A novel certificateless deniable authentication protocol

Deniable authenticated protocol is a new and attractive protocol compared to the traditional authentication protocol. It allows the appointed receiver to identify the source of a given message, but not to prove the identity of the sender to a third party even if the appointed receiver is willing to reveal its private key. In this paper, we first define a security model for certificateless deniable authentication protocols. Then we propose a non-interactive certificateless deniable authentication protocol, by combining deniable authentication protocol with certificateless cryptography. In addition, we prove its security in the random oracle model

Cryptanalysis on Improved Chou et al.\u27s ID-Based Deniable Authentication Protocol

A deniable authentication protocol enables the protocol participants to authenticate their respective peers, while able to deny their participation after the protocol execution. This protocol can be extremely useful in some practical applications such as online negotiation, online shopping and electronic voting. Recently, we have improved a deniable authentication scheme proposed by Chou et al. due to its vulnerability to the key compromise impersonation attack in our previous report. However, we have later discovered that our previous enhanced protocol is vulnerable to the insider key compromise impersonation attack and key replicating attack. In this paper, we will again secure this protocol against these attacks and demonstrate its heuristic security analysis

Secure Deniable Authenticated Key Establishment for Internet Protocols

In 2003, Boyd et al. have proposed two deniable authenticated key establishment protocols for Internet Key Exchange (IKE). However, both schemes have been broken by Chou et al. in 2005 due to their susceptibility to key-compromise impersonation (KCI) attack. In this paper, we put forward the improved variants of both Boyd et al.\u27s schemes in order to defeat the KCI attack. On top of justifying our improvements, we further present a detailed security analysis to ensure that the desired security attributes: deniability and authenticity remain preserved

An Enhanced One-round Pairing-based Tripartite Authenticated Key Agreement Protocol

A tripartite authenticated key agreement protocol is generally designed to accommodate the need of three specific entities in communicating over an open network with a shared secret key, which is used to preserve data confidentiality and integrity. Since Joux proposed the first pairing-based one-round tripartite key agreement protocol in 2000, numerous authenticated protocols have been proposed after then. However, most of them have turned out to be flawed due to their inability in achieving some desirable security attributes. In 2005, Lin-Li had identified the weaknesses of Shim\u27s protocol and subsequently proposed their improved scheme by introducing an extra verification process. In this paper, we prove that Lin-Li\u27s improved scheme remains insecure due to its susceptibility to the insider impersonation attack. Based on this, we propose an enhanced scheme which will not only conquer their defects, but also preserves the desired security attributes of a key agreement protocol

A non-interactive deniable authentication scheme in the standard model

Deniable authentication protocols enable a sender to authenticate a message to a receiver such that the receiver is unable to prove the identity of the sender to a third party. In contrast to interactive schemes, non-interactive deniable authentication schemes improve communication efficiency. Currently, several non-interactive deniable authentication schemes have been proposed with provable security in the random oracle model. In this paper, we study the problem of constructing non-interactive deniable authentication scheme secure in the standard model without bilinear groups. An efficient non-interactive deniable authentication scheme is presented by combining the Diffie-Hellman key exchange protocol with authenticated encryption schemes. We prove the security of our scheme by sequences of games and show that the computational cost of our construction can be dramatically reduced by applying pre-computation technique

Anonymous attestation with user-controlled linkability

This paper is motivated by the observation that existing security models for direct anonymous attestation (DAA) have problems to the extent that insecure protocols may be deemed secure when analysed under these models. This is particularly disturbing as DAA is one of the few complex cryptographic protocols resulting from recent theoretical advances actually deployed in real life. Moreover, standardization bodies are currently looking into designing the next generation of such protocols. Our first contribution is to identify issues in existing models for DAA and explain how these errors allow for proving security of insecure protocols. These issues are exhibited in all deployed and proposed DAA protocols (although they can often be easily fixed). Our second contribution is a new security model for a class of "pre-DAA scheme", that is, DAA schemes where the computation on the user side takes place entirely on the trusted platform. Our model captures more accurately than any previous model the security properties demanded from DAA by the trusted computing group (TCG), the group that maintains the DAA standard. Extending the model from pre-DAA to full DAA is only a matter of refining the trust models on the parties involved. Finally, we present a generic construction of a DAA protocol from new building blocks tailored for anonymous attestation. Some of them are new variations on established ideas and may be of independent interest. We give instantiations for these building blocks that yield a DAA scheme more efficient than the one currently deployed, and as efficient as the one about to be standardized by the TCG which has no valid security proof. © 2013 Springer-Verlag Berlin Heidelberg

Authentication schemes for Smart Mobile Devices: Threat Models, Countermeasures, and Open Research Issues

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.This paper presents a comprehensive investigation of authentication schemes for smart mobile devices. We start by providing an overview of existing survey articles published in the recent years that deal with security for mobile devices. Then, we give a classification of threat models in smart mobile devices in five categories, including, identity-based attacks, eavesdropping-based attacks, combined eavesdropping and identity-based attacks, manipulation-based attacks, and service-based attacks. This is followed by a description of multiple existing threat models. We also provide a classification of countermeasures into four types of categories, including, cryptographic functions, personal identification, classification algorithms, and channel characteristics. According to the characteristics of the countermeasure along with the authentication model iteself, we categorize the authentication schemes for smart mobile devices in four categories, namely, 1) biometric-based authentication schemes, 2) channel-based authentication schemes, 3) factors-based authentication schemes, and 4) ID-based authentication schemes. In addition, we provide a taxonomy and comparison of authentication schemes for smart mobile devices in form of tables. Finally, we identify open challenges and future research directions