Multi-message multi-receiver signcryption scheme based on blockchain

In conventional message communication systems, the practice of multi-message multi-receiver signcryption communication encounters several challenges, including the vulnerability to Key Generation Center (KGC) attacks, privacy breaches and excessive communication data volume. The KGC necessitates a secure channel to transmit partial private keys, thereby rendering the security of these partial private keys reliant on the integrity of the interaction channel. This dependence introduces concerns regarding the confidentiality of the private keys. Our proposal advocates for the substitution of the KGC in traditional certificateless schemes with blockchain and smart contract technology. Parameters are publicly disclosed on the blockchain, leveraging its tamper-proof property to ensure security. Furthermore, this scheme introduces conventional encryption techniques to achieve user identity privacy in the absence of a secure channel, effectively resolving the issue of user identity disclosure inherent in blockchain-based schemes and enhancing communication privacy. Moreover, users utilize smart contract algorithms to generate a portion of the encrypted private key, thereby minimizing the possibility of third-party attacks. In this paper, the scheme exhibits resilience against various attacks, including KGC leakage attacks, internal privilege attacks, replay attacks, distributed denial of service attacks and Man-in-the-Middle (MITM) attacks. Additionally, it possesses desirable security attributes such as key escrow security and non-repudiation. The proposed scheme has been theoretically and experimentally analyzed under the random oracle model, based on the computational Diffie-Hellman problem and the discrete logarithm problem. It has been proven to possess confidentiality and unforgeability. Compared with similar schemes, our scheme has lower computational cost and shorter ciphertext length. It has obvious advantages in communication and time overhead

Lightweight identity based online/offline signature scheme for wireless sensor networks

Data security is one of the issues during data exchange between two sensor nodes in wireless sensor networks (WSN). While information flows across naturally exposed communication channels, cybercriminals may access sensitive information. Multiple traditional reliable encryption methods like RSA encryption-decryption and Diffie–Hellman key exchange face a crisis of computational resources due to limited storage, low computational ability, and insufficient power in lightweight WSNs. The complexity of these security mechanisms reduces the network lifespan, and an online/offline strategy is one way to overcome this problem. This study proposed an improved identity-based online/offline signature scheme using Elliptic Curve Cryptography (ECC) encryption. The lightweight calculations were conducted during the online phase, and in the offline phase, the encryption, point multiplication, and other heavy measures were pre-processed using powerful devices. The proposed scheme uniquely combined the Inverse Collusion Attack Algorithm (CAA) with lightweight ECC to generate secure identitybased signatures. The suggested scheme was analyzed for security and success probability under Random Oracle Model (ROM). The analysis concluded that the generated signatures were immune to even the worst Chosen Message Attack. The most important, resource-effective, and extensively used on-demand function was the verification of the signatures. The low-cost verification algorithm of the scheme saved a significant number of valued resources and increased the overall network’s lifespan. The results for encryption/decryption time, computation difficulty, and key generation time for various data sizes showed the proposed solution was ideal for lightweight devices as it accelerated data transmission speed and consumed the least resources. The hybrid method obtained an average of 66.77% less time consumption and up to 12% lower computational cost than previous schemes like the dynamic IDB-ECC two-factor authentication key exchange protocol, lightweight IBE scheme (IDB-Lite), and Korean certification-based signature standard using the ECC. The proposed scheme had a smaller key size and signature size of 160 bits. Overall, the energy consumption was also reduced to 0.53 mJ for 1312 bits of offline storage. The hybrid framework of identity-based signatures, online/offline phases, ECC, CAA, and low-cost algorithms enhances overall performance by having less complexity, time, and memory consumption. Thus, the proposed hybrid scheme is ideally suited for a lightweight WSN

Identity-Based Higncryption

Identity-based cryptography (IBC) is fundamental to security and privacy protection. Identity-based authenticated encryption (i.e., signcryption) is an important IBC primitive, which has numerous and promising applications. After two decades of research on signcryption,recently a new cryptographic primitive, named higncryption, was proposed. Higncryption can be viewed as privacy-enhanced signcryption, which integrates public key encryption, entity authentication, and identity concealment (which is not achieved in signcryption) into a monolithic primitive. Here, briefly speaking, identity concealment means that the transcript of protocol runs should not leak participants\u27 identity information. In this work, we propose the first identity-based higncryption (IBHigncryption). The most impressive feature of IBHigncryption, among others, is its simplicity and efficiency. The proposed IBHigncryption scheme is essentially as efficient as the fundamental CCA-secure Boneh-Franklin IBE scheme [18], while offering entity authentication and identity concealment simultaneously. Compared to the identity-based signcryption scheme [11], which is adopted in the IEEE P1363.3 standard, our IBHigncryption scheme is much simpler, and has significant efficiency advantage in total. Besides, our IBHigncryption enjoys forward ID-privacy, receiver deniability and x-security simultaneously. In addition, the proposed IBHigncryption has a much simpler setup stage with smaller public parameters, which in particular does not have the traditional master public key. Higncryption is itself one-pass identity-concealed authenticated key exchange without forward security for the receiver. Finally, by applying the transformation from higncryption to identity-concealed authenticated key exchange (CAKE), we get three-pass identity-based CAKE (IB-CAKE) with explicit mutual authentication and strong security (in particular, perfect forward security for both players). Specifically, the IB-CAKE protocol involves the composition of two runs of IBHigncryption, and has the following advantageous features inherited from IBHigncryption: (1) single pairing operation: each player performs only a single pairingoperation; (2) forward ID-privacy; (3) simple setup without master public key; (4) strong resilience to ephemeral state exposure, i.e., x-security; (5) reasonable deniability

Data Auditing and Security in Cloud Computing: Issues, Challenges and Future Directions

Cloud computing is one of the significant development that utilizes progressive computational power and upgrades data distribution and data storing facilities. With cloud information services, it is essential for information to be saved in the cloud and also distributed across numerous customers. Cloud information repository is involved with issues of information integrity, data security and information access by unapproved users. Hence, an autonomous reviewing and auditing facility is necessary to guarantee that the information is effectively accommodated and used in the cloud. In this paper, a comprehensive survey on the state-of-art techniques in data auditing and security are discussed. Challenging problems in information repository auditing and security are presented. Finally, directions for future research in data auditing and security have been discussed

Data auditing and security in cloud computing: issues, challenges and future directions

Cloud computing is one of the significant development that utilizes progressive computational power and upgrades data distribution and data storing facilities. With cloud information services, it is essential for information to be saved in the cloud and also distributed across numerous customers. Cloud information repository is involved with issues of information integrity, data security and information access by unapproved users. Hence, an autonomous reviewing and auditing facility is necessary to guarantee that the information is effectively accommodated and used in the cloud. In this paper, a comprehensive survey on the state-of-art techniques in data auditing and security are discussed. Challenging problems in information repository auditing and security are presented. Finally, directions for future research in data auditing and security have been discusse

Research Philosophy of Modern Cryptography

Proposing novel cryptography schemes (e.g., encryption, signatures, and protocols) is one of the main research goals in modern cryptography. In this paper, based on more than 800 research papers since 1976 that we have surveyed, we introduce the research philosophy of cryptography behind these papers. We use ``benefits and ``novelty as the keywords to introduce the research philosophy of proposing new schemes, assuming that there is already one scheme proposed for a cryptography notion. Next, we introduce how benefits were explored in the literature and we have categorized the methodology into 3 ways for benefits, 6 types of benefits, and 17 benefit areas. As examples, we introduce 40 research strategies within these benefit areas that were invented in the literature. The introduced research strategies have covered most cryptography schemes published in top-tier cryptography conferences

Pairing-based cryptosystems and key agreement protocols.

For a long time, pairings on elliptic curves have been considered to be destructive in elliptic curve cryptography. Only recently after some pioneering works, particularly the well-known Boneh-Franklin identity-based encryption (IBE), pairings have quickly become an important tool to construct novel cryptographic schemes. In this thesis, several new cryptographic schemes with pairings are proposed, which are both efficient and secure with respect to a properly defined security model, and some relevant previous schemes are revisited. IBE provides a public key encryption mechanism where a public key can be an arbitrary string such as an entity identifier and unwieldy certificates are unnecessary. Based on the Sakai-Kasahara key construction, an IBE scheme which is secure in the Boneh-Franklin IBE model is constructed, and two identity-based key encapsulation mechanisms are proposed. These schemes achieve the best efficiency among the existing schemes to date. Recently Al-Riyami and Paterson introduced the certificateless public key encryption (CL-PKE) paradigm, which eliminates the need of certificates and at the same time retains the desirable properties of IBE without the key escrow problem. The security formulation of CL-PKE is revisited and a strong security model for this type of mechanism is defined. Following a heuristic approach, three efficient CL-PKE schemes which are secure in the defined strong security model are proposed. Identity-based two-party key agreement protocols from pairings are also investigated. The Bellare-Rogaway key agreement model is enhanced and within the model several previously unproven protocols in the literature are formally analysed. In considering that the user identity may be sensitive information in many environments, an identity-based key agreement protocol with unilateral identity privacy is proposed

Pairing-based cryptosystems and key agreement protocols

For a long time, pairings on elliptic curves have been considered to be destructive in elliptic curve cryptography. Only recently after some pioneering works, particularly the well-known Boneh-Franklin identity-based encryption (IBE), pairings have quickly become an important tool to construct novel cryptographic schemes. In this thesis, several new cryptographic schemes with pairings are proposed, which are both efficient and secure with respect to a properly defined security model, and some relevant previous schemes are revisited. IBE provides a public key encryption mechanism where a public key can be an arbitrary string such as an entity identifier and unwieldy certificates are unnecessary. Based on the Sakai-Kasahara key construction, an IBE scheme which is secure in the Boneh-Franklin IBE model is constructed, and two identity-based key encapsulation mechanisms are proposed. These schemes achieve the best efficiency among the existing schemes to date. Recently Al-Riyami and Paterson introduced the certificateless public key encryption (CL-PKE) paradigm, which eliminates the need of certificates and at the same time retains the desirable properties of IBE without the key escrow problem. The security formulation of CL-PKE is revisited and a strong security model for this type of mechanism is defined. Following a heuristic approach, three efficient CL-PKE schemes which are secure in the defined strong security model are proposed. Identity-based two-party key agreement protocols from pairings are also investigated. The Bellare-Rogaway key agreement model is enhanced and within the model several previously unproven protocols in the literature are formally analysed. In considering that the user identity may be sensitive information in many environments, an identity-based key agreement protocol with unilateral identity privacy is proposed.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

On the Application of Identity-Based Cryptography in Grid Security

This thesis examines the application of identity-based cryptography (IBC) in designing security infrastructures for grid applications. In this thesis, we propose a fully identity-based key infrastructure for grid (IKIG). Our proposal exploits some interesting properties of hierarchical identity-based cryptography (HIBC) to replicate security services provided by the grid security infrastructure (GSI) in the Globus Toolkit. The GSI is based on public key infrastructure (PKI) that supports standard X.509 certificates and proxy certificates. Since our proposal is certificate-free and has small key sizes, it offers a more lightweight approach to key management than the GSI. We also develop a one-pass delegation protocol that makes use of HIBC properties. This combination of lightweight key management and efficient delegation protocol has better scalability than the existing PKI-based approach to grid security. Despite the advantages that IKIG offers, key escrow remains an issue which may not be desirable for certain grid applications. Therefore, we present an alternative identity-based approach called dynamic key infrastructure for grid (DKIG). Our DKIG proposal combines both identity-based techniques and the conventional PKI approach. In this hybrid setting, each user publishes a fixed parameter set through a standard X.509 certificate. Although X.509 certificates are involved in DKIG, it is still more lightweight than the GSI as it enables the derivation of both long-term and proxy credentials on-the-fly based only on a fixed certificate. We also revisit the notion of secret public keys which was originally used as a cryptographic technique for designing secure password-based authenticated key establishment protocols. We introduce new password-based protocols using identity-based secret public keys. Our identity-based techniques can be integrated naturally with the standard TLS handshake protocol. We then discuss how this TLS-like identity-based secret public key protocol can be applied to securing interactions between users and credential storage systems, such as MyProxy, within grid environments