431 research outputs found

    A Strong Proxy Signature Scheme based on Partial Delegation

    Get PDF
    Proxy signature scheme is an extension of digital signature scheme first introduced by Mambo et al. in 1996, which allows a signer to delegate the signing capability to a designated person, called a proxy signer. There are three types of delegation, namely, full delegation, partial delegation, and delegation by warrant. In early proxy signature schemes, the identity of the proxy signer can be revealed by any trusted authority if needed. How- ever, a secured proxy signature scheme must satisfy various properties, such as, verifiability, strong un-forgeability, nonrepudiation, privacy, and strong identifiability. In this thesis, we propose a strong proxy signature scheme based on two computationally hard assumptions, namely, Discrete Logarithmic Problem (DLP) and Computational Die-Helmann (CDH) problem, which satisfies all the security properties of a standard proxy signature scheme. The property `strong' refers to the fact that only a designated person can only verify the authenticity of the proxy signature

    SIGNCRYPTION ANALYZE

    Get PDF
    The aim of this paper is to provide an overview for the research that has been done so far in signcryption area. The paper also presents the extensions for the signcryption scheme and discusses the security in signcryption. The main contribution to this paper represents the implementation of the signcryption algorithm with the examples provided.ElGamal, elliptic curves, encryption, identity-based, proxy-signcryption, public key, ring-signcryption, RSA, signcryption

    Time Stamped Proxy Blind Signature Scheme With Proxy Revocation Based on Discrete Logarithm Problem

    Get PDF
    Proxy blind signature combines both the properties of blind signature and proxy signature. In a proxy blind signature scheme, the proxy signer is allowed to generate a blind signature on behalf of the original signer. It is a protocol played by three parties in which a user obtains a proxy signer’s signature for a desired message and the proxy signer learns nothing about the message. During the verification of a proxy blind signature scheme, the verifier cannot get whether signing is within the delegation period or after delegation period. In this thesis a time stamped proxy blind signature scheme with proxy revocation is proposed which records the time stamp during the proxy signing phase and satisfies all the security properties of proxy blind signature i.e distinguishability, nonrepudiation, unforgeability, verifiability, identifiability, unlinkability, prevention of misuse. In a proxy revocation scheme, the original signer can terminate the delegation power of a proxy signer before the completion of delegation period. Proxy blind signature has wide applications in real life scenarios, such as, e-cash, e-voting and e-commerece applications

    MEDAPs: secure multi-entities delegated authentication protocols for mobile cloud computing

    Get PDF
    Since the technology of mobile cloud computing has brought a lot of benefits to information world, many applications in mobile devices based on cloud have emerged and boomed in the last years. According to the storage limitation, data owners would like to upload and further share the data through the cloud. Due to the safety requirements, mobile data owners are requested to provide credentials such as authentication tags along with the data. However, it is impossible to require mobile data owners to provide every authenticated computational results. The solution that signers’ privilege is outsourced to the cloud would be a promising way. To solve this problem, we propose three secure multi-entities delegated authentication protocols (MEDAPs) in mobile cloud computing, which enables the multiple mobile data owners to authorize a group designated cloud servers with the signing rights. The security of MEDAPs is constructed on three cryptographic primitive identity-based multi-proxy signature (IBMPS), identity-based proxy multi-signature (IBPMS), and identity-based multi-proxy multi-signature (IBMPMS), relied on the cubic residues, equaling to the integer factorization assumption. We also give the formal security proof under adaptively chosen message attacks and chosen identity/warrant attacks. Furthermore,compared with the pairing based protocol, MEDAPs are quite efficient and the communication overhead is nearly not a linear growth with the number of cloud servers. Copyright⃝c 2015 John Wiley & Sons, Ltd

    Operator authentication and accountability for SCADA servers when requests are forwarded by a middle layer

    Get PDF
    Due to their critical nature, the actions performed by operators on Industrial Control Systems (ICS) are subject to source authentication and accountability. When commands are not send directly by the user, but forwarded by middle servers, the compromise of those severs threatens the security of the whole architecture. This Master thesis provides a solution for that problem, guaranteeing authentication end-to-end while fulfilling cost and performance requirements. Based on an analysis of several potential solutions, digital signatures were assessed to be the most flexible and secure option. Moreover, the proposed solution relies on Microsoft's Active Directory, which manages credentials on the target architecture, for securely linking public keys with user identities. A prototype implementation of the proposed design is included, together with a limited performance evaluation. They have proven the validity of the design, that guarantees end-to-end authentication and accountability of command requests, while maintaining low implementation and maintenance costs and a negligible impact in latency per message

    Random Oracles in a Quantum World

    Get PDF
    The interest in post-quantum cryptography - classical systems that remain secure in the presence of a quantum adversary - has generated elegant proposals for new cryptosystems. Some of these systems are set in the random oracle model and are proven secure relative to adversaries that have classical access to the random oracle. We argue that to prove post-quantum security one needs to prove security in the quantum-accessible random oracle model where the adversary can query the random oracle with quantum states. We begin by separating the classical and quantum-accessible random oracle models by presenting a scheme that is secure when the adversary is given classical access to the random oracle, but is insecure when the adversary can make quantum oracle queries. We then set out to develop generic conditions under which a classical random oracle proof implies security in the quantum-accessible random oracle model. We introduce the concept of a history-free reduction which is a category of classical random oracle reductions that basically determine oracle answers independently of the history of previous queries, and we prove that such reductions imply security in the quantum model. We then show that certain post-quantum proposals, including ones based on lattices, can be proven secure using history-free reductions and are therefore post-quantum secure. We conclude with a rich set of open problems in this area.Comment: 38 pages, v2: many substantial changes and extensions, merged with a related paper by Boneh and Zhandr

    Proxy Blind Multi-signature Scheme using ECC for handheld devices

    Get PDF
    A proxy blind signature scheme is a special form of blind signature which allowed a designated person called proxy signer to sign on behalf of two or more original signers without knowing the content of the message or document. It combines the advantages of proxy signature, blind signature and multi-signature scheme. This paper describes an e±cient proxy blind multi-signature scheme. The security of the proposed schemes is based on the di±culty of breaking the one-way hash function and the elliptic curve discrete logarithm problem (ECDLP). This can be implemented in low power and small processor handheld devices such as smart card, PDA etc which work in low power and small processor. This scheme utilizes a trusted third party called certificate authority to ensure that signatures can only be generated during valid delegation period. It satisfies the security properties of both proxy and blind signature scheme

    Security Pitfalls of a Provably Secure Identity-based Multi-Proxy Signature Scheme

    Get PDF
    An identity-based multi-proxy signature is a type of proxy signatures in which the delegation of signing right is distributed among a number of proxy signers. In this type of cryptographic primitive, cooperation of all proxy signers in the proxy group generates the proxy signatures of roughly the same size as that of standard proxy signatures on behalf of the original signer, which is more efficient than transmitting individual proxy signatures. Since identity-based multi-proxy signatures are useful in distributed systems, grid computing, presenting a provably secure identity-based multi-proxy scheme is desired. In 2013, Sahu and Padhye proposed the first provably secure identity-based multi-proxy signature scheme in the random oracle model, and proved that their scheme is existential unforgeable against adaptive chosen message and identity attack. Unfortunately, in this paper, we show that their scheme is insecure. We present two forgery attacks on their scheme. Furthermore, their scheme is not resistant against proxy key exposure attack. As a consequence, there is no provably secure identity-based multi-proxy signature scheme secure against proxy key exposure attack to date

    Improving efficiency and security of IIoT communications using in-network validation of server certificate

    Get PDF
    The use of advanced communications and smart mechanisms in industry is growing rapidly, making cybersecurity a critical aspect. Currently, most industrial communication protocols rely on the Transport Layer Security (TLS) protocol to build their secure version, providing confidentiality, integrity and authentication. In the case of UDP-based communications, frequently used in Industrial Internet of Things (IIoT) scenarios, the counterpart of TLS is Datagram Transport Layer Security (DTLS), which includes some mechanisms to deal with the high unreliability of the transport layer. However, the (D)TLS handshake is a heavy process, specially for resource-deprived IIoT devices and frequently, security is sacrificed in favour of performance. More specifically, the validation of digital certificates is an expensive process from the time and resource consumption point of view. For this reason, digital certificates are not always properly validated by IIoT devices, including the verification of their revocation status; and when it is done, it introduces an important delay in the communications. In this context, this paper presents the design and implementation of an in-network server certificate validation system that offloads this task from the constrained IIoT devices to a resource-richer network element, leveraging data plane programming (DPP). This approach enhances security as it guarantees that a comprehensive server certificate verification is always performed. Additionally, it increases performance as resource-expensive tasks are moved from IIoT devices to a resource-richer network element. Results show that the proposed solution reduces DTLS handshake times by 50–60 %. Furthermore, CPU use in IIoT devices is also reduced, resulting in an energy saving of about 40 % in such devices.This work was financially supported by the Spanish Ministry of Science and Innovation through the TRUE-5G project PID2019-108713RB-C54/AEI/10.13039/501100011033. It was also partially supported by the Ayudas Cervera para Centros Tecnológicos grant of the Spanish Centre for the Development of Industrial Technology (CDTI) under the project EGIDA (CER-20191012), and by the Basque Country Government under the ELKARTEK Program, project REMEDY - Real tiME control and embeddeD securitY (KK-2021/00091)
    corecore