A new digital signature scheme with message recovery using hybrid problems

We present a new digital signature scheme with message recovery and its authenticated encryption based on elliptic curve discrete logarithm and quadratic residue. The main idea is to provide a higher level of security than all other techniques that use signatures with single hard problem including factoring, discrete logarithm, residuosity, or elliptic curves. The proposed digital signature schemes do not involve any modular exponentiation operations that leave no gap for attackers. The security analysis demonstrates the improved performance of the proposed schemes in comparison with existing techniques in terms of the ability to resist the most common attack

Cryptanalysis and Modification of an Improved Self-Certified Digital Signature Scheme with Message Recovery

Digital signature plays a key role in bringing authenticity to cryptographic communications. A signature scheme with message recovery has two characteristics. The public key of the signer can be authenticated while verifying the signature, and the receiver is able to obtain the message. In 2013, Wu and Xu presented a self-certified digital signature scheme with message recovery by combining the two concepts of digital signature with message recovery and self-certified public key. They also claimed that their scheme provides provable security against man-in-the-middle attack, forgery attack, and message leakage. This paper first reviews the scheme of Wu and Xu, and then presents an insider forgery attack to this scheme. It will be shown that this scheme is not secure against insider forgery attack. A modification is proposed in order to overcome this weakness

A Decentralised Digital Identity Architecture

Current architectures to validate, certify, and manage identity are based on centralised, top-down approaches that rely on trusted authorities and third-party operators. We approach the problem of digital identity starting from a human rights perspective, with a primary focus on identity systems in the developed world. We assert that individual persons must be allowed to manage their personal information in a multitude of different ways in different contexts and that to do so, each individual must be able to create multiple unrelated identities. Therefore, we first define a set of fundamental constraints that digital identity systems must satisfy to preserve and promote privacy as required for individual autonomy. With these constraints in mind, we then propose a decentralised, standards-based approach, using a combination of distributed ledger technology and thoughtful regulation, to facilitate many-to-many relationships among providers of key services. Our proposal for digital identity differs from others in its approach to trust in that we do not seek to bind credentials to each other or to a mutually trusted authority to achieve strong non-transferability. Because the system does not implicitly encourage its users to maintain a single aggregated identity that can potentially be constrained or reconstructed against their interests, individuals and organisations are free to embrace the system and share in its benefits.Comment: 30 pages, 10 figures, 3 table

Society-oriented cryptographic techniques for information protection

Groups play an important role in our modern world. They are more reliable and more trustworthy than individuals. This is the reason why, in an organisation, crucial decisions are left to a group of people rather than to an individual. Cryptography supports group activity by offering a wide range of cryptographic operations which can only be successfully executed if a well-defined group of people agrees to co-operate. This thesis looks at two fundamental cryptographic tools that are useful for the management of secret information. The first part looks in detail at secret sharing schemes. The second part focuses on society-oriented cryptographic systems, which are the application of secret sharing schemes in cryptography. The outline of thesis is as follows

The development and use of the Secure Electronic Transaction (SET) protocol on the internet

While still in its infancy, Electronic Commerce is growing at an exponential rate each year (Walson, 1997. p.53). Although few doubt that such growth will only continue in years to come, many people still have serious reservations about the levels of security offered by currently available applications for conducting such trade. This thesis identifies some of the key areas of concern regarding Electronic Commerce on the lnternet, and looks at the ways in which the Secure Electronic Transaction (SET) model, proposed by Mastercard and Visa, succeeds or fails in addressing these concerns. It identifies and describes the key dements and primary functions of the SET protocols in a manner that will enable students and other interested parties to understand these protocols quickly and easily

Key management for beyond 5G mobile small cells: a survey

The highly anticipated 5G network is projected to be introduced in 2020. 5G stakeholders are unanimous that densification of mobile networks is the way forward. The densification will be realized by means of small cell technology, and it is capable of providing coverage with a high data capacity. The EU-funded H2020-MSCA project “SECRET” introduced covering the urban landscape with mobile small cells, since these take advantages of the dynamic network topology and optimizes network services in a cost-effective fashion. By taking advantage of the device-to-device communications technology, large amounts of data can be transmitted over multiple hops and, therefore, offload the general network. However, this introduction of mobile small cells presents various security and privacy challenges. Cryptographic security solutions are capable of solving these as long as they are supported by a key management scheme. It is assumed that the network infrastructure and mobile devices from network users are unable to act as a centralized trust anchor since these are vulnerable targets to malicious attacks. Security must, therefore, be guaranteed by means of a key management scheme that decentralizes trust. Therefore, this paper surveys the state-of-the-art key management schemes proposed for similar network architectures (e.g., mobile ad hoc networks and ad hoc device-to-device networks) that decentralize trust. Furthermore, these key management schemes are evaluated for adaptability in a network of mobile small cells

Invoice factoring through blockchain technology

(English) Invoice factoring has been a popular way to provide cash flow for businesses. The primary function of a factoring system is to prevent an invoice from being factored twice. In order to prevent double factoring, many factoring ecosystems use one or several centralized entities to register factoring agreements. However, this puts a lot of power in the hands of these centralized entities and makes it difficult for users to dispute situations in which factoring data is unavailable, wrongly recorded or manipulated by negligence or on purpose. This thesis presents our research around the current problems of invoice factoring and our new solutions to solve this process using the blockchain technology. A public blockchain can keep a permanent, secure, ordered and transparent record of transactions which are then available for everyone at any time to view and verify. In this thesis, we start proposing a base solution, and we gradually enhance it. In the base protocol, we propose an architecture for invoicing registration based on a general blockchain. The blockchain platform builds trust between the parties by executing transactions correctly. We employed a smart contract to complete the registration process, and prevent double factoring. The smart contract provides for auditing and dispute resolution in such a way that privacy is protected and relevant information is always available. In the second protocol, we add a relayer to our architecture for easier on-boarding. Only the relayer is required to submit blockchain transactions, and pay the corresponding fees. Other participants can proxy their transactions through the relayer, and pay the relayer in fiat money. We also enhance our identity management and authentication using the concept of verifiable credentials (VC) in order to better comply with the Know-Your-Customer (KYC) regulation. In fact, in this architecture, participants use their decentralized identifiers (DIDs) and the DIDComm protocol for asynchronous and secure off-chain interactions. In the final protocol, we greatly enhance our smart contract with respect to the conditions it checks before registering an invoice factoring. We integrate non-interactive zero-knowledge proofs and cryptographic commitments into our solution. With these cryptographic tools in place, we can prevent a special type of denial of service (DoS) attack and better verify invoice details without compromising privacy. Our protocols are very efficient in terms of blockchain costs. In particular, we only need one transaction to register an invoice factoring, and most of the details are recorded in low-cost blockchain storage. Our evaluations and comparison with the literature reveals that our protocols are superior to the related works with respect to efficiency, security, privacy, and ease of use.(Català) La venda de factures o "invoice factoring" ha estat una forma popular de proporcionar flux de caixa a les empreses. La funció principal d'un sistema de venda de factures és evitar que una factura sigui venuda dues vegades. Per evitar la doble venda, molts ecosistemes de factoring utilitzen entitats centralitzades per registrar els acords de venda de factures. Això, però, posa molt poder en mans d'aquestes entitats centralitzades i dificulta que els usuaris puguin impugnar o rebatre situacions en què les dades de venda no estan disponibles, es registren erròniament o es manipulen ja sigui per negligència o a propòsit. Aquesta tesi presenta la nostra recerca al voltant dels problemes actuals dels sistemes de registre de venda de factures i les nostres novedosses solucions per resoldre aquest procés utilitzant la tecnologia "blockchain" (cadena de blocs). Mitjançant una blockchain pública es pot mantenir un registre permanent, segur, ordenat i transparent de transaccions que estan disponibles per a tothom en qualsevol moment per poder ser observades i verificades. A la tesi, comencem proposant una solució base i la anem ampliant i millorant gradualment. La primera proposta és un protocol que utilitza una arquitectura amb blockchain. La plataforma blockchain genera confiança entre les parts ja que garanteix la correcta execució de les transaccions. En aquest sentit, fem servir un contracte intel·ligent per completar el procés de registre i evitar la doble venda. El contracte intel·ligent permet l'auditoria i la resolució de disputes de manera que protegim la privadesa i fem que la informació rellevant estigui sempre disponible. Al segon protocol, afegim un "relay" o retransmissor a la nostra arquitectura per facilitar la incorporació d'usuaris al sistema. El retransmissor és l'únic que envia transaccions a la cadena de blocs i el que paga les taxes corresponents. Els altres participants poden delegar l'enviament de les seves transaccions al repetidor i pagar amb diners fiduciaris. En aquesta proposta també millorem la gestió de la identitat i de l'autenticació utilitzant el concepte de credencials verificables (Verifiable Credentials o VC) per complir millor amb la normativa "Conegui el seu client" (Know Your Customer o KYC). De fet, en aquesta arquitectura, els participants utilitzen els seus identificadors descentralitzats (Decentralized Identifier o DID) i el protocol DIDComm per a les interaccions asíncrones i segures fora de la cadena. Al protocol final, millorem en gran mesura el nostre contracte intel·ligent pel que fa a les condicions que comprova abans de registrar una venda de factura. En aquesta última solució, integrem proves no interactives de coneixement nul (Zero Knowledge Proofs o ZKP) i compromisos criptogràfics. Amb aquestes eines, podem evitar un tipus especial d'atac de denegació de servei (Denial of Service o DoS) i verificar millor els detalls de les factures sense comprometre la privadesa. Els nostres protocols són molt eficients en termes de cost per comissions. En particular, només necessitem una transacció per registrar una factura i la majoria dels detalls es registren a l'emmagatzematge de la cadena de blocs de baix cost. Les nostres avaluacions i la comparació amb la literatura revelen que els nostres protocols són superiors als treballs relacionats pel que fa a l'eficiència, la seguretat, la privadesa i facilitat d'ús.Enginyeria telemàtic

Invoice factoring through blockchain technology

(English) Invoice factoring has been a popular way to provide cash flow for businesses. The primary function of a factoring system is to prevent an invoice from being factored twice. In order to prevent double factoring, many factoring ecosystems use one or several centralized entities to register factoring agreements. However, this puts a lot of power in the hands of these centralized entities and makes it difficult for users to dispute situations in which factoring data is unavailable, wrongly recorded or manipulated by negligence or on purpose. This thesis presents our research around the current problems of invoice factoring and our new solutions to solve this process using the blockchain technology. A public blockchain can keep a permanent, secure, ordered and transparent record of transactions which are then available for everyone at any time to view and verify. In this thesis, we start proposing a base solution, and we gradually enhance it. In the base protocol, we propose an architecture for invoicing registration based on a general blockchain. The blockchain platform builds trust between the parties by executing transactions correctly. We employed a smart contract to complete the registration process, and prevent double factoring. The smart contract provides for auditing and dispute resolution in such a way that privacy is protected and relevant information is always available. In the second protocol, we add a relayer to our architecture for easier on-boarding. Only the relayer is required to submit blockchain transactions, and pay the corresponding fees. Other participants can proxy their transactions through the relayer, and pay the relayer in fiat money. We also enhance our identity management and authentication using the concept of verifiable credentials (VC) in order to better comply with the Know-Your-Customer (KYC) regulation. In fact, in this architecture, participants use their decentralized identifiers (DIDs) and the DIDComm protocol for asynchronous and secure off-chain interactions. In the final protocol, we greatly enhance our smart contract with respect to the conditions it checks before registering an invoice factoring. We integrate non-interactive zero-knowledge proofs and cryptographic commitments into our solution. With these cryptographic tools in place, we can prevent a special type of denial of service (DoS) attack and better verify invoice details without compromising privacy. Our protocols are very efficient in terms of blockchain costs. In particular, we only need one transaction to register an invoice factoring, and most of the details are recorded in low-cost blockchain storage. Our evaluations and comparison with the literature reveals that our protocols are superior to the related works with respect to efficiency, security, privacy, and ease of use.(Català) La venda de factures o "invoice factoring" ha estat una forma popular de proporcionar flux de caixa a les empreses. La funció principal d'un sistema de venda de factures és evitar que una factura sigui venuda dues vegades. Per evitar la doble venda, molts ecosistemes de factoring utilitzen entitats centralitzades per registrar els acords de venda de factures. Això, però, posa molt poder en mans d'aquestes entitats centralitzades i dificulta que els usuaris puguin impugnar o rebatre situacions en què les dades de venda no estan disponibles, es registren erròniament o es manipulen ja sigui per negligència o a propòsit. Aquesta tesi presenta la nostra recerca al voltant dels problemes actuals dels sistemes de registre de venda de factures i les nostres novedosses solucions per resoldre aquest procés utilitzant la tecnologia "blockchain" (cadena de blocs). Mitjançant una blockchain pública es pot mantenir un registre permanent, segur, ordenat i transparent de transaccions que estan disponibles per a tothom en qualsevol moment per poder ser observades i verificades. A la tesi, comencem proposant una solució base i la anem ampliant i millorant gradualment. La primera proposta és un protocol que utilitza una arquitectura amb blockchain. La plataforma blockchain genera confiança entre les parts ja que garanteix la correcta execució de les transaccions. En aquest sentit, fem servir un contracte intel·ligent per completar el procés de registre i evitar la doble venda. El contracte intel·ligent permet l'auditoria i la resolució de disputes de manera que protegim la privadesa i fem que la informació rellevant estigui sempre disponible. Al segon protocol, afegim un "relay" o retransmissor a la nostra arquitectura per facilitar la incorporació d'usuaris al sistema. El retransmissor és l'únic que envia transaccions a la cadena de blocs i el que paga les taxes corresponents. Els altres participants poden delegar l'enviament de les seves transaccions al repetidor i pagar amb diners fiduciaris. En aquesta proposta també millorem la gestió de la identitat i de l'autenticació utilitzant el concepte de credencials verificables (Verifiable Credentials o VC) per complir millor amb la normativa "Conegui el seu client" (Know Your Customer o KYC). De fet, en aquesta arquitectura, els participants utilitzen els seus identificadors descentralitzats (Decentralized Identifier o DID) i el protocol DIDComm per a les interaccions asíncrones i segures fora de la cadena. Al protocol final, millorem en gran mesura el nostre contracte intel·ligent pel que fa a les condicions que comprova abans de registrar una venda de factura. En aquesta última solució, integrem proves no interactives de coneixement nul (Zero Knowledge Proofs o ZKP) i compromisos criptogràfics. Amb aquestes eines, podem evitar un tipus especial d'atac de denegació de servei (Denial of Service o DoS) i verificar millor els detalls de les factures sense comprometre la privadesa. Els nostres protocols són molt eficients en termes de cost per comissions. En particular, només necessitem una transacció per registrar una factura i la majoria dels detalls es registren a l'emmagatzematge de la cadena de blocs de baix cost. Les nostres avaluacions i la comparació amb la literatura revelen que els nostres protocols són superiors als treballs relacionats pel que fa a l'eficiència, la seguretat, la privadesa i facilitat d'ús.Postprint (published version

A comprehensive meta-analysis of cryptographic security mechanisms for cloud computing

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.The concept of cloud computing offers measurable computational or information resources as a service over the Internet. The major motivation behind the cloud setup is economic benefits, because it assures the reduction in expenditure for operational and infrastructural purposes. To transform it into a reality there are some impediments and hurdles which are required to be tackled, most profound of which are security, privacy and reliability issues. As the user data is revealed to the cloud, it departs the protection-sphere of the data owner. However, this brings partly new security and privacy concerns. This work focuses on these issues related to various cloud services and deployment models by spotlighting their major challenges. While the classical cryptography is an ancient discipline, modern cryptography, which has been mostly developed in the last few decades, is the subject of study which needs to be implemented so as to ensure strong security and privacy mechanisms in today’s real-world scenarios. The technological solutions, short and long term research goals of the cloud security will be described and addressed using various classical cryptographic mechanisms as well as modern ones. This work explores the new directions in cloud computing security, while highlighting the correct selection of these fundamental technologies from cryptographic point of view