Strong proxy signature scheme with proxy signer privacy protection.

by Shum Kwan.Thesis (M.Phil.)--Chinese University of Hong Kong, 2002.Includes bibliographical references (leaves 30-32).Abstracts in English and Chinese.Acknowledgement --- p.iiAbstract --- p.iii□ □ --- p.ivChapter 1 . --- Introduction --- p.1Chapter 1.1 --- Introduction to topic --- p.1Chapter 1.2 --- What is proxy signature? --- p.2Chapter 1.3 --- Terminologies in proxy signature --- p.2Chapter 1.4 --- Levels of delegation --- p.3Chapter 1.5 --- Previous work on Proxy Signature --- p.4Chapter 1.6 --- Our Contributions --- p.4Chapter 1.7 --- Thesis Organization --- p.4Chapter 2. --- Backgroun d --- p.6Chapter 2.1 --- Digital Signature --- p.6Chapter 2.2 --- Digital Certificate and CA --- p.6Chapter 2.3 --- Hash Functions --- p.7Chapter 2.4 --- Bit commitment --- p.7Chapter 3. --- Brief introduction to Our Result --- p.8Chapter 3.1 --- A Proxy Signature Scheme with Proxy Signer Privacy Protection --- p.8Chapter 3.2 --- Applications of Proxy Signature --- p.9Chapter 4. --- Detail Explanation of Certified Alias and its Application on Proxy Signature --- p.10Chapter 4.1 --- Introduction --- p.10Chapter 4.2 --- Protecting Signer Privacy Using Certified Alias Definition 4.2.3 --- p.10Chapter 4.3 --- Constructing Proxy signature Scheme by Consecutive Execution of Cryptographic Primitives (Scheme CE) --- p.11Chapter 4.4 --- Constructing Proxy signature Scheme by Direct Form Equations (Scheme DF) --- p.15Chapter 4.5 --- Comparison between scheme CE and scheme DF --- p.19Chapter 4.6 --- Chapter Summary --- p.20Chapter 5 . --- Applications of Proxy Signature with Proxy Signer Privacy Protection --- p.21Chapter 5.1 --- Secure Mobile agent Signature with Itinerary Privacy --- p.21Chapter 5.1.1 --- Introduction to Mobile Agent --- p.21Chapter 5.1.2 --- "Review on Lee, et al. strong non-designated proxy signature scheme for mobile agents" --- p.21Chapter 5.1.3 --- Constructing Signature scheme for Mobile Agent using Proxy signature with Proxy Signer Privacy Protection --- p.22Chapter 5.1.4 --- Remarks --- p.23Chapter 5.2 --- Group Signature with Unlimited Group Size --- p.24Chapter 5.2.1 --- Introduction to group signature --- p.24Chapter 5.2.2 --- Constructing group signature scheme using certified alias --- p.24Chapter 5.2.4 --- Remarks --- p.26Chapter 5.3 --- Chapter Summary --- p.27Chapter 6. --- Conclusions --- p.28Appendix: Paper derived from this thesis --- p.29Bibliography --- p.3

Ensuring Data Security and Individual Privacy in Health Care Systems

Ph.DDOCTOR OF PHILOSOPH

[[alternative]]The Design of Proxy Group-Oriented Signature Schemes with Anonymous Proxy Agent

計畫編號：NSC92-2213-E032-019研究期間：200308~200407研究經費：416,000[[sponsorship]]行政院國家科學委員

[[alternative]]The Design of Group-Oriented Proxy Signature Schemes with Anonymous Proxy Group

計畫編號：NSC93-2213-E032-020研究期間：200408~200507研究經費：428,000[[abstract]]Mambo 等學者在1996 年，首次提出了代理簽章的概念。在代理簽章法 中，原始簽章者，能委託一個代理簽章者為其產生代理簽章。因應實際群 體導向應用的需求，產生了多人授權代理簽章法、代理多人簽章法、多人 授權多人代理簽章法、門檻式代理簽章法與門檻式代理門檻式簽章法。在 已知的提出的代理簽章法中，有一種代理方式是：原始簽章者可以指明代 理人的身份，並委託他作為代理者。但是，在許多商業交易或軍事機密上 的需求，希望代理簽章者的身份是匿名的，只有原始簽章者才能知道代理 簽章的身份。然而在已知的提出的代理簽章法中，代理簽章者的身份是匿 名時，會產生了下列問題，如果代理簽章者希望匿名，會面臨被原始簽章 者偽造代理簽章的風險：如果不希望被原始簽章者偽造代理簽章，他勢必 公開自己的身份。因此我們在今年度正進行的研究計畫中，研究如何設計 匿名的多人授權代理簽章法，以及匿名的門檻式授權代理簽章法，讓代理 簽章者既可以匿名，也可以不怕被原始簽章者偽造代理簽章。延續本年度 的研究，我們發現當代理簽章者變成一個代理簽章群時，再防止代理簽章 群上面需要更近一步地研究設計。因此本次計畫將繼續探討當代理簽章者 為一代理簽章群時的主題，藉以設計匿名的多人代理簽章法，以及匿名的 門檻式代理簽章法。[[sponsorship]]行政院國家科學委員

Security Arguments for Partial Delegation with Warrant Proxy Signature Schemes

Proxy signature is an important cryptographic primitive and has been suggested in numerous applications. In this paper, we present an attack on the aggregate-signature-based proxy signature schemes, then point out there are two flaws in BPW notion of security for proxy signature. Furthermore, we give arguments for partial delegation with warrant proxy signature schemes. We construct a new proxy signature scheme and prove that it is secure against existentially forgery on adaptively chosen-message attacks and adaptively chosen-warrant attacks under the random oracle model

Reliable and Secure Drone-assisted MillimeterWave Communications

The next generation of mobile networks and wireless communication, including the fifth-generation (5G) and beyond, will provide a high data rate as one of its fundamental requirements. Providing high data rates can be accomplished through communication over high-frequency bands such as the Millimeter-Wave(mmWave) one. However, mmWave communication experiences short-range communication, which impacts the overall network connectivity. Improving network connectivity can be accomplished through deploying Unmanned Ariel Vehicles(UAVs), commonly known as drones, which serve as aerial small-cell base stations. Moreover, drone deployment is of special interest in recovering network connectivity in the aftermath of disasters. Despite the potential advantages, drone-assisted networks can be more vulnerable to security attacks, given their limited capabilities. This security vulnerability is especially true in the aftermath of a disaster where security measures could be at their lowest. This thesis focuses on drone-assisted mmWave communication networks with their potential to provide reliable communication in terms of higher network connectivity measures, higher total network data rate, and lower end-to-end delay. Equally important, this thesis focuses on proposing and developing security measures needed for drone-assisted networks’ secure operation. More specifically, we aim to employ a swarm of drones to have more connection, reliability, and secure communication over the mmWave band. Finally, we target both the cellular 5Gnetwork and Ad hoc IEEE802.11ad/ay in typical network deployments as well as in post-disaster circumstances

CONSTRUCTION OF EFFICIENT AUTHENTICATION SCHEMES USING TRAPDOOR HASH FUNCTIONS

In large-scale distributed systems, where adversarial attacks can have widespread impact, authentication provides protection from threats involving impersonation of entities and tampering of data. Practical solutions to authentication problems in distributed systems must meet specific constraints of the target system, and provide a reasonable balance between security and cost. The goal of this dissertation is to address the problem of building practical and efficient authentication mechanisms to secure distributed applications. This dissertation presents techniques to construct efficient digital signature schemes using trapdoor hash functions for various distributed applications. Trapdoor hash functions are collision-resistant hash functions associated with a secret trapdoor key that allows the key-holder to find collisions between hashes of different messages. The main contributions of this dissertation are as follows: 1. A common problem with conventional trapdoor hash functions is that revealing a collision producing message pair allows an entity to compute additional collisions without knowledge of the trapdoor key. To overcome this problem, we design an efficient trapdoor hash function that prevents all entities except the trapdoor key-holder from computing collisions regardless of whether collision producing message pairs are revealed by the key-holder. 2. We design a technique to construct efficient proxy signatures using trapdoor hash functions to authenticate and authorize agents acting on behalf of users in agent-based computing systems. Our technique provides agent authentication, assurance of agreement between delegator and agent, security without relying on secure communication channels and control over an agent’s capabilities. 3. We develop a trapdoor hash-based signature amortization technique for authenticating real-time, delay-sensitive streams. Our technique provides independent verifiability of blocks comprising a stream, minimizes sender-side and receiver-side delays, minimizes communication overhead, and avoids transmission of redundant information. 4. We demonstrate the practical efficacy of our trapdoor hash-based techniques for signature amortization and proxy signature construction by presenting discrete log-based instantiations of the generic techniques that are efficient to compute, and produce short signatures. Our detailed performance analyses demonstrate that the proposed schemes outperform existing schemes in computation cost and signature size. We also present proofs for security of the proposed discrete-log based instantiations against forgery attacks under the discrete-log assumption

Unlinkable Delegation of WebAuthn Credentials

The W3C\u27s WebAuthn standard employs digital signatures to offer phishing protection and unlinkability on the web using authenticators which manage keys on behalf of users. This introduces challenges when the account owner wants to delegate certain rights to a proxy user, such as to access their accounts or perform actions on their behalf, as delegation must not undermine the decentralisation, unlinkability, and attestation properties provided by WebAuthn. We present two approaches, called remote and direct delegation of WebAuthn credentials, maintaining the standard\u27s properties. Both approaches are compatible with Yubico\u27s recent Asynchronous Remote Key Generation (ARKG) primitive proposed for backing up credentials. For remote delegation, the account owner stores delegation credentials at the relying party on behalf of proxies, whereas the direct variant uses a delegation-by-warrant approach, through which the proxy receives delegation credentials from the account owner and presents them later to the relying party. To realise direct delegation we introduce Proxy Signature with Unlinkable Warrants (PSUW), a new proxy signature scheme that extends WebAuthn\u27s unlinkability property to proxy users and can be constructed generically from ARKG. We discuss an implementation of both delegation approaches, designed to be compatible with WebAuthn, including extensions required for CTAP, and provide a software-based prototype demonstrating overall feasibility. On the performance side, we observe only a minor increase of a few milliseconds in the signing and verification times for delegated WebAuthn credentials based on ARKG and PSUW primitives. We also discuss additional functionality, such as revocation and permissions management, and mention usability considerations