Chameleon: a Blind Double Trapdoor Hash Function for Securing AMI Data Aggregation

Data aggregation is an integral part of Advanced Metering Infrastructure (AMI) deployment that is implemented by the concentrator. Data aggregation reduces the number of transmissions, thereby reducing communication costs and increasing the bandwidth utilization of AMI. However, the concentrator poses a great risk of being tampered with, leading to erroneous bills and possible consumer disputes. In this paper, we propose an end-to-end integrity protocol using elliptic curve based chameleon hashing to provide data integrity and authenticity. The concentrator generates and sends a chameleon hash value of the aggregated readings to the Meter Data Management System (MDMS) for verification, while the smart meter with the trapdoor key computes and sends a commitment value to the MDMS so that the resulting chameleon hash value calculated by the MDMS is equivalent to the previous hash value sent by the concentrator. By comparing the two hash values, the MDMS can validate the integrity and authenticity of the data sent by the concentrator. Compared with the discrete logarithm implementation, the ECC implementation reduces the computational cost of MDMS, concentrator and smart meter by approximately 36.8%, 80%, and 99% respectively. We also demonstrate the security soundness of our protocol through informal security analysis

Comments and Improvements on Chameleon Hashing Without Key Exposure Based on Factoring

In this paper, we present some security flaws of the key-exposure free chameleon hash scheme based on factoring \cite{GWX07}. Besides, we propose an improved chameleon hash scheme without key exposure based on factoring which enjoys all the desired security notions of chameleon hashing

Key-Exposure Free Chameleon Hashing and Signatures Based on Discrete Logarithm Systems

Chameleon signatures simultaneously provide the properties of non-repudiation and non-transferability for the signed message. However, the initial constructions of chameleon signatures suffer from the problem of key exposure. This creates a strong disincentive for the recipient to forge signatures, partially undermining the concept of non-transferability. Recently, some specific constructions of discrete logarithm based chameleon hashing and signatures without key exposure are presented, while in the setting of gap Diffile-Hellman groups with pairings. \indent \,\, In this paper, we propose the first key-exposure free chameleon hash and signature scheme based on discrete logarithm systems, without using the gap Diffile-Hellman groups. This provides more flexible constructions of efficient key-exposure free chameleon hash and signature schemes. Moreover, one distinguishing advantage of the resulting chameleon signature scheme is that the property of ``message hiding or ``message recovery can be achieved freely by the signer, $i.e.,$ the signer can efficiently prove which message was the original one if he desires

Identity-Based Chameleon Hash Scheme Without Key Exposure

In this paper, we propose the first identity-based chameleon hash scheme without key exposure, which gives a positive answer for the open problem introduced by Ateniese and de Medeiros in 2004

Accountable Trapdoor Sanitizable Signatures

Abstract. Sanitizable signature (SS) allows a signer to partly delegate signing rights to a predeter-mined party, called sanitizer, who can later modify certain designated parts of a message originally signed by the signer and generate a new signature on the sanitized message without interacting with the signer. One of the important security requirements of sanitizable signatures is accountability, which allows the signer to prove, in case of dispute, to a third party that a message was modified by the sanitizer. Trapdoor sanitizable signature (TSS) enables a signer of a message to delegate the power of sanitization to any parties at anytime but at the expense of losing the accountability property. In this paper, we introduce the notion of accountable trapdoor sanitizable signature (ATSS) which lies between SS and TSS. As a building block for constructing ATSS, we also introduce the notion of accountable chameleon hash (ACH), which is an extension of chameleon hash (CH) and might be of independent interest. We propose a concrete construction of ACH and show how to use it to construct an ATSS scheme

Tightly Secure Chameleon Hash Functions in the Multi-User Setting and Their Applications

We define the security notion of (strong) collision resistance for chameleon hash functions in the multi-user setting ((S-)MU-CR security). We also present three constructions, CHF_dl, CHF_rsa and CHF_fac, and prove their tight S-MU-CR security based on the discrete logarithm, RSA and factoring assumptions, respectively. In applications, our tightly S-MU-CR secure chameleon hash functions help us to lift a signature scheme from (weak) unforgeability to strong unforgeability in the multi-user setting, and the security reduction is tightness preserving. Furthermore, they can also be used to construct tightly secure online/offline signatures, chameleon signatures and proxy signatures, etc., in the multi-user setting

Practical Strongly Invisible and Strongly Accountable Sanitizable Signatures

Sanitizable signatures are a variant of digital signatures where a designated party (the sanitizer) can update admissible parts of a signed message. At PKC’17, Camenisch et al. introduced the notion of invisible sanitizable signatures that hides from an outsider which parts of a message are admissible. Their security definition of invisibility, however, does not consider dishonest signers. Along the same lines, their signer-accountability definition does not prevent the signer from falsely accusing the sanitizer of having issued a signature on a sanitized message by exploiting the malleability of the signature itself. Both issues may limit the usefulness of their scheme in certain applications. We revise their definitional framework, and present a new construction eliminating these shortcomings. In contrast to Camenisch et al.’s construction, ours requires only standard building blocks instead of chameleon hashes with ephemeral trapdoors. This makes this, now even stronger, primitive more attractive for practical use. We underpin the practical efficiency of our scheme by concrete benchmarks of a prototype implementation

Chameleon-Hashes with Dual Long-Term Trapdoors and Their Applications

A chameleon-hash behaves likes a standard collision-resistant hash function for outsiders. If, however, a trapdoor is known, arbitrary collisions can be found. Chameleon-hashes with ephemeral trapdoors (CHET; Camenisch et al., PKC ’17) allow prohibiting that the holder of the long-term trapdoor can find collisions by introducing a second, ephemeral, trapdoor. However, this ephemeral trapdoor is required to be chosen freshly for each hash. We extend these ideas and introduce the notion of chameleon-hashes with dual long-term trapdoors (CHDLTT). Here, the second trapdoor is not chosen freshly for each new hash; Rather, the hashing party can decide if it wants to generate a fresh second trapdoor or use an existing one. This primitive generalizes CHETs, extends their applicability and enables some appealing new use-cases, including three-party sanitizable signatures, group-level selectively revocable signatures and break-the-glass signatures. We present two provably secure constructions and an implementation which demonstrates that this extended primitive is efficient enough for use in practice

Routing and Security in Mobile Ad Hoc Networks

A Mobile Ad hoc Network (MANET) consists of a set of nodes which can form a network among themselves. MANETs have applications in areas such as military, disaster rescue operations, monitoring animal habitats, etc. where establishing fixed communication infrastructure is not feasible. Routing protocols designed for MANETs can be broadly classified as position-based (geographic), topology-based and hybrid. Geographic routing uses location information of nodes to route messages. Topology-based routing uses network state information for route discovery and maintenance. Hybrid routing protocols use features in both position-based and topology-based approaches. Position-based routing protocols route packets towards the destination using greedy forwarding (i.e., an intermediate node forwards packets to a neighbor that is closer to the destination than itself). If a node has no neighbor that is closer to the destination than itself, greedy forwarding fails. In this case, we say there is void. Different position-based routing protocols use different methods for dealing with voids. Topology-based routing protocols can be classified into on-demand (reactive) routing protocols and proactive routing protocols. Generally, on-demand routing protocols establish routes when needed by flooding route requests throughout the entire network, which is not a scalable approach. Reactive routing protocols try to maintain routes between every pair of nodes by periodically exchanging messages with each other which is not a scalable approach also. This thesis addresses some of these issues and makes the following contribution. First, we present a position-based routing protocol called Greedy Routing Protocol with Backtracking (GRB) which uses a simple backtracking technique to route around voids, unlike existing position-based routing protocols which construct planarized graph of the local network to route around voids. We compare the performance of our protocol with the well known Greedy Perimeter Stateless Routing (GPSR) protocol and the Ad-Hoc On-demand Distance Vector (AODV) routing protocol as well as the Dynamic Source Routing (DSR) protocol. Performance evaluation shows that our protocol has less control overhead than those of DSR, AODV, and GPSR. Performance evaluation also shows that our protocol has a higher packet-delivery ratio, lower end-to-end delay, and less hop count, on average, compared to AODV, DSR and GPSR. We then present an on-demand routing protocol called ``Hybrid On-demand Greedy Routing Protocol with Backtracking for Mobile Ad-Hoc Networks which uses greedy approach for route discovery. This prevents flooding route requests, unlike the existing on-demand routing protocols. This approach also helps in finding routes that have lower hop counts than AODV and DSR. Our performance evaluation confirms that our protocol performs better than AODV and DSR, on average, with respect to hop count, packet-delivery ratio and control overhead. In MANETs, all nodes need to cooperate to establish routes. Establishing secure and valid routes in the presence of adversaries is a challenge in MANETs. Some of the well-known source routing protocols presented in the literature (e.g., Ariadne and endairA) which claim to establish secure routes are susceptible to hidden channel attacks. We address this issue and present a secure routing protocol called SAriadne, based on sanitizable signatures. We show that our protocol detects and prevents hidden channel attacks