A Multireceiver Certificateless Signcryption (MCLS) Scheme

User authentication and message confidentiality are the basic security requirements of high-end applications such as multicast communication and distributed systems. Several efficient signature-then-encrypt cryptographic schemes have been proposed to offer these security requirements with lower computational cost and communication overhead. However, signature-then-encryption techniques take more computation time than signcryption techniques. Signcryption accomplishes both digital signature and public key encryption functions in a single logical step and at a much lower cost than ``signature followed by encryption.\u27\u27 Several signcryption schemes based on bilinear pairing operations have been proposed. Similarly, anonymous multi-receiver encryption has recently risen in prominence in multicast communication and distributed settings, where the same messages are sent to several receivers but the identity of each receiver should remain private. Anonymous multi-receiver encryption allows a receiver to obtain the plaintext by decrypting the ciphertext using their own private key, while their identity is kept secret to anyone, including other receivers. Among the Certificateless Multi-receiver Encryption (CLMRE) schemes that have been introduced, Hung et al. proposed an efficient Anonymous Multireceiver Certificateless Encryption (AMCLE) scheme ensuring confidentiality and anonymity based on bilinear pairings and is secure against IND-CCA and ANON-CCA. In this paper, we substantially extend Hung et al.’s multireceiver certificateless encryption scheme to a Multireceiver Certificateless Signcryption (MCLS) scheme that provides confidentiality along with authentication. We show that, as compared to Hung et al.’s encryption scheme, our signcryption scheme requires only three additional multiplication operations for signcryption and unsigncryption phases. Whereas, the signcryption cost is linear with the number of designated receivers while the unsigncryption cost remains constant for each designated receiver. We compare the results with other existing single receiver and multireceiver signcryption schemes in terms of number of operations, exemption of key escrow problem, and public key settings. The scheme proposed in this paper is more efficient for single and multireceiver signcryption schemes while providing exemption from the key escrow problem, and working in certificateless public key settings

Achieving cybersecurity in blockchain-based systems: a survey

With The Increase In Connectivity, The Popularization Of Cloud Services, And The Rise Of The Internet Of Things (Iot), Decentralized Approaches For Trust Management Are Gaining Momentum. Since Blockchain Technologies Provide A Distributed Ledger, They Are Receiving Massive Attention From The Research Community In Different Application Fields. However, This Technology Does Not Provide With Cybersecurity By Itself. Thus, This Survey Aims To Provide With A Comprehensive Review Of Techniques And Elements That Have Been Proposed To Achieve Cybersecurity In Blockchain-Based Systems. The Analysis Is Intended To Target Area Researchers, Cybersecurity Specialists And Blockchain Developers. For This Purpose, We Analyze 272 Papers From 2013 To 2020 And 128 Industrial Applications. We Summarize The Lessons Learned And Identify Several Matters To Foster Further Research In This AreaThis work has been partially funded by MINECO, Spain grantsTIN2016-79095-C2-2-R (SMOG-DEV) and PID2019-111429RB-C21 (ODIO-COW); by CAM, Spain grants S2013/ICE-3095 (CIBERDINE),P2018/TCS-4566 (CYNAMON), co-funded by European Structural Funds (ESF and FEDER); by UC3M-CAM grant CAVTIONS-CM-UC3M; by the Excellence Program for University Researchers, Spain; and by Consejo Superior de Investigaciones Científicas (CSIC), Spain under the project LINKA20216 (“Advancing in cybersecurity technologies”, i-LINK+ program)

Practical Privacy-Preserving Authentication for SSH

Public-key authentication in SSH reveals more information about the participants\u27 keys than is necessary. (1) The server can learn a client\u27s entire set of public keys, even keys generated for other servers. (2) The server learns exactly which key the client uses to authenticate, and can further prove this fact to a third party. (3) A client can learn whether the server recognizes public keys belonging to other users. Each of these problems lead to tangible privacy violations for SSH users. In this work we introduce a new public-key authentication method for SSH that reveals essentially the minimum possible amount of information. With our new method, the server learns only whether the client knows the private key for some authorized public key. If multiple keys are authorized, the server does not learn which one the client used. The client cannot learn whether the server recognizes public keys belonging to other users. Unlike traditional SSH authentication, our method is fully deniable. Our new method also makes it harder for a malicious server to intercept first-use SSH connections on a large scale. Our method supports existing SSH keypairs of all standard flavors — RSA, ECDSA, EdDSA. It does not require users to generate new key material. As in traditional SSH authentication, clients and servers can use a mixture of different key flavors in a single authentication session. We integrated our new authentication method into OpenSSH, and found it to be practical and scalable. For a typical client and server with at most 10 ECDSA/EdDSA keys each, our protocol requires 9 kB of communication and 12.4 ms of latency. Even for a client with 20 keys and server with 100 keys, our protocol requires only 12 kB of communication and 26.7 ms of latency

Protocolos para la seguridad de la información en eHealth: Criptografía en entornos mHeath

Abstract. The advance of technology has brought with it the evolution of tools in various fields, among which the medical field stands out. Today’s medicine has tools that 30 years ago were unthinkable making its functioning completely different. Thanks to this fusion of medicine and technology new terms concerning this symbiosis, such as eHealth or mHealth, may be found in our daily lives. Both users and all the areas that work in the protection and performance of health and safety benefit from it. In this doctoral thesis we have worked in several lines with the aim of improving information security in several mHealth systems trying to make the proposed solutions extrapolable to other environments. Firstly, a tool, supported by an expert system and using identity-based encryption for the protection of patient information, for the diagnosis, treatment and monitoring of children with attention deficit disorder is proposed. Second, a solution focused on geared towards enhancing solutions for two of the fundamental problems of medical data information security: the secure management of patient information and the identification of patients within the hospital environment, is included. The solution proposed for the identification problem is based on the use of NFC bracelets that store an identifier associated with the patient and is generated through an HMAC function. In the third work, the problem of identification is again analyzed, but this time in emergency environments where no stable communication networks are present. It also proposes a system for the classification of victims whose objective is to improve the management of health resources in these scenarios. The fourth contribution is a system for improving the traceability and management of small emergencies and everyday events based on the use of blockchains. To conclude with the contributions of this thesis, a cryptographic scheme which improves security in healthcare devices with little computing capacity is presented. The general aim of this thesis is providing improvements in current medicine through mHealth systems, paying special attention to information security. Specifically, measures for the protection of data integrity, identification, authentication and nonrepudiation of information are included. The completion of this doctoral thesis has been funded through a pre-doctoral FPI grant from the Canary Islands Government.El avance de la tecnología ha traído consigo la evolución de herramientas en diversos ámbitos, entre ellos destaca el de la medicina. La medicina actual posee unas herramientas que hace 30 años eran impensables, lo que hace que su funcionamiento sea completamente diferente. Gracias a esta fusión de medicina y tecnología encontramos en nuestro día a día nuevos términos, como eHealth o mHealth, que hacen referencia a esta simbiosis, en la que se benefician tanto los usuarios, como todas las áreas que trabajan en la protección y actuación de la salud y seguridad de las mismas. En esta tesis doctoral se ha trabajado en varias líneas con el objetivo de mejorar la seguridad de la información en varios sistemas mHealth intentando que las soluciones propuestas sean extrapolables a otros entornos. En primer lugar se propone una herramienta destinada al diagnóstico, tratamiento y monitorización de niños con trastorno de déficit de atención que se apoya en un sistema experto y usa cifrado basado en identidad para la protección de la información de los pacientes. En segundo lugar, se incluye una solución centrada en aportar mejoras en dos de los problemas fundamentales de la seguridad de la información de los datos médicos: la gestión segura de la información de los pacientes y la identificación de los mismos dentro del entorno hospitalario. La solución planteada para el problema de identificación se basa en la utilización de pulseras NFC que almacenan un identificador asociado al paciente y que es generado a través de una función HMAC. En el tercer trabajo se analiza de nuevo el problema de identificación de las personas pero esta vez en entornos de emergencia en los que no se cuenta con redes de comunicaciones estables. Además se propone un sistema de clasificación de víctimas en dichos entornos cuyo objetivo es mejorar la gestión de recursos sanitarios en estos escenarios. Como cuarta aportación se presenta un sistema de mejora de la trazabilidad y de la gestión de pequeñas emergencias y eventos cotidianos basada en el uso de blockchain. Para terminar con las aportaciones de esta tesis, se presenta un esquema criptográfico que mejora los esquemas actuales de seguridad utilizados para dispositivos del entorno sanitario que poseen poca capacidad computacional. La finalidad general perseguida en esta tesis es aportar mejoras al uso de la medicina actual a través de sistemas mHealth en los que se presta especial atención a la seguridad de la información. Concretamente se incluyen medidas para la protección de la integridad de los datos, identificación de personas, autenticación y no repudio de la información. La realización de esta tesis doctoral ha contando con financiación del Gobierno de Canarias a través de una beca predoctoral FPI