Anonymous, Timed and Revocable Proxy Signatures

A proxy signature enables a party to delegate her signing power to another. This is useful in practice to achieve goals related to robustness, crowd-sourcing, and workload sharing. Such applications usually require delegation to satisfy several properties, including time bounds, anonymity, revocability, and policy enforcement. Despite the large amount of work on proxy signatures in the literature, none of the existing schemes satisfy all these properties; even there is no unified formal notion that captures them. In this work, we close this gap and propose an anonymous, timed, and revocable proxy signature scheme. We achieve this in two steps: First, we introduce a tokenizable digital signature based on Schnorr signature allowing for secure distribution of signing tokens (which could be of independent interest). Second, we utilize a public bulletin board and timelock encryption to support: (1) one-time usage of the signing tokens by tracking tokens used so far based on unique values associated to them, (2) timed delegation so that a proxy signer cannot sign outside a given period, and (3) delegation revocation allowing the original signer to end a delegation earlier than provisioned. All of these are done in a decentralized and anonymous way; no trusted party is involved, and no one can tell that someone else signed on behalf of the original signer or even that a delegation took place. We define a formal notion for proxy signatures capturing all these properties, and prove that our construction realizes this notion. We also introduce several design considerations addressing issues related to deployment in practice

Multilevel Components to Improve Factor Revocability And Data Security Protection In Cloud

The data stored in cloud environment can be accessed from anywhere and at anytime and by anyone. Many techniques effectively provide the security for cloud storage data. During transmission of data in cloud environment, encryption is an efficient and widely used technique for data security. Thought cloud service provides such services but security and privacy of owner’s data is major concern in cloud storage. Therefore secure data access is critical issue in cloud storage. In this paper Proposed system an improve data security protection mechanism for cloud using two components. In this system sender sends an encrypted message to a receiver with the help of cloud system. The sender requires to know identity of receiver but no need of other information such as certificate or public key. To decrypt the cipher text, receiver needs two parts. The first thing is a unique personal security device or some hardware device connected to the computer system. Second one is private key or secrete key stored in the computer. Without having these two things cipher text never decrypted. The important thing is the security device lost or stolen, then cipher text cannot be decrypted and hardware device is revoked or cancelled to decrypt cipher text. The efficiency and security analysis show that the system is secure as well as practically implemented. The system uses a new hardware device like pen drive etc. to decrypt the cipher text together with the private key

A New Double Security And Protection Schemes In Cloud Storage

The first article is his/her secret key stored in the computer. The second thing is a singleprivatesanctuary device which joins to the computer. It is terrible to decrypt the ciphertext wanting both pieces. Supplementarysignificantly, once the haven device is stolen or lost, this device is rescinded. It cannot be used to decrypt any ciphertext. This can be finished by the cloud server which will instantlyaccomplish some algorithms to revolution the existing cipher text to be un-decrypt able by this device. This route is utterlytranslucent to the sender. Likewise, the cloud server cannot decrypt any ciphertext at any time. The safekeeping and efficiency enquiry show that our system is not only sheltered but also useful

Towards Secure Identity-Based Cryptosystems for Cloud Computing

The convenience provided by cloud computing has led to an increasing trend of many business organizations, government agencies and individual customers to migrate their services and data into cloud environments. However, once clients’ data is migrated to the cloud, the overall security control will be immediately shifted from data owners to the hands of service providers. When data owners decide to use the cloud environment, they rely entirely on third parties to make decisions about their data and, therefore, the main challenge is how to guarantee that the data is accessible by data owners and authorized users only. Remote user authentication to cloud services is traditionally achieved using a combination of ID cards and passwords/PINs while public key infrastructure and symmetric key encryptions are still the most common techniques for enforcing data security despite the missing link between the identity of data owners and the cryptographic keys. Furthermore, the key management in terms of the generation, distribution, and storage are still open challenges to traditional public-key systems. Identity-Based Cryptosystems (IBCs) are new generations of public key encryptions that can potentially solve the problems associated with key distribution in public key infrastructure in addition to providing a clear link between encryption keys and the identities of data owners. In IBCs, the need for pre-distributed keys before any encryption/decryption will be illuminated, which gives a great deal of flexibility required in an environment such as the cloud. Fuzzy identity-based cryptosystems are promising extensions of IBCs that rely on biometric modalities in generating the encryption and decryption keys instead of traditional identities such as email addresses. This thesis argues that the adoption of fuzzy identity-based cryptosystems seems an ideal option to secure cloud computing after addressing a number of vulnerabilities related to user verification, key generation, and key validation stages. The thesis is mainly concerned with enhancing the security and the privacy of fuzzy identity-based cryptosystems by proposing a framework with multiple security layers. The main contributions of the thesis can be summarised as follows. 1. Improving user verification based on using a Challenge-Response Multifactor Biometric Authentication (CR-MFBA) in fuzzy identity-based cryptosystems that reduce the impacts of impersonators attacks. 2. Reducing the dominance of the “trusted authority” in traditional fuzzy identity-based cryptosystems by making the process of generating the decryption keys a cooperative process between the trusted authority server and data owners. This leads to shifting control over the stored encrypted data from the trusted authority to the data owners. 3. Proposing a key-validity method that relies on employing the Shamir Secret Sharing, which also contributes to giving data owners more control over their data. 4. Further improving the control of data owners in fuzzy identity-based cryptosystems by linking the decryption keys parameters with their biometric modalities. 5. Proposing a new asymmetric key exchange protocol based on utilizing the scheme of fuzzy identity-based cryptosystems to shared encrypted data stored on cloud computing

Research on security and privacy in vehicular ad hoc networks

Los sistemas de redes ad hoc vehiculares (VANET) tienen como objetivo proporcionar una plataforma para diversas aplicaciones que pueden mejorar la seguridad vial, la eficiencia del tráfico, la asistencia a la conducción, la regulación del transporte, etc. o que pueden proveer de una mejor información y entretenimiento a los usuarios de los vehículos. Actualmente se está llevando a cabo un gran esfuerzo industrial y de investigación para desarrollar un mercado que se estima alcance en un futuro varios miles de millones de euros. Mientras que los enormes beneficios que se esperan de las comunicaciones vehiculares y el gran número de vehículos son los puntos fuertes de las VANET, su principal debilidad es la vulnerabilidad a los ataques contra la seguridad y la privacidad.En esta tesis proponemos cuatro protocolos para conseguir comunicaciones seguras entre vehículos. En nuestra primera propuesta empleamos a todas las unidades en carretera (RSU) para mantener y gestionar un grupo en tiempo real dentro de su rango de comunicación. Los vehículos que entren al grupo de forma anónima pueden emitir mensajes vehículo a vehículo (V2V) que inmediatamente pueden ser verificados por los vehículos del mismo grupo (y grupos de vecinos). Sin embargo, en la primera fase del despliegue de este sistema las RSU pueden no estar bien distribuídas. Consecuentemente, se propone un conjunto de mecanismos para hacer frente a la seguridad, privacidad y los requisitos de gestión de una VANET a gran escala sin la suposición de que las RSU estén densamente distribuidas. La tercera propuesta se centra principalmente en la compresión de las evidencias criptográficas que nos permitirán demostrar, por ejemplo, quien era el culpable en caso de accidente. Por último, investigamos los requisitos de seguridad de los sistemas basados en localización (LBS) sobre VANETs y proponemos un nuevo esquema para la preservación de la privacidad de la localización en estos sistemas sobre dichas redes.Vehicular ad hoc network (VANET) systems aim at providing a platform for various applications that can improve traffic safety and efficiency, driver assistance, transportation regulation, infotainment, etc. There is substantial research and industrial effort to develop this market. It is estimated that the market for vehicular communications will reach several billion euros. While the tremendous benefits expected from vehicular communications and the huge number of vehicles are strong points of VANETs, their weakness is vulnerability to attacks against security and privacy.In this thesis, we propose four protocols for secure vehicle communications. In our first proposal, we employ each road-side unit (RSU) to maintain and manage an on-the-fly group within its communication range. Vehicles entering the group can anonymously broadcast vehicle-to-vehicle (V2V) messages, which can be instantly verified by the vehicles in the same group (and neighbor groups). However, at the early stage of VANET deployment, the RSUs may not be well distributed. We then propose a set of mechanisms to address the security, privacy, and management requirements of a large-scale VANET without the assumption of densely distributed RSUs. The third proposal is mainly focused on compressing cryptographic witnesses in VANETs. Finally, we investigate the security requirements of LBS in VANETs and propose a new privacy-preserving LBS scheme for those networks

Data Auditing and Security in Cloud Computing: Issues, Challenges and Future Directions

Cloud computing is one of the significant development that utilizes progressive computational power and upgrades data distribution and data storing facilities. With cloud information services, it is essential for information to be saved in the cloud and also distributed across numerous customers. Cloud information repository is involved with issues of information integrity, data security and information access by unapproved users. Hence, an autonomous reviewing and auditing facility is necessary to guarantee that the information is effectively accommodated and used in the cloud. In this paper, a comprehensive survey on the state-of-art techniques in data auditing and security are discussed. Challenging problems in information repository auditing and security are presented. Finally, directions for future research in data auditing and security have been discussed

Data auditing and security in cloud computing: issues, challenges and future directions

Cloud computing is one of the significant development that utilizes progressive computational power and upgrades data distribution and data storing facilities. With cloud information services, it is essential for information to be saved in the cloud and also distributed across numerous customers. Cloud information repository is involved with issues of information integrity, data security and information access by unapproved users. Hence, an autonomous reviewing and auditing facility is necessary to guarantee that the information is effectively accommodated and used in the cloud. In this paper, a comprehensive survey on the state-of-art techniques in data auditing and security are discussed. Challenging problems in information repository auditing and security are presented. Finally, directions for future research in data auditing and security have been discusse