Certificate-Based Parallel Key-Insulated Aggregate Signature Against Fully Chosen-Key Attacks for Industrial Internet of Things

With the emergence of the Industrial Internet of Things (IIoT), numerous operations based on smart devices contribute to producing convenience and comfortable applications for individuals and organizations. Considering the untrusted feature of the communication channels in IIoT, it is essential to ensure the authentication and incontestableness of the messages transmitted in the IIoT. In this paper, we firstly proposed a certificate-based parallel key-insulated aggregate signature (CB-PKIAS), which can resist the fully chosen-key attacks. Concretely, the adversary who can obtain the private keys of all signers in the system is able to forge a valid aggregate signature by using the invalid single signature. Furthermore, our scheme inherits the merits of certificate-based and key-insulated to avoid the certificate management problem, key escrow problems as well as the key exposures simultaneously. In addition, the rigorous analysis and the concrete simulation experiment demonstrated that our proposed scheme is secure under the random oracle and more suitable for the IIoT environment

Certificate Based Encryption for Securing Broker-Less Publish/Subscribe System in Wireless Network

ABSTRACT: The security mechanisms such as authentication and confidentiality is highly challenging in a contentbased publish/subscribe system and due to the loose coupling of publishers and subscribers, authentication and confidentiality of publishers and subscribers is difficult to achieve. In particular content-based approaches in brokerless environments do not address confidentiality at all. This paper presents to provide confidentiality and authentication in a broker-less content-based publish-subscribe system. The authentication and confidentiality and other security approach of publishers and subscribers ensured, by adapting the certificate based encryption mechanism. In certificate based encryption signature not only acts as certificate but also as encrypt and decrypt key. To encrypt or to decrypt a message, a key holder needs both its public key and private key and an up-to-date certificate from an authorizer. Certificate-based encryption combines the best aspects of identity-based encryption and public key encryption. This mechanism describes how certificate-based encryption can be used to construct an efficient PKI requiring fewer infrastructures than any previous method

A LITERATURE STUDY ON PARALLEL KEY CRYPTOGRAPHIC ALGORITHM

In the field of computer security there are a large number of papers discussing on the topic of cryptography. Cryptography is an art of sending data to the intended recipient by preserving the integrity, confidentiality and authenticity of the data. Cryptography includes techniques such as microdots, merging words with images, and other ways to hide information in storage or transit. However, in today's computer-centric world, cryptography is most often associated with converting plain-text (ordinary text, also referred as clear-text) into cipher-text (by a process called encryption), then back again (by a process known as decryption) to plain-text that is the original message. The main objectives of cryptography are Confidentiality (the message cannot by understood by anyone other than the intended recipient), Integrity (the message cannot be altered during its storage or transmission.), Non- repudiation (the creator/sender of the information cannot deny at a later stage his or her intentions in the creation or transmission of the information), Authentication (the sender and receiver can confirm each other’s identity and the origin/destination of the information)

An Efficient Certificate-Based Designated Verifier Signature Scheme

Certificate-based public key cryptography not only solves certificate revocation problem in traditional PKI but also overcomes key escrow problem inherent in identity-based cryptosystems. This new primitive has become an attractive cryptographic paradigm. In this paper, we propose the notion and the security model of certificate-based designated verifier signatures (CBDVS). We provide the first construction of CBDVS and prove that our scheme is existentially unforgeable against adaptive chosen message attacks in the random oracle model. Our scheme only needs two pairing operations, and the signature is only one element in the bilinear group G1. To the best of our knowledge, our scheme enjoys shortest signature length with less operation cost

A Constant Time, Single Round Attribute-Based Authenticated Key Exchange in Random Oracle Model

In this paper, we present a single round two-party {\em attribute-based authenticated key exchange} (ABAKE) protocol in the framework of ciphertext-policy attribute-based systems. Since pairing is a costly operation and the composite order groups must be very large to ensure security, we focus on pairing free protocols in prime order groups. The proposed protocol is pairing free, working in prime order group and having tight reduction to Strong Diffie Hellman (SDH) problem under the attribute-based Canetti Krawzyck (CK) model which is a natural extension of the CK model (which is for the PKI-based authenticated key exchange) for the attribute-based setting. The security proof is given in the random oracle model. Our ABAKE protocol does not depend on any underlying attribute-based encryption or signature schemes unlike the previous solutions for ABAKE. Ours is the \textit{first} scheme that removes this restriction. Thus, the first major advantage is that smaller key sizes are sufficient to achieve comparable security. Another notable feature of our construction is that it involves only constant number of exponentiations per party unlike the state-of-the-art ABAKE protocols where the number of exponentiations performed by each party depends on the size of the linear secret sharing matrix. We achieve this by doing appropriate precomputation of the secret share generation. Ours is the \textit{first} construction that achieves this property. Our scheme has several other advantages. The major one being the capability to handle active adversaries. Most of the previous ABAKE protocols can offer security only under passive adversaries. Our protocol recognizes the corruption by an active adversary and aborts the process. In addition to this property, our scheme satisfies other security properties that are not covered by CK model such as forward secrecy, key compromise impersonation attacks and ephemeral key compromise impersonation attacks