Using Searchable Encryption to Protect Privacy in Connected Cars

Providing vehicles with extended connectivity introduces new opportunities for services, and also security applications such as misbehavior detection. However, for many applications, personal data needs to be processed by the system providers, which impairs the privacy of the vehicle users. While focusing our research on new possibilities of connected car security, we follow privacy by design principles. We explore the utilisation of various privacy-enhancing technologies (PET) in order to provide advanced connected car applications, while preserving the personal data of the vehicle users. Specifically, we aim to develop practical schemes that utilise Searchable Encryption to provide a framework for secure and privacypreserving connected car applications

One-Round Key Exchange with Strong Security: An Efficient and Generic Construction in the Standard Model

One-round authenticated key exchange (ORKE) is an established research area, with many prominent protocol constructions like HMQV (Krawczyk, CRYPTO 2005) and Naxos (La Macchia et al., ProvSec 2007), and many slightly different, strong security models. Most constructions combine ephemeral and static Diffie-Hellman Key Exchange (DHKE), in a manner often closely tied to the underlying security model. We give a generic construction of ORKE protocols from general assumptions, with security in the standard model, and in a strong security model where the attacker is even allowed to learn the randomness or the long-term secret of either party in the target session. The only restriction is that the attacker must not learn both the randomness and the long-term secret of one party of the target session, since this would allow him to recompute all internal states of this party, including the session key. This is the first such construction that does not rely on random oracles. The construction is intuitive, relatively simple, and efficient. It uses only standard primitives, namely non-interactive key exchange, a digital signature scheme, and a pseudorandom function, with standard security properties, as building blocks

Ciphertext-Policy Attribute Based Encryption Supporting Access Policy Update

Attribute-based encryption (ABE) allows one-to-many encryption with static access control. In many occasions, the access control policy must be updated and the original encryptor might be required to re-encrypt the message, which is impractical, since the encryptor might be unavailable. Unfortunately, to date the work in ABE does not consider this issue yet, and hence this hinders the adoption of ABE in practice. In this work, we consider how to efficiently update access policies in Ciphertext-policy Attribute-based Encryption (CP-ABE) systems without re-encryption. We introduce a new notion of CP-ABE supporting access policy update that captures the functionalities of attribute addition and revocation to access policies. We formalize the security requirements for this notion, and subsequently construct two provably secure CP-ABE schemes supporting AND-gate access policy with constant-size ciphertext for user decryption. The security of our schemes are proved under the Augmented Multi-sequences of Exponents Decisional Diffie-Hellman assumption

Strong identity-based proxy signature schemes, revisited

tru

Ciphertext-policy attribute based encryption supporting access policy update

Attribute-based encryption (ABE) allows one-to-many encryption with static access control. In many occasions, the access control policy must be updated and the original encryptor might be required to re-encrypt the message, which is impractical, since the encryptor might be unavailable. Unfortunately, to date the work in ABE does not consider this issue yet, and hence this hinders the adoption of ABE in practice. In this work, we consider how to efficiently update access policies in Ciphertext-policy Attribute-based Encryption (CP-ABE) systems without re-encryption. We introduce a new notion of CP-ABE supporting access policy update that captures the functionalities of attribute addition and revocation to access policies. We formalize the security requirements for this notion, and subsequently construct two provably secure CP-ABE schemes supporting AND-gate access policy with constant-size ciphertext for user decryption. The security of our schemes are proved under the Augmented Multi-sequences of Exponents Decisional Diffie-Hellman assumption

Directly revocable ciphertext-policy attribute-based encryption from lattices

Attribute-based encryption (ABE) is a promising type of cryptosystem achieving fine-grained access control on encrypted data. Revocable attribute-based encryption (RABE) is an extension of ABE that provides revocation mechanisms when user\u27s attributes change, key exposure, and so on. In this paper, we propose two directly revocable ciphertext-policy attribute-based encryption (DR-ABE) schemes from lattices, which support flexible threshold access policies on multi-valued attributes, achieving user-level and attribute-level user revocation, respectively. Specifically, the revocation list is defined and embedded into the ciphertext by the message sender to revoke a user in the user-level revocable scheme or revoke some attributes of a certain user in the attribute-level revocable scheme. We also discuss how to outsource decryption and reduce the workload for the end user. Our schemes are proved to be secure in the standard model, assuming the hardness of the learning with errors (LWE) problem

Group key exchange protocols withstanding ephemeral-key reveals

When a group key exchange protocol is executed, the session key is typically extracted from two types of secrets; long-term keys (for authentication) and freshly generated (often random) values. The leakage of this latter so-called ephemeral keys has been extensively analyzed in the 2-party case, yet very few works are concerned with it in the group setting. We provide a generic {group key exchange} construction that is strongly secure, meaning that the attacker is allowed to learn both long-term and ephemeral keys (but not both from the same participant, as this would trivially disclose the session key). Our design can be seen as a compiler, in the sense that it builds on a 2-party key exchange protocol which is strongly secure and transforms it into a strongly secure group key exchange protocol by adding only one extra round of communication. When applied to an existing 2-party protocol from Bergsma et al., the result is a 2-round group key exchange protocol which is strongly secure in the standard model, thus yielding the first construction with this property

Practical Asynchronous Distributed Key Generation: Improved Efficiency, Weaker Assumption, and Standard Model

Distributed key generation (DKG) allows bootstrapping threshold cryptosystems without relying on a trusted party, nowadays enabling fully decentralized applications in blockchains and multiparty computation (MPC). While we have recently seen new advancements for asynchronous DKG (ADKG) protocols, their performance remains the bottleneck for many applications, with only one protocol being implemented (DYX+ ADKG, IEEE S&P 2022). DYX+ ADKG relies on the Decisional Composite Residuosity assumption (being expensive to instantiate) and the Decisional Diffie-Hellman assumption, incurring a high latency (more than 100s with a failure threshold of 16). Moreover, the security of DYX+ ADKG is based on the random oracle model (ROM) which takes hash function as an ideal function; assuming the existence of random oracle is a strong assumption, and up to now, we cannot find any theoretically-sound implementation. Furthermore, the ADKG protocol needs public key infrastructure (PKI) to support the trustworthiness of public keys. The strong models (ROM and PKI) further limit the applicability of DYX+ ADKG, as they would add extra and strong assumptions to underlying threshold cryptosystems. For instance, if the original threshold cryptosystem works in the standard model, then the system using DYX+ ADKG would need to use ROM and PKI. In this paper, we design and implement a modular ADKG protocol that offers improved efficiency and stronger security guarantees. We explore a novel and much more direct reduction from ADKG to the underlying blocks, reducing the computational overhead and communication rounds of ADKG in the normal case. Our protocol works for both the low-threshold and high-threshold scenarios, being secure under the standard assumption (the well-established discrete logarithm assumption only) in the standard model (no trusted setup, ROM, or PKI)

Efficient Statistical Zero-Knowledge Authentication Protocols for Smart Cards Secure Against Active & Concurrent Attacks

We construct statistical zero-knowledge authentication protocols for smart cards based on general assumptions. The main protocol is only secure against active attacks, but we present a modification based on trapdoor commitments that can resist concurrent attacks as well. Both protocols are instantiated using lattice-based primitives, which are conjectured to be secure against quantum attacks. We illustrate the practicality of our main protocol on smart cards in terms of storage, computation, communication, and round complexities. Furthermore, we compare it to other lattice-based authentication protocols, which are either zero-knowledge or have a similar structure. The comparison shows that our protocol improves the best previous protocol