Certificate-Based Parallel Key-Insulated Aggregate Signature Against Fully Chosen-Key Attacks for Industrial Internet of Things

With the emergence of the Industrial Internet of Things (IIoT), numerous operations based on smart devices contribute to producing convenience and comfortable applications for individuals and organizations. Considering the untrusted feature of the communication channels in IIoT, it is essential to ensure the authentication and incontestableness of the messages transmitted in the IIoT. In this paper, we firstly proposed a certificate-based parallel key-insulated aggregate signature (CB-PKIAS), which can resist the fully chosen-key attacks. Concretely, the adversary who can obtain the private keys of all signers in the system is able to forge a valid aggregate signature by using the invalid single signature. Furthermore, our scheme inherits the merits of certificate-based and key-insulated to avoid the certificate management problem, key escrow problems as well as the key exposures simultaneously. In addition, the rigorous analysis and the concrete simulation experiment demonstrated that our proposed scheme is secure under the random oracle and more suitable for the IIoT environment

Cryptographic Schemes based on Elliptic Curve Pairings

This thesis introduces the concept of certificateless public key cryptography (CLPKC). Elliptic curve pairings are then used to make concrete CL-PKC schemes and are also used to make other efficient key agreement protocols. CL-PKC can be viewed as a model for the use of public key cryptography that is intermediate between traditional certificated PKC and ID-PKC. This is because, in contrast to traditional public key cryptographic systems, CL-PKC does not require the use of certificates to guarantee the authenticity of public keys. It does rely on the use of a trusted authority (TA) who is in possession of a master key. In this respect, CL-PKC is similar to identity-based public key cryptography (ID-PKC). On the other hand, CL-PKC does not suffer from the key escrow property that is inherent in ID-PKC. Applications for the new infrastructure are discussed. We exemplify how CL-PKC schemes can be constructed by constructing several certificateless public key encryption schemes and modifying other existing ID based schemes. The lack of certificates and the desire to prove the schemes secure in the presence of an adversary who has access to the master key or has the ability to replace public keys, requires the careful development of new security models. We prove that some of our schemes are secure, provided that the Bilinear Diffie-Hellman Problem is hard. We then examine Joux’s protocol, which is a one round, tripartite key agreement protocol that is more bandwidth-efficient than any previous three-party key agreement protocol, however, Joux’s protocol is insecure, suffering from a simple man-in-the-middle attack. We show how to make Joux’s protocol secure, presenting several tripartite, authenticated key agreement protocols that still require only one round of communication. The security properties of the new protocols are studied. Applications for the protocols are also discussed

Selected Papers from the First International Symposium on Future ICT (Future-ICT 2019) in Conjunction with 4th International Symposium on Mobile Internet Security (MobiSec 2019)

The International Symposium on Future ICT (Future-ICT 2019) in conjunction with the 4th International Symposium on Mobile Internet Security (MobiSec 2019) was held on 17–19 October 2019 in Taichung, Taiwan. The symposium provided academic and industry professionals an opportunity to discuss the latest issues and progress in advancing smart applications based on future ICT and its relative security. The symposium aimed to publish high-quality papers strictly related to the various theories and practical applications concerning advanced smart applications, future ICT, and related communications and networks. It was expected that the symposium and its publications would be a trigger for further related research and technology improvements in this field

Certificateless Key-Insulated Generalized Signcryption Scheme without Bilinear Pairings

Generalized signcryption (GSC) can be applied as an encryption scheme, a signature scheme, or a signcryption scheme with only one algorithm and one key pair. A key-insulated mechanism can resolve the private key exposure problem. To ensure the security of cloud storage, we introduce the key-insulated mechanism into GSC and propose a concrete scheme without bilinear pairings in the certificateless cryptosystem setting. We provide a formal definition and a security model of certificateless key-insulated GSC. Then, we prove that our scheme is confidential under the computational Diffie-Hellman (CDH) assumption and unforgeable under the elliptic curve discrete logarithm (EC-DL) assumption. Our scheme also supports both random-access key update and secure key update. Finally, we evaluate the efficiency of our scheme and demonstrate that it is highly efficient. Thus, our scheme is more suitable for users who communicate with the cloud using mobile devices

Name service and routing for traffic anonymizing networks

Orientador: Julio Cesar Lopez HernandezDissertação (mestrado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo: Em diversos cenários, é desejável que não apenas o conteúdo de uma comunicação seja preservado, mas também a identidade dos seus participantes. Satisfazer esta propriedade requer mecanismos diferentes dos comumente utilizados para fornecer sigilo e autenticidade. Neste trabalho, a problemática da comunicação anônima na Internet é abordada a partir do projeto e implementação de componentes específicos para este fim. Em particular, são apresentados um componente para roteamento anônimo eficiente em sistemas peer-to-peer estruturados e um serviço de nomes para facilitar a publicação de serviços anonimizados. As principais contribuições deste trabalho são: (i) estudo de definições, métricas e técnicas relacionadas a anonimato computacional; (ii) estudo do paradigma de Criptografia de Chave Pública Sem Certificados; (iii) projeto de uma rede de anonimização completa, adequada tanto para comunicação genérica como para funcionalidade específica; (iv) estudo e projeto de esquemas de roteamento em ambientes anônimos; (v) projeto de um serviço de nomes que aplica técnicas criptográficas avançadas para fornecer suporte a serviços anonimizados; (vi) implementação em software dos conceitos apresentadosAbstract: In several scenarios, it¿s desirable to protect not only the content of a communication, but the identities of its participants. To satisfy this property, different techniques from those used to support confidentiality and authentication are commonly required. In this work, the problem of anonymous communication on the Internet is explored through the design and implementation of specific components with this function. In particular, a name service and a routing component for anonymous environments are presented. The main contributions of this work are: (i) the study of definitions, metrics and techniques related to computational anonymity; (ii) the study of Certificateless Public Key Cryptography, a new model of public key cryptography; (iii) the design of a complete anonymization network, suitable for both generic communication and dedicated functionality; (iv) the study and design of routing schemes for anonymous communication; (v) the design of a name service to support location-hidden services in the anonymous network; (vi) the implementation of the concepts presented.MestradoCriptografia e Segurança ComputacionalMestre em Ciência da Computaçã

An Approach to Guide Users Towards Less Revealing Internet Browsers

When browsing the Internet, HTTP headers enable both clients and servers send extra data in their requests or responses such as the User-Agent string. This string contains information related to the sender’s device, browser, and operating system. Previous research has shown that there are numerous privacy and security risks result from exposing sensitive information in the User-Agent string. For example, it enables device and browser fingerprinting and user tracking and identification. Our large analysis of thousands of User-Agent strings shows that browsers differ tremendously in the amount of information they include in their User-Agent strings. As such, our work aims at guiding users towards using less exposing browsers. In doing so, we propose to assign an exposure score to browsers based on the information they expose and vulnerability records. Thus, our contribution in this work is as follows: first, provide a full implementation that is ready to be deployed and used by users. Second, conduct a user study to identify the effectiveness and limitations of our proposed approach. Our implementation is based on using more than 52 thousand unique browsers. Our performance and validation analysis show that our solution is accurate and efficient. The source code and data set are publicly available and the solution has been deployed