On the efficiency of revocation in RSA-based anonymous systems

© 2016 IEEEThe problem of revocation in anonymous authentication systems is subtle and has motivated a lot of work. One of the preferable solutions consists in maintaining either a whitelist L-W of non-revoked users or a blacklist L-B of revoked users, and then requiring users to additionally prove, when authenticating themselves, that they are in L-W (membership proof) or that they are not in L-B (non-membership proof). Of course, these additional proofs must not break the anonymity properties of the system, so they must be zero-knowledge proofs, revealing nothing about the identity of the users. In this paper, we focus on the RSA-based setting, and we consider the case of non-membership proofs to blacklists L = L-B. The existing solutions for this setting rely on the use of universal dynamic accumulators; the underlying zero-knowledge proofs are bit complicated, and thus their efficiency; although being independent from the size of the blacklist L, seems to be improvable. Peng and Bao already tried to propose simpler and more efficient zero-knowledge proofs for this setting, but we prove in this paper that their protocol is not secure. We fix the problem by designing a new protocol, and formally proving its security properties. We then compare the efficiency of the new zero-knowledge non-membership protocol with that of the protocol, when they are integrated with anonymous authentication systems based on RSA (notably, the IBM product Idemix for anonymous credentials). We discuss for which values of the size k of the blacklist L, one protocol is preferable to the other one, and we propose different ways to combine and implement the two protocols.Postprint (author's final draft

A Practical Set-Membership Proof for Privacy-Preserving NFC Mobile Ticketing

To ensure the privacy of users in transport systems, researchers are working on new protocols providing the best security guarantees while respecting functional requirements of transport operators. In this paper, we design a secure NFC m-ticketing protocol for public transport that preserves users' anonymity and prevents transport operators from tracing their customers' trips. To this end, we introduce a new practical set-membership proof that does not require provers nor verifiers (but in a specific scenario for verifiers) to perform pairing computations. It is therefore particularly suitable for our (ticketing) setting where provers hold SIM/UICC cards that do not support such costly computations. We also propose several optimizations of Boneh-Boyen type signature schemes, which are of independent interest, increasing their performance and efficiency during NFC transactions. Our m-ticketing protocol offers greater flexibility compared to previous solutions as it enables the post-payment and the off-line validation of m-tickets. By implementing a prototype using a standard NFC SIM card, we show that it fulfils the stringent functional requirement imposed by transport operators whilst using strong security parameters. In particular, a validation can be completed in 184.25 ms when the mobile is switched on, and in 266.52 ms when the mobile is switched off or its battery is flat

Distributed Key Management for Secure Role Based Messaging

Secure Role Based Messaging (SRBM) augments messaging systems with role oriented communication in a secure manner. Role occupants can sign and decrypt messages on behalf of roles. This paper identifies the requirements of SRBM and recognises the need for: distributed key shares, fast membership revocation, mandatory security controls and detection of identity spoofing. A shared RSA scheme is constructed. RSA keys are shared and distributed to role occupants and role gate keepers. Role occupants and role gate keepers must cooperate together to use the key shares to sign and decrypt the messages. Role occupant signatures can be verified by an audit service. A SRBM system architecture is developed to show the security related performance of the proposed scheme, which also demonstrates the implementation of fast membership revocation, mandatory security control and prevention of spoofing. It is shown that the proposed scheme has successfully coupled distributed security with mandatory security controls to realize secure role based messaging

A Group Signature Scheme Based on an RSA-Variant

The concept of group signatures allows a group member to sign messages anonymously on behalf of the group. However, in the case of a dispute, the identity of a signature’s originator can be revealed by a designated entity. In this paper we propose a new group signature scheme that is well suited for large groups, i.e., the length of the group’s public key and of signatures do notdepend on the size of the group. Our scheme is based on a variation of the RSA problem called strong RSA assumption. It is also more efficient than previous ones satisfying these requirements

A survey on group signature schemes

Group Signature, extension of digital signature, allows members of a group to sign messages on behalf of the group, such that the resulting signature does not reveal the identity of the signer. Any client can verify the authenticity of the document by using the public key parameters of the group. In case of dispute, only a designated group manager, because of his special property, is able to open signatures, and thus reveal the signer’s identity. Its applications are widespread, especially in e-commerce such as e-cash, e-voting and e-auction. This thesis incorporates the detailed study of various group signature schemes, their cryptographic concepts and the main contributions in this field. We implemented a popular group signature scheme based upon elliptic curve cryptosystems. Moreover, the group signature is dynamic i.e. remains valid, if some members leave the group or some new members join the group. Full traceability feature is also included in the implemented scheme. For enhanced security the the scheme implements distributed roles of the group manager. We also analysed various security features, formal models, challenges and cryptanalysis of some significant contributions in this area

A Survey of Access Control Models in Wireless Sensor Networks

Copyright 2014 by the authors; licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution license (http://creativecommons.org/licenses/by/3.0/)Wireless sensor networks (WSNs) have attracted considerable interest in the research community, because of their wide range of applications. However, due to the distributed nature of WSNs and their deployment in remote areas, these networks are vulnerable to numerous security threats that can adversely affect their proper functioning. Resource constraints in sensor nodes mean that security mechanisms with a large overhead of computation and communication are impractical to use in WSNs; security in sensor networks is, therefore, a challenge. Access control is a critical security service that offers the appropriate access privileges to legitimate users and prevents illegitimate users from unauthorized access. However, access control has not received much attention in the context of WSNs. This paper provides an overview of security threats and attacks, outlines the security requirements and presents a state-of-the-art survey on access control models, including a comparison and evaluation based on their characteristics in WSNs. Potential challenging issues for access control schemes in WSNs are also discussed.Peer reviewe

Leak-Free Mediated Group Signatures

Group signatures are a useful cryptographic construct for privacy-preserving non-repudiable authentication, and there have been many group signature schemes. In this paper, we introduce a variant of group signatures that offers two new security properties called leak-freedom and immediate-revocation. Intuitively, the former ensures that an insider (i.e., an authorized but malicious signer) be unable to convince an outsider (e.g., signature receiver) that she indeed signed a certain message; whereas the latter ensures that the authorization for a user to issue group signatures can be immediately revoked whenever the need arises (temporarily or permanently). These properties are not offered in existing group signature schemes, nor captured by their security definitions. However, these properties might be crucial to a large class of enterprise-centric applications because they are desirable from the perspective of the enterprises who adopt group signatures or are the group signatures liability-holders (i.e., will be hold accountable for the consequences of group signatures). In addition to introducing these new securit

Security Issues and Solutions in Multicast Environment through Tree based Scheme

Multicast is the delivery of a message or information to a group of destination computers simultaneously in a single transmission from the source creating copies automatically in other network elements, such as routers, only when the topology of the network requires it. Multicasting security is hard because of Open group membership, everyone gets same pack ets, Senders need not be members. We first present taxonomy of mu lticast scenarios on the Internet and point out relevant security concerns. Next we address two major security problems of multicast communication: source authentication, and key revocation. Maintaining authenticity in multicast protocols is a much more complex problem than for unicast, in particular known solutions are prohibitively inefficient in many cases. We present a solution that is reasonable for a range of scenarios. Our approach can be regarded as a midpoi nt between traditional Message Authentication Codes and digital signatures. We also present an improved solution to the key revocation problem