38,385 research outputs found
Security Pitfalls of a Provably Secure Identity-based Multi-Proxy Signature Scheme
An identity-based multi-proxy signature is a type of proxy signatures in
which the delegation of signing right is distributed among a number of proxy signers.
In this type of cryptographic primitive, cooperation of all proxy signers in the proxy
group generates the proxy signatures of roughly the same size as that of standard proxy
signatures on behalf of the original signer, which is more efficient than transmitting
individual proxy signatures. Since identity-based multi-proxy signatures are useful in
distributed systems, grid computing, presenting a provably secure identity-based multi-proxy scheme is desired.
In 2013, Sahu and Padhye proposed the first provably secure identity-based multi-proxy signature scheme in the random oracle model, and proved that their scheme is existential unforgeable against adaptive chosen message and identity attack. Unfortunately, in this
paper, we show that their scheme is insecure. We present two forgery attacks on their scheme. Furthermore, their scheme is not resistant against proxy key exposure attack. As a consequence, there is no provably secure identity-based multi-proxy signature scheme
secure against proxy key exposure attack to date
MEDAPs: secure multi-entities delegated authentication protocols for mobile cloud computing
Since the technology of mobile cloud computing has brought a lot of benefits to information world, many applications in mobile devices based on cloud have emerged and boomed in the last years. According to the storage limitation, data owners would like to upload and further share the data through the cloud. Due to the safety requirements, mobile data owners are requested to provide credentials such as authentication tags along with the data. However, it is impossible to require mobile data owners to provide every authenticated computational results. The solution that signersâ privilege is outsourced to the cloud would be a promising way. To solve this problem, we propose three secure multi-entities delegated authentication protocols (MEDAPs) in mobile cloud computing, which enables the multiple mobile data owners to authorize a group designated cloud servers with the signing rights. The security of MEDAPs is constructed on three cryptographic primitive identity-based multi-proxy signature (IBMPS), identity-based proxy multi-signature (IBPMS), and identity-based multi-proxy multi-signature (IBMPMS), relied on the cubic residues, equaling to the integer factorization assumption. We also give the formal security proof under adaptively chosen message attacks and chosen identity/warrant attacks. Furthermore,compared with the pairing based protocol, MEDAPs are quite efficient and the communication overhead is nearly not a linear growth with the number of cloud servers. Copyrightâc 2015 John Wiley & Sons, Ltd
Cryptanalysis and Improvement of Identity-based Proxy Multi-signature scheme
Cao-Caoâs recently proposed an identity-based proxy signature scheme
and claim that the scheme is provably secure in random oracle model. In this paper we have reviewed the scheme and proven that the scheme is vulnerable to chosen message attack under the defined security model. To prevent this attack, we propose an improved version of the scheme. A Proxy multi-signature scheme allows an authorized proxy signer to sign on a message on behalf of a group of original signers
Proxy Signature Scheme with Effective Revocation Using Bilinear Pairings
We present a proxy signature scheme using bilinear pairings that provides
effective proxy revocation. The scheme uses a binding-blinding technique to
avoid secure channel requirements in the key issuance stage. With this
technique, the signer receives a partial private key from a trusted authority
and unblinds it to get his private key, in turn, overcomes the key escrow
problem which is a constraint in most of the pairing-based proxy signature
schemes. The scheme fulfills the necessary security requirements of proxy
signature and resists other possible threats
ID-based Ring Signature and Proxy Ring Signature Schemes from Bilinear Pairings
In 2001, Rivest et al. firstly introduced the concept of ring signatures. A
ring signature is a simplified group signature without any manager. It protects
the anonymity of a signer. The first scheme proposed by Rivest et al. was based
on RSA cryptosystem and certificate based public key setting. The first ring
signature scheme based on DLP was proposed by Abe, Ohkubo, and Suzuki. Their
scheme is also based on the general certificate-based public key setting too.
In 2002, Zhang and Kim proposed a new ID-based ring signature scheme using
pairings. Later Lin and Wu proposed a more efficient ID-based ring signature
scheme. Both these schemes have some inconsistency in computational aspect.
In this paper we propose a new ID-based ring signature scheme and a proxy
ring signature scheme. Both the schemes are more efficient than existing one.
These schemes also take care of the inconsistencies in above two schemes.Comment: Published with ePrint Archiv
A Mediated Definite Delegation Model allowing for Certified Grid Job Submission
Grid computing infrastructures need to provide traceability and accounting of
their users" activity and protection against misuse and privilege escalation. A
central aspect of multi-user Grid job environments is the necessary delegation
of privileges in the course of a job submission. With respect to these generic
requirements this document describes an improved handling of multi-user Grid
jobs in the ALICE ("A Large Ion Collider Experiment") Grid Services. A security
analysis of the ALICE Grid job model is presented with derived security
objectives, followed by a discussion of existing approaches of unrestricted
delegation based on X.509 proxy certificates and the Grid middleware gLExec.
Unrestricted delegation has severe security consequences and limitations, most
importantly allowing for identity theft and forgery of delegated assignments.
These limitations are discussed and formulated, both in general and with
respect to an adoption in line with multi-user Grid jobs. Based on the
architecture of the ALICE Grid Services, a new general model of mediated
definite delegation is developed and formulated, allowing a broker to assign
context-sensitive user privileges to agents. The model provides strong
accountability and long- term traceability. A prototype implementation allowing
for certified Grid jobs is presented including a potential interaction with
gLExec. The achieved improvements regarding system security, malicious job
exploitation, identity protection, and accountability are emphasized, followed
by a discussion of non- repudiation in the face of malicious Grid jobs
- âŠ