,Robert Huijie Deng,Albert Ching,Weiwei Liu

DOI: https://doi.org/10.1007/978-3-030-14234-6_36

2019-01-01

Abstract:Remote user authentication has found numerous real-world applications, especially in a user-server model. In this work, we introduce the notion of anonymous remote user authentication withk-times untraceability (k-RUA) for a given parameter k, where authorized users authenticate themselves to an authority (typically a server) in an anonymous and k-times untraceable manner. We define the formal security models for a generic k-RUA construction that guarantees user authenticity, anonymity and user privacy. We provide a concrete instantiation of k-RUA having the following properties: (1) a third party cannot impersonate an authorized user by producing valid transcripts for the user while conversing during a session; (2) a third party having access to the communication channel between the user and the authority cannot identify the session participants; (3) the authority can trace the real identities of dishonest users who have authenticated themselves for more than k times; (4) our k-RUA construction avoids using expensive pairing operations—which makes it efficient and suitable for devices having limited amount of computational resources.

Hu Xiong,Qianhong Wu,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-24861-0_6

2011-01-01

Abstract:Certificateless authenticated key exchange (CL-AKE) protocols do not suffer from intricate certificate management or heavy trust reliance on a third party. Unfortunately, these advantages are partially counteracted in most CL-AKE protocols which require expensive pairing operations. This paper proposes a new CL-AKE protocol without requiring any pairing operation during the protocol execution, although a pairing map may be required to realize a Decisional Diffie-Hellman (DDH) oracle in the security proof. With implicit authentication, we illustrate modular proofs in a security model incorporating standard definitions of AKE protocols and certificateless cryptography. Analysis shows that our protocol is also efficient.

Ding Wang,Debiao He,Ping Wang,Chao-Hsien Chu

DOI: https://doi.org/10.1109/tdsc.2014.2355850

2015-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Despite two decades of intensive research, it remains a challenge to design a practical anonymous two-factor authentication scheme, for the designers are confronted with an impressive list of security requirements (e.g., resistance to smart card loss attack) and desirable attributes (e.g., local password update). Numerous solutions have been proposed, yet most of them are shortly found either unable to satisfy some critical security requirements or short of a few important features. To overcome this unsatisfactory situation, researchers often work around it in hopes of a new proposal (but no one has succeeded so far), while paying little attention to the fundamental question: whether or not there are inherent limitations that prevent us from designing an “ideal” scheme that satisfies all the desirable goals? In this work, we aim to provide a definite answer to this question. We first revisit two foremost proposals, i.e. Tsai et al.'s scheme and Li's scheme, revealing some subtleties and challenges in designing such schemes. Then, we systematically explore the inherent conflicts and unavoidable trade-offs among the design criteria. Our results indicate that, under the current widely accepted adversarial model, certain goals are beyond attainment. This also suggests a negative answer to the open problem left by Huang et al. in 2014. To the best of knowledge, the present study makes the first step towards understanding the underlying evaluation metric for anonymous two-factor authentication, which we believe will facilitate better design of anonymous two-factor protocols that offer acceptable trade-offs among usability, security and privacy.

Haochen M. Kotoi-Xie,Takumi Moriyama

2024-04-16

Abstract:In this writing, we introduce a novel biometric-authenticated key exchange protocol that allows secure and privacy-preserving key establishment between a stateless biometric sensing system and a "smart" user token that possesses biometric templates of the user. The protocol yields a shared secret incorporating random nonce from both parties when they positively authenticate each other. Mutual positive authentication here is defined as when the feature vector calculated from the sensor data captured by the biometric sensing system only differs from the feature vector stored as the biometric template within the user token by less than a predefined threshold. The parties exchange only randomized data and cryptographically derived verifiers; no significant information regarding the vectors is ever exchanged. The protocol essentially utilizes the BBKDF scheme for feature vector matching, and as a result, the threshold is compared per component of the two vectors to be matched. This fact makes it straightforward to employ multiple biometric modalities. The protocol also allows online authentication where the biometric sensing system can potentially send multiple queries derived from different sensor data samples, in one or more rounds. The protocol is designed in such a way that the user token can very efficiently answer a multitude of such queries. This makes the protocol especially suitable for interactive systems while posing a minimal computational burden on the user token. The biometric sensing system can be made stateless, i.e. user registration in advance is not required. Furthermore, the protocol is bidirectionally privacy-preserving in the sense that unless mutual authentication is achieved first, neither the biometric sensing system, nor the user token can gain useful information, respectively regarding the biometric template, or sensor-data-derived feature vectors.

Cryptography and Security

Yunlei Zhao

DOI: https://doi.org/10.1016/j.ipl.2006.04.017

IF: 0.851

2006-01-01

Information Processing Letters

Abstract:In this paper, we present an improved Dwork-Naor 2-round timed deniable authentication scheme with reduced computational and communication complexity. The improved protocol is convenient for authenticating arbitrarily large files (e.g., the contents of a large data-base or a large software), and its first message (from the verifier to the authenticator) is independent on the message to be authenticated by the authenticator.