Identity-Based Online/Offline Key Encapsulation and Encryption

An identity-based online/offline encryption (IBOOE) scheme splits the encryption process into two phases. The first phase performs most of the heavy computations, such as modular exponentiation or pairing over points on elliptic curve. The knowledge of the plaintext or the receiver\u27s identity is not required until the second phase, where the ciphertext is produced by only light computations, such as integer addition/multiplication or hashing. This division of computations makes encryption affordable by devices with limited computation power since the preparation works can be executed ``offline\u27\u27 or possibly by some powerful devices. Since efficiency is the main concern, smaller ciphertext size and less burden in the computation requirements of all phases (i.e., both phases of encryption and the decryption phase) are desirable. In this paper, we proposed new schemes with improved efficiency over previous schemes by assuming random oracles. Our first construction is a very efficient scheme which is secure against chosen-plaintext attack (CPA), This scheme is slightly modified from an existing scheme. In particular, the setup and the user private key remain the same. We then proceed to propose the notion of ID-based Online/Offline KEM (IBOOKEM) that allows the key encapsulation process to be split into offline and online stages, in the same way as IBOOE does. We also present a generic transformation to get security against chosen-ciphertext attack (CCA) for IBOOE from any IBOOKEM scheme with one-wayness only. Our schemes (both CPA and CCA) are the most efficient one in the state-of-the-art, in terms of online computation and ciphertext size, which are the two main focuses of online/offline schemes. Our schemes are very suitable to be deployed on embedded devices such as smartcard or wireless sensor which have very limited computation powers and the communication bandwidth is very expensive

Improved identity-based online/offline encryption

The notion of online/offline encryption was put forth by Guo, Mu and Chen (FC 2008), where they proposed an identity-based scheme called identity-based online/offline encryption (IBOOE). An online/ offline encryption separates an encryption into two stages: offline and online. The offline phase carries much more computational load than the online phase, where the offline phase does not require the information of the message to be encrypted and the identity of the receiver. Subsequently, many applications of IBOOE have been proposed in the literature. As an example, Hobenberger and Waters (PKC 2014) have recently applied it to attribute-based encryption. In this paper, we move one step further and explore a much more efficient variant.We propose an efficient semi-generic transformation to obtain an online/offline encryption from a tradition identity-based encryption (IBE). Our transformation provides a new method to separate the computation of receiver’s identity into offline and online phases. The IBOOE schemes using our transformation saves one group element in both offline and online phases compared to other IBOOE schemes in identity computing. The transformed scheme still maintains the same level of security as in the original IBE scheme

Selection of EAP-authentication methods in WLANs

IEEE 802.1X is a key part of IEEE802.11i. By employing Extensible Authentication Protocol (EAP) it supports a variety of upper layer authentication methods each with different benefits and drawbacks. Any one of these authentication methods can be the ideal choice for a specific networking environment. The fact that IEEE 802.11i leaves the selection of the most suitable authentication method to system implementers makes the authentication framework more flexible, but on the other hand leads to the question of how to select the authentication method that suits an organisation’s requirements and specific networking environment. This paper gives an overview of EAP authentication methods and provides a table comparing their properties. It then identifies the crucial factors to be considered when employing EAP authentication methods in WLAN environments. The paper presents algorithms that guide the selection of an EAP-authentication method for a WLAN and demonstrates their application through three examples