30 research outputs found
Cryptanalysis of an online/offline certificateless signature scheme for Internet of Health Things
Recently, Khan et al. [An online-offline certificateless signature scheme for internet of health things,” Journal of Healthcare Engineering, vol. 2020] presented a new certificateless offline/online signature scheme for Internet of Health Things (IoHT) to fulfill the authenticity requirements of the resource-constrained environment of (IoHT) devices. The authors claimed that the newly proposed scheme is formally secured against Type-I adversary under the Random Oracle Model (ROM). Unfortunately, their scheme is insecure against adaptive chosen message attacks. It is demonstrated that an adversary can forge a valid signature on a message by replacing the public key. Furthermore, we performed a comparative analysis of the selective parameters including computation time, communication overhead, security, and formal proof by employing Evaluation based on Distance from Average Solution (EDAS). The analysis shows that the designed scheme of Khan et al. doesn’t have any sort of advantage over the previous schemes. Though, the authors utilized a lightweight hyperelliptic curve cryptosystem with a smaller key size of 80-bits. Finally, we give some suggestions on the construction of a concrete security scheme under ROM
Security analysis of two lightweight certificateless signature schemes
Certificateless cryptography can be considered as an intermediate solution to overcome the issues in traditional public key infrastructure (PKI) and identity-based public key cryptography (ID-PKC). There exist a vast number of certificateless signature (CLS) schemes in the literature; however, most of them are not efficient enough to be utilized in limited resources environments such as Internet of things (IoT) or Healthcare Wireless Sensor Networks (HWSN). Recently, two lightweight CLS schemes have been proposed by Karati et al. and Kumar et al. to be employed in IoT and HWSNs, respectively. While both schemes are claimed to be existentially unforgeable, in this paper, we show that both these signatures can easily be forged. More specifically, it is shown that 1) in Karati et al.\u27s scheme, a type 1 adversary, considered in certificateless cryptography, can generate a valid partial private key corresponding to any user of its choice and as a consequence, it can forge any users\u27 signature on any message of its choice, and 2) in Kumar et al.\u27s scheme, both types of adversaries which are considered in certificateless cryptography are able to forge any signer\u27s signature on an arbitrary message
Cryptanalysis of a certificateless aggregate signature scheme
Recently, Nie et al. proposed a certificateless aggregate signature scheme. In the standard security model considered in certificateless
cryptography, we are dealing with two types of adversaries. In this paper, we show that Nie et al.\u27s scheme is insecure against the
adversary of the first type. In other words, although they claimed that their proposed scheme is existentially unforgeable against
adaptive chosen message attack considering the adversaries in certificateless settings, we prove that such a forgery can be done
Cryptanalysis and improvement of certificateless aggregate signature with conditional privacy-preserving for vehicular sensor networks
Secure aggregate signature schemes have attracted more concern due to their wide application in resource constrained environment. Recently, Horng et al. [S. J. Horng et al., An efficient certificateless aggregate signature with conditional privacy-preserving for vehicular sensor networks, Information Sciences 317 (2015) 48-66] proposed an efficient certificateless aggregate signature with conditional
privacy-preserving for vehicular sensor networks. They claimed that their scheme was provably secure against existential forgery on adaptively chosen message attack in the random oracle model. In this paper, we show that their scheme is insecure against a malicious-but-passive KGC under existing security model. Further, we propose an improved certificateless aggregate signature
Deep Attacks of a Certificateless Signature Scheme
Certificateless public key cryptography is an attractive paradigm since it eliminates the use of certificates in traditional public key cryptography and alleviates the inherent key escrow problem in identity-based cryptography. Recently, Xiong et al. proposed a certificateless signature scheme and proved that their scheme is existentially unforgeable against adaptive chosen message attack under the random oracle model. He et al. pointed out that Xiong et al.’s scheme is insecure against the Type II adversary. But, their forged signatures are not random, and their improved scheme has the same security defects as Xiong et al.’s scheme. In this paper, we present two malicious-but-passive KGC attack methods on Xiong et al.’s scheme and our results show that their scheme is insecure against malicious-but-passive KGC attack
Still Wrong Use of Pairings in Cryptography
Several pairing-based cryptographic protocols are recently proposed with a
wide variety of new novel applications including the ones in emerging
technologies like cloud computing, internet of things (IoT), e-health systems
and wearable technologies. There have been however a wide range of incorrect
use of these primitives. The paper of Galbraith, Paterson, and Smart (2006)
pointed out most of the issues related to the incorrect use of pairing-based
cryptography. However, we noticed that some recently proposed applications
still do not use these primitives correctly. This leads to unrealizable,
insecure or too inefficient designs of pairing-based protocols. We observed
that one reason is not being aware of the recent advancements on solving the
discrete logarithm problems in some groups. The main purpose of this article is
to give an understandable, informative, and the most up-to-date criteria for
the correct use of pairing-based cryptography. We thereby deliberately avoid
most of the technical details and rather give special emphasis on the
importance of the correct use of bilinear maps by realizing secure
cryptographic protocols. We list a collection of some recent papers having
wrong security assumptions or realizability/efficiency issues. Finally, we give
a compact and an up-to-date recipe of the correct use of pairings.Comment: 25 page
Insecurity of a Certificate-free Ad Hoc Anonymous Authentication
Abstract The ring signature scheme is a simplified group signature scheme for no manager while preserving unconditionally anonymous of the signer. Certificateless cryptography is introduced for eliminating the use of certificates in Public Key Infrastructure and solving the key-escrow problem in ID-based cryptogratography. Recently, Qin et al. proposed the first RSA-based certificateless ring signature scheme which was proved unforgeable in random oracle model. In this paper, we demonstrated that this scheme was not secure against the Type I adversary
새로운 무인증서 공개키 배포 방법과 경량 보안 연결 방법
학위논문 (박사)-- 서울대학교 대학원 : 전기·컴퓨터공학부, 2017. 2. 권태경.Authenticating the other endpoint and protecting the data communication are the basic and important ways of secure communication. As the penetration of the Internet to the everyday life is getting accelerated, e.g. Internet of Things (IoT), the demand of secure communications increases. However, the aforementioned two ways have been threatened due to the problems of the Public Key Infrastructure (PKI) and the constrained resources of IoT devices. Therefore, this dissertation focuses on enhancing authentication regarding public key distribution and data protection considering resource-limited IoT devices.
First, the current PKI has problems like certificate revocations and fraudulent certificates. To address such issues, we propose TwinPeaks, which is a new infrastructure to distribute public keys of named entities online. TwinPeaks leverages certificateless public key cryptography (CL-PKC), which we extend to make the public key of an entity depend on any combination of its networking parametersthus TwinPeaks can mitigate spoofing attacks systematically. TwinPeaks needs public key servers, which constitute a hierarchical tree like Domain Name System (DNS). For each parent-child link in the tree, the parent and the child interact in such a way that every named entity has its own public/secret key pair. TwinPeaks removes certificates and hence has no revocation overhead. Instead, each named entity should keep/update its IP address and public key up-to-date in its DNS server and key server, respectively. TwinPeaks also achieves scalable distribution of public keys since public keys can be cached long term without elevating security risks.
Next, the IoT will be the norm in the foreseeable future. However, the security problem in the Internet will be worsened in IoT services considering the constrained resources of IoT devices. We propose a delegation-based DTLS/TLS framework (D2TLS) for cloud-based IoT services. D2TLS aims to achieve mutual authentication and to lower the burden of setting up secure connections significantly while keeping the private keys of IoT devices secret. Leveraging the session resumption in the DTLS/TLS standard and introducing a security agent, D2TLS achieves these goals with the modifications only within the IoT domain. That is, cloud and PKI systems need no change to deploy D2TLS. Numerical results show that D2TLS can achieve better performance in terms of delay and energy consumption than making a DTLS/TLS connection in standalone mode.1. Introduction 1
1.1 Motivation 1
1.2 Research Contributions 2
1.3 Organization of Dissertation 3
2 TwinPeaks: A New Approach for Certificateless Public Key Distribution 4
2.1 Introduction 4
2.2 Design Rationale 6
2.3 Certificateless Public Key Cryptography (CL-PKC) 8
2.4 How TwinPeaks Works 10
2.4.1 TwinPeaks Overview 11
2.4.2 CL-PKC extension 14
2.4.3 Public Key Update 16
2.4.4 Public Key Caching 17
2.4.5 Deployment: Islands & TLS Variant 18
2.5 Security Analysis 19
2.5.1 Threat Analysis 19
2.5.2 Certificateless Validation of a Public Key 21
2.6 Evaluation 22
2.6.1 Qualitative Comparison 22
2.6.2 Quantitative Comparison 23
2.6.3 Numerical Results 27
2.7 Discussions 33
2.8 Related Work 36
3 D2TLS: Delegation-based DTLS for Cloud-based IoT Services 38
3.1 Introduction 38
3.2 Related Work 41
3.3 Measurement of IoT Products 43
3.3.1 Smart Home Monitoring System 43
3.3.2 Smart Watch 48
3.4 Delegation-based DTLS (D2TLS) 51
3.4.1 D2TLS Framework 53
3.4.2 End-to-End Secure Connection 55
3.5 Security Considerations 56
3.6 Evaluation 59
3.6.1 Evaluation Environments 59
3.6.2 Delay 61
3.6.3 Energy Consumption 63
3.6.4 Code Size and Memory Requirements 65
3.6.5 Expected Session Overhead varying Frequency and Lifetime of a Session 66
3.7 Discussion 68
3.7.1 IoT device as a Server 68
3.7.2 Hardware-assisted IoT Security 69
4 Conclusion 71
Bibliography 73
초록 79Docto