5 research outputs found
On the Use of Key Assignment Schemes in Authentication Protocols
Key Assignment Schemes (KASs) have been extensively studied in the context of
cryptographically-enforced access control, where derived keys are used to
decrypt protected resources. In this paper, we explore the use of KASs in
entity authentication protocols, where we use derived keys to encrypt
challenges. This novel use of KASs permits the efficient authentication of an
entity in accordance with an authentication policy by associating entities with
security labels representing specific services. Cryptographic keys are
associated with each security label and demonstrating knowledge of an
appropriate key is used as the basis for authentication. Thus, by controlling
the distribution of such keys, restrictions may be efficiently placed upon the
circumstances under which an entity may be authenticated and the services to
which they may gain access.
In this work, we explore how both standardized protocols and novel
constructions may be developed to authenticate entities as members of a group
associated to a particular security label, whilst protecting the long-term
secrets in the system. We also see that such constructions may allow for
authentication whilst preserving anonymity, and that by including a trusted
third party we can achieve the authentication of individual identities and
authentication based on timestamps without the need for synchronized clocks
Verifiable Random Oracles
Ziel dieser Arbeit ist es, Random Oracle zu instanziieren, ohne dabei Sicherheit zu verlieren,
die im Random Oracle Modell bewiesen wurde. Das dies mit Funktionsfamilien nicht geht
ist eine wohl bekannte Aussage, die zuerst von Halevi et al. (IACR’1998) gezeigt wurde. Wir
werden aus diesem Grund auf Interaktion zurĂĽckgreifen, aber versuchen, den erzeugten
Overhead möglichst zu reduzieren.
Um möglichst wenig zu Interagieren führen wir ein neues ideales Modell mit Namen
Verifiable Random Oracle ein. Dieses Modell bietet zusätzlich zum Random Oracle ein
Verifikations-Orakel, welches bei Eingabe (x, h) 1 ausgibt, falls RO(x) = h und anderenfalls
0. Wir stellen danach zwei konkrete Instanziierungen fĂĽr Verifiable Random Oracle vor,
von denen eine keine vertrauenswürdige Party benötigt. Zusätzlich reduzieren wir den
Netzwerk-Overhead (also die Gesamtgröße der verwendeten Nachrichten).
Wenn wir unsere Instanziierungen zusammen mit der Fiat-Shamir Transformation verwen-
den, bleibt die Simulation-Soundness Extractability Eigenschaft erhalten. Der Beweiser der
Fiat-Shamir Transformation verliert leider seine nicht-Interaktivität. Der Verifizierer bleibt
jedoch Nicht-interaktiv, da die Instanziierungen des Verifikations-Orakels nicht-interaktiv
sind. Die Beweise fĂĽr diese Behauptungen bilden einen signifikanten Teil dieser Arbeit
New Conditional Privacy-preserving Encryption Schemes in Communication Network
Nowadays the communication networks have acted as nearly the most important fundamental infrastructure in our human society. The basic service provided by the communication networks are like that provided by the ubiquitous public utilities. For example, the cable television network provides the distribution of information to its subscribers, which is much like the water or gas supply systems which distribute the commodities to citizens. The communication network also facilitates the development of many network-based applications such as industrial pipeline controlling in the industrial network, voice over long-term evolution (VoLTE) in the mobile network and mixture reality (MR) in the computer network, etc. Since the communication network plays such a vital role in almost every aspect of our life, undoubtedly, the information transmitted over it should be guarded properly. Roughly, such information can be categorized into either the communicated message or the sensitive information related to the users. Since we already got cryptographical tools, such as encryption schemes, to ensure the confidentiality of communicated messages, it is the sensitive personal information which should be paid special attentions to. Moreover, for the benefit of reducing the network burden in some instances, it may require that only communication information among legitimated users, such as streaming media service subscribers, can be stored and then relayed in the network. In this case, the network should be empowered with the capability to verify whether the transmitted message is exchanged between legitimated users without leaking the privacy of those users. Meanwhile, the intended receiver of a transmitted message should be able to identify the exact message sender for future communication. In order to cater to those requirements, we re-define a notion named conditional user privacy preservation.
In this thesis, we investigate the problem how to preserve user conditional privacy in pubic key encryption schemes, which are used to secure the transmitted information in the communication networks. In fact, even the term conditional privacy preservation has appeared in existing works before, there still have great differences between our conditional privacy preservation definition and the one proposed before. For example, in our definition, we do not need a trusted third party (TTP) to help tracing the sender of a message. Besides, the verification of a given encrypted message can be done without any secret.
In this thesis, we also introduce more desirable features to our redefined notion user conditional privacy preservation. In our second work, we consider not only the conditional privacy of the message sender but also that of the intended message receiver. This work presents a new encryption scheme which can be implemented in communication networks where there exists a blacklist containing a list of blocked communication channels, and each of them is established by a pair of sender and receiver. With this encryption scheme, a verifier can confirm whether one ciphertext is belonging to a legitimated communication channel without knowing the exact sender and receiver of that ciphertext. With our two previous works, for a given ciphertext, we ensure that no one except its intended receiver can identify the sender. However, the receiver of one message may behave dishonest when it tries to retrieve the real message sender, which incurs the problem that the receiver of a message might manipulate the origin of the message successfully for its own benefit. To tackle this problem, we present a novel encryption scheme in our third work. Apart from preserving user conditional privacy, this work also enforces the receiver to give a publicly verifiable proof so as to convince others that it is honest during the process of identifying the actual message sender. In our forth work, we show our special interest in the access control encryption, or ACE for short, and find this primitive can inherently achieve user conditional privacy preservation to some extent. we present a newly constructed ACE scheme in this work, and our scheme has advantages over existing ACE schemes in two aspects. Firstly, our ACE scheme is more reliable than existing ones since we utilize a distributed sanitizing algorithm and thus avoid the so called single point failure happened in ACE systems with only one sanitizer. Then, since the ciphertext and key size of our scheme is more compact than that of the existing ACE schemes, our scheme enjoys better scalability