CONSTRUCTION OF EFFICIENT AUTHENTICATION SCHEMES USING TRAPDOOR HASH FUNCTIONS

In large-scale distributed systems, where adversarial attacks can have widespread impact, authentication provides protection from threats involving impersonation of entities and tampering of data. Practical solutions to authentication problems in distributed systems must meet specific constraints of the target system, and provide a reasonable balance between security and cost. The goal of this dissertation is to address the problem of building practical and efficient authentication mechanisms to secure distributed applications. This dissertation presents techniques to construct efficient digital signature schemes using trapdoor hash functions for various distributed applications. Trapdoor hash functions are collision-resistant hash functions associated with a secret trapdoor key that allows the key-holder to find collisions between hashes of different messages. The main contributions of this dissertation are as follows: 1. A common problem with conventional trapdoor hash functions is that revealing a collision producing message pair allows an entity to compute additional collisions without knowledge of the trapdoor key. To overcome this problem, we design an efficient trapdoor hash function that prevents all entities except the trapdoor key-holder from computing collisions regardless of whether collision producing message pairs are revealed by the key-holder. 2. We design a technique to construct efficient proxy signatures using trapdoor hash functions to authenticate and authorize agents acting on behalf of users in agent-based computing systems. Our technique provides agent authentication, assurance of agreement between delegator and agent, security without relying on secure communication channels and control over an agent’s capabilities. 3. We develop a trapdoor hash-based signature amortization technique for authenticating real-time, delay-sensitive streams. Our technique provides independent verifiability of blocks comprising a stream, minimizes sender-side and receiver-side delays, minimizes communication overhead, and avoids transmission of redundant information. 4. We demonstrate the practical efficacy of our trapdoor hash-based techniques for signature amortization and proxy signature construction by presenting discrete log-based instantiations of the generic techniques that are efficient to compute, and produce short signatures. Our detailed performance analyses demonstrate that the proposed schemes outperform existing schemes in computation cost and signature size. We also present proofs for security of the proposed discrete-log based instantiations against forgery attacks under the discrete-log assumption

Strong identity-based proxy signature schemes, revisited

tru

Secure electronic commerce with mobile agents

Online transactions using mobile agents need secure protocols to help the mobile agents to accomplish the transactions initiated by a client in an electronic commerce. However, the mobile agent could encounter hostile environment. For example, a server may compromise the mobile agent and try to obtain private information of the client. A solution to tackle this issue has been proposed. However, the existing solution is implemented using RSA signatures that result in long signatures and heavy workloads for the mobile agent. Mobile agents will migrate from the client to a server and from one server to other servers in order to accomplish the client?s transaction plan. Therefore, it will be interesting to re-tackle this issue. We present a new scheme for secure transactions using mobile agents in potentially hostile environments. This transaction scheme is implemented by using a new undetachable signature scheme. The new undetachable signature protocol utilizes short signatures, which is desirable for low-bandwidth and efficient mobile communications

Designated Verifier Threshold Proxy Signature Scheme without Random Oracles

In a $(t,n)$ designated verifier threshold proxy signature \, scheme, an original signer can delegate his/her signing power to $n$ proxy signers such that any $t$ or more out of $n$ proxy signers can sign messages on behalf of the original signer but $t-1$ or less of the proxy signers cannot generate a valid proxy signature. Of course, the signature is issued for a designated receiver and therefore only the designated receiver can validate the proxy signature. In this paper, we propose a new designated verifier threshold proxy signature scheme and also show that the proposed scheme has provable security in the standard model. The security of proposed scheme is based on the $GBDH$ assumption and the proposed scheme satisfies all the security requirements of threshold proxy signature schemes

Security Arguments for Partial Delegation with Warrant Proxy Signature Schemes

Proxy signature is an important cryptographic primitive and has been suggested in numerous applications. In this paper, we present an attack on the aggregate-signature-based proxy signature schemes, then point out there are two flaws in BPW notion of security for proxy signature. Furthermore, we give arguments for partial delegation with warrant proxy signature schemes. We construct a new proxy signature scheme and prove that it is secure against existentially forgery on adaptively chosen-message attacks and adaptively chosen-warrant attacks under the random oracle model

An Efficient ID-based Proxy Signature Scheme from Pairings

This paper proposes a new ID-based proxy signature scheme based on the bilinear pairings. The number of paring operation involved in the verification procedure of our scheme is only one, so our scheme is more efficient comparatively. The new scheme can be proved secure with the hardness assumption of the k-Bilinear Diffie-Hellman Inverse problem, in the random oracle model

A new identity based proxy signature scheme

Proxy signature schemes allow a proxy signer to generate proxy signatures on behalf of an original signer. Mambo et al. first introduced the notion of proxy signature and a lot of research work can be found on this topic nowadays. Recently, many identity based proxy signature schemes were proposed. However, some schemes are vulnerable to proxy key exposure attack. In this paper, we propose a security model for identity based proxy signature schemes. Then an efficient scheme from pairings is presented. The presented scheme is provably secure in the random oracle model. In particular, the new scheme is secure against proxy key exposure attack