A Certificateless One-Way Group Key Agreement Protocol for End-to-End Email Encryption

Over the years, email has evolved into one of the most widely used communication channels for both individuals and organizations. However, despite near ubiquitous use in much of the world, current information technology standards do not place emphasis on email security. Not until recently, webmail services such as Yahoo\u27s mail and Google\u27s gmail started to encrypt emails for privacy protection. However, the encrypted emails will be decrypted and stored in the service provider\u27s servers. If the servers are malicious or compromised, all the stored emails can be read, copied and altered. Thus, there is a strong need for end-to-end (E2E) email encryption to protect email user\u27s privacy. In this paper, we present a certificateless one-way group key agreement protocol with the following features, which are suitable to implement E2E email encryption: (1) certificateless and thus there is no key escrow problem and no public key certificate infrastructure is required; (2) one-way group key agreement and thus no back-and-forth message exchange is required; and (3) n-party group key agreement (not just 2- or 3-party). This paper also provides a security proof for the proposed protocol using proof by simulation . Finally, efficiency analysis of the protocol is presented at the end of the paper

A Study on the Secure Online Examination System

13301甲第4475号博士（工学）金沢大学博士論文本文Full 以下に掲載：IJCANDI (International Journal of Computing and Informatics) 1(3) pp.90-100 2016. Universitas Mulawarman & Universiti Malaysia Sabah. 共著者：Abdul Wahid, Masahiro Mamb

An efficient certificateless authenticated key agreement protocol without bilinear pairings

Certificateless public key cryptography simplifies the complex certificate management in the traditional public key cryptography and resolves the key escrow problem in identity-based cryptography. Many certificateless authenticated key agreement protocols using bilinear pairings have been proposed. But the relative computation cost of the pairing is approximately twenty times higher than that of the scalar multiplication over elliptic curve group. Recently, several certificateless authenticated key agreement protocols without pairings were proposed to improve the performance. In this paper, we propose a new certificateless authenticated key agreement protocol without pairing. The user in our just needs to compute five scale multiplication to finish the key agreement. We also show the proposed protocol is secure in the random oracle model

Certificateless Algorithm for Body Sensor Network and Remote Medical Server Units Authentication over Public Wireless Channels

Wireless sensor networks process and exchange mission-critical data relating to patients’ health status. Obviously, any leakages of the sensed data can have serious consequences which can endanger the lives of patients. As such, there is need for strong security and privacy protection of the data in storage as well as the data in transit. Over the recent past, researchers have developed numerous security protocols based on digital signatures, advanced encryption standard, digital certificates and elliptic curve cryptography among other approaches. However, previous studies have shown the existence of many security and privacy gaps that can be exploited by attackers to cause some harm in these networks. In addition, some techniques such as digital certificates have high storage and computation complexities occasioned by certificate and public key management issues. In this paper, a certificateless algorithm is developed for authenticating the body sensors and remote medical server units. Security analysis has shown that it offers data privacy, secure session key agreement, untraceability and anonymity. It can also withstand typical wireless sensor networks attacks such as impersonation, packet replay and man-in-the-middle. On the other hand, it is demonstrated to have the least execution time and bandwidth requirements

Prospectiva de seguridad de las redes de sensores inalámbricos

En las Redes de Sensores Inalámbricos (WSN), los nodos son vulnerables a los ataques de seguridad porque están instalados en un entorno difícil, con energía y memoria limitadas, baja capacidad de procesamiento y transmisión de difusión media; por lo tanto, identificar las amenazas, los retos y las soluciones de seguridad y privacidad es un tema candente hoy en día. En este artículo se analizan los trabajos de investigación que se han realizado sobre los mecanismos de seguridad para la protección de las WSN frente a amenazas y ataques, así como las tendencias que surgen en otros países junto con futuras líneas de investigación. Desde el punto de vista metodológico, este análisis se muestra a través de la visualización y estudio de trabajos indexados en bases de datos como IEEE, ACM, Scopus y Springer, con un rango de 7 años como ventana de observación, desde 2013 hasta 2019. Se obtuvieron un total de 4.728 publicaciones, con un alto índice de colaboración entre China e India. La investigación planteó desarrollos, como avances en los principios de seguridad y mecanismos de defensa, que han llevado al diseño de contramedidas en la detección de intrusiones. Por último, los resultados muestran el interés de la comunidad científica y empresarial por el uso de la inteligencia artificial y el aprendizaje automático (ML) para optimizar las medidas de rendimiento.In Wireless Sensor Networks (WSN), nodes are vulnerable to security attacks because they are installed in a harsh environment with limited power and memory, low processing power, and medium broadcast transmission. Therefore, identifying threats, challenges, and solutions of security and privacy is a talking topic today. This article analyzes the research work that has been carried out on the security mechanisms for the protection of WSN against threats and attacks, as well as the trends that emerge in other countries combined with future research lines. From the methodological point of view, this analysis is shown through the visualization and study of works indexed in databases such as IEEE, ACM, Scopus, and Springer, with a range of 7 years as an observation window, from 2013 to 2019. A total of 4,728 publications were obtained, with a high rate of collaboration between China and India. The research raised developments, such as advances in security principles and defense mechanisms, which have led to the design of countermeasures in intrusion detection. Finally, the results show the interest of the scientific and business community in the use of artificial intelligence and machine learning (ML) to optimize performance measurements

Security for the signaling plane of the SIP protocol

VOIP protocols are gaining greater acceptance amongst both users and service providers. This thesis will aim to examine aspects related to the security of signaling plane of the SIP protocol, one of the most widely used VOIP protocols. Firstly, I will analyze the critical issues related to SIP, then move on to discuss both current and possible future solutions, and finally an assessment of the impact on the performance of HTTP digest authentication, IPsec and TLS, the three main methods use

Options for Securing RTP Sessions

The Real-time Transport Protocol (RTP) is used in a large number of different application domains and environments. This heterogeneity implies that different security mechanisms are needed to provide services such as confidentiality, integrity, and source authentication of RTP and RTP Control Protocol (RTCP) packets suitable for the various environments. The range of solutions makes it difficult for RTP-based application developers to pick the most suitable mechanism. This document provides an overview of a number of security solutions for RTP and gives guidance for developers on how to choose the appropriate security mechanism

Security in Key Agreement: Two-Party Certificateless Schemes

The main goal of cryptography is to enable secure communication over a public channel; often a secret shared among the communicating parties is used to achieve this. The process by which these parties agree on such a shared secret is called key agreement. In this thesis, we focus on two-party key agreement protocols in the public-key setting and study the various methods used to establish and validate public keys. We pay particular attention to certificateless key agreement schemes and attempt to formalize a relevant notion of security. To that end, we give a possible extension of the existing extended Canetti-Krawzcyk security model applicable to the certificateless setting. We observe that none of the certificateless protocols we have seen in the literature are secure in this model; it is an open question whether such schemes exist. We analyze several published certificateless key agreement protocols, demonstrating the existence of key compromise impersonation attacks and even a man-in-the-middle attack in one case, contrary to the claims of the authors. We also briefly describe weaknesses exhibited by these protocols in the context of our suggested security model

Towards an auditable cryptographic access control to high-value sensitive data

We discuss the challenge of achieving an auditable key management for cryptographic access control to high-value sensitive data. In such settings it is important to be able to audit the key management process - and in particular to be able to provide verifiable proofs of key generation. The auditable key management has several possible use cases in both civilian and military world. In particular, the new regulations for protection of sensitive personal data, such as GDPR, introduce strict requirements for handling of personal data and apply a very restrictive definition of what can be considered a personal data. Cryptographic access control for personal data has a potential to become extremely important for preserving industrial ability to innovate, while protecting subject's privacy, especially in the context of widely deployed modern monitoring, tracking and profiling capabilities, that are used by both governmental institutions and high-tech companies. However, in general, an encrypted data is still considered as personal under GDPR and therefore cannot be, e.g., stored or processed in a public cloud or distributed ledger. In our work we propose an identity-based cryptographic framework that ensures confidentiality, availability, integrity of data while potentially remaining compliant with the GDPR framework