A Certificateless One-Way Group Key Agreement Protocol for Point-to-Point Email Encryption

Over the years, email has evolved and grown to one of the most widely used form of communication between individuals and organizations. Nonetheless, the current information technology standards do not value the significance of email security in today\u27s technologically advanced world. Not until recently, email services such as Yahoo and Google started to encrypt emails for privacy protection. Despite that, the encrypted emails will be decrypted and stored in the email service provider\u27s servers as backup. If the server is hacked or compromised, it can lead to leakage and modification of one\u27s email. Therefore, there is a strong need for point-to-point (P2P) email encryption to protect email user\u27s privacy. P2P email encryption schemes strongly rely on the underlying Public Key Cryptosystems (PKC). The evolution of the public key cryptography from the traditional PKC to the Identity-based PKC (ID-PKC) and then to the Certificateless PKC (CL-PKC) provides a better and more suitable cryptosystem to implement P2P email encryption. Many current public-key based cryptographic protocols either suffer from the expensive public-key certificate infrastructure (in traditional PKC) or the key escrow problem (in ID-PKC). CL-PKC is a relatively new cryptosystem that was designed to overcome both problems. In this thesis, we present a CL-PKC group key agreement protocol, which is, as the author\u27s knowledge, the first one with all the following features in one protocol: (1) certificateless and thus there is no key escrow problem and no public key certificate infrastructure is required. (2) one-way group key agreement and thus no back-and-forth message exchange is required; (3) n-party group key agreement (not just 2- or 3-party); and (4) no secret channel is required for key distribution. With the above features, P2P email encryption can be implemented securely and efficiently. This thesis provides a security proof for the proposed protocol using ``proof by simulation\u27\u27. Efficiency analysis of the protocol is also presented in this thesis. In addition, we have implemented the prototypes (email encryption systems) in two different scenarios in this thesis

Certificateless Signature Scheme Based on Rabin Algorithm and Discrete Logarithm

Certificateless signature can effectively immue the key escrow problem in the identity-based signature scheme. But the security of the most certificateless signatures usually depends on only one mathematical hard problem, which makes the signature vulnerable when the underlying hard problem has been broken. In order to strengthen the security, in this paper, a certificateless signature whose security depends on two mathematical hard problems, discrete logarithm and factoring problems, is proposed. Then, the proposed certificateless signature can be proved secure in the random oracle, and only both of the two mathematical hard problems are solved, can the proposed signature be broken. As a consequence, the proposed certificateless signature is more secure than the previous signatures. On the other hand, with the pre-computation of the exponential modular computation, it will save more time in the signature signing phase. And compared with the other schemes of this kind, the proposed scheme is more efficient

Finding Safety in Numbers with Secure Allegation Escrows

For fear of retribution, the victim of a crime may be willing to report it only if other victims of the same perpetrator also step forward. Common examples include 1) identifying oneself as the victim of sexual harassment, especially by a person in a position of authority or 2) accusing an influential politician, an authoritarian government, or ones own employer of corruption. To handle such situations, legal literature has proposed the concept of an allegation escrow: a neutral third-party that collects allegations anonymously, matches them against each other, and de-anonymizes allegers only after de-anonymity thresholds (in terms of number of co-allegers), pre-specified by the allegers, are reached. An allegation escrow can be realized as a single trusted third party; however, this party must be trusted to keep the identity of the alleger and content of the allegation private. To address this problem, this paper introduces Secure Allegation Escrows (SAE, pronounced "say"). A SAE is a group of parties with independent interests and motives, acting jointly as an escrow for collecting allegations from individuals, matching the allegations, and de-anonymizing the allegations when designated thresholds are reached. By design, SAEs provide a very strong property: No less than a majority of parties constituting a SAE can de-anonymize or disclose the content of an allegation without a sufficient number of matching allegations (even in collusion with any number of other allegers). Once a sufficient number of matching allegations exist, the join escrow discloses the allegation with the allegers' identities. We describe how SAEs can be constructed using a novel authentication protocol and a novel allegation matching and bucketing algorithm, provide formal proofs of the security of our constructions, and evaluate a prototype implementation, demonstrating feasibility in practice.Comment: To appear in NDSS 2020. New version includes improvements to writing and proof. The protocol is unchange

A Certificateless One-Way Group Key Agreement Protocol for End-to-End Email Encryption

Over the years, email has evolved into one of the most widely used communication channels for both individuals and organizations. However, despite near ubiquitous use in much of the world, current information technology standards do not place emphasis on email security. Not until recently, webmail services such as Yahoo\u27s mail and Google\u27s gmail started to encrypt emails for privacy protection. However, the encrypted emails will be decrypted and stored in the service provider\u27s servers. If the servers are malicious or compromised, all the stored emails can be read, copied and altered. Thus, there is a strong need for end-to-end (E2E) email encryption to protect email user\u27s privacy. In this paper, we present a certificateless one-way group key agreement protocol with the following features, which are suitable to implement E2E email encryption: (1) certificateless and thus there is no key escrow problem and no public key certificate infrastructure is required; (2) one-way group key agreement and thus no back-and-forth message exchange is required; and (3) n-party group key agreement (not just 2- or 3-party). This paper also provides a security proof for the proposed protocol using proof by simulation . Finally, efficiency analysis of the protocol is presented at the end of the paper

Secure pairing-free two-party certificateless authenticated key agreement protocol with minimal computational complexity

Key agreement protocols play a vital role in maintaining security in many critical applications due to the importance of the secret key. Bilinear pairing was commonly used in designing secure protocols for the last several years; however, high computational complexity of this operation has been the main obstacle towards its practicality. Therefore, implementation of Elliptic-curve based operations, instead of bilinear pairings, has become popular recently, and pairing-free key agreement protocols have been explored in many studies. A considerable amount of literatures has been published on pairing-free key agreement protocols in the context of Public Key Cryptography (PKC). Simpler key management and non-existence of key escrow problem make certificateless PKC more appealing in practice. However, achieving certificateless pairing-free two-party authenticated key agreement protocols (CL-AKA) that provide high level of security with low computational complexity, remains a challenge in the research area. This research presents a secure and lightweight pairingfree CL-AKA protocol named CL2AKA (CertificateLess 2-party Authenticated Key Agreement). The properties of CL2AKA protocol is that, it is computationally lightweight while communication overhead remains the same as existing protocols of related works. The results indicate that CL2AKA protocol is 21% computationally less complex than the most efficient pairing-free CL-AKA protocol (KKC-13) and 53% less in comparison with the pairing-free CL-AKA protocol with highest level of security guarantee (SWZ-13). Security of CL2AKA protocol is evaluated based on provable security evaluation method under the strong eCK model. It is also proven that the CL2AKA supports all of the security requirements which are necessary for authenticated key agreement protocols. Besides the CL2AKA as the main finding of this research work, there are six pairing-free CL-AKA protocols presented as CL2AKA basic version protocols, which were the outcomes of several attempts in designing the CL2AKA

An enhanced certificateless cryptosystem for mobile ad hoc networks

Due to the importance of security in many critical applications in MANETs and the limitation of the resources in mobile devices, it is important to have lightweight cryptosystems. Although some lightweight certificateless cryptosystems for MANETs have been proposed, it is possible to improve them in the term of reducing the complexity of the computations. In this paper, we have tried to propose a lightweight certificateless public key cryptographic scheme based on bilinear pairings. In addition, we compared our proposed scheme with other existing certificateless pairing based and result shows that the proposed scheme is more efficient based on computational cost and the rate of growth of computational expense viewpoints

Constructing a pairing-free certificateless proxy signature scheme from ECDSA

Proxy signature is a kind of digital signature, in which a user called original signer can delegate his signing rights to another user called proxy signer and the proxy signer can sign messages on behalf of the original signer. Certificateless proxy signature (CLPS) means proxy signature in the certificateless setting in which there exists neither the certificate management issue as in traditional PKI nor private key escrow problem as in Identity-based setting. Up to now, a number of CLPS schemes have been proposed, but some of those schemes either lack formal security analysis or turn out to be insecure and others are less efficient because of using costly operations including bilinear pairings and map-to-point hashing on elliptic curve groups. In this paper, we formalize the definition and security model of CLPS schemes. We then construct a pairing-free CLPS scheme from the standard ECDSA and prove its security in the random oracle model under the discrete semi-logarithm problem’s hardness assumption as in the provable security result of ECDSA

Performance and Security Evaluations of Identity-and Pairing-based Digital Signature Algorithms on Windows, Android, and Linux Platforms: Revisiting the Algorithms of Cha and Cheon, Hess, Barreto, Libert, McCullagh and Quisquater, and Paterson and Schuldt

Bilinear pairing, an essential tool to construct-efficient digital signatures, has applications in mobile devices and other applications. One particular research challenge is to design cross-platform security protocols (e.g. Windows, Linux, and other popular mobile operating systems) while achieving an optimal security-performance tradeoff. That is, how to choose the right digital signature algorithm, for example, on mobile devices while considering the limitations on both computation capacity and battery life. In this paper, we examine the security-performance tradeoff of four popular digital signature algorithms, namely: CC (proposed by Cha and Cheon in 2003), Hess (proposed by Hess in 2002), BLMQ (proposed by Barreto et al. in 2005), and PS (proposed by Paterson and Schuldt in 2006), on various platforms. We empirically evaluate their performance using experiments on Windows, Android, and Linux platforms, and find that BLMQ algorithm has the highest computational efficiency and communication efficiency. We also study their security properties under the random oracle model and assuming the intractability of the CDH problem, we reveal that the BLMQ digital signature scheme satisfies the property of existential unforgeable on adaptively chosen message and ID attack. The efficiency of PS algorithm is lower, but it is secure under the standard model

Cryptanalysis and improvement of an ID-based ad-hoc anonymous identification scheme at CT-RSA 05

An ad-hoc anonymous identification scheme is a new multi-user cryptographic primitive that allows participants from a user population to form ad hoc groups, and then prove membership anonymously in such groups. Recently, Nguyen \cite{Lan05} proposed an ID-based ad-hoc anonymous identification scheme from bilinear pairings. However, in this paper, we propose an attack on Nguyen\u27s ID-based ad-hoc anonymous identification scheme. We show that any one can impersonate a valid group member to perform the anonymous identification protocol successfully. Furthermore, we propose a solution to improve this scheme against our attack