Towards secure end-to-end data aggregation in AMI through delayed-integrity-verification

The integrity and authenticity of the energy usage data in Advanced Metering Infrastructure (AMI) is crucial to ensure the correct energy load to facilitate generation, distribution and customer billing. Any malicious tampering to the data must be detected immediately. This paper introduces secure end-to-end data aggregation for AMI, a security protocol that allows the concentrators to securely aggregate the data collected from the smart meters, while enabling the utility back-end that receives the aggregated data to verify the integrity and data originality. Compromise of concentrators can be detected. The aggregated data is protected using Chameleon Signatures and then forwarded to the utility back-end for verification, accounting, and analysis. Using the Trapdoor Chameleon Hash Function, the smart meters can periodically send an evidence to the utility back-end, by computing an alternative message and a random value (m', r) such that m' consists of all previous energy usage measurements of the smart meter in a specified period of time. By verifying that the Chameleon Hash Value of (m', r) and that the energy usage matches those aggregated by the concentrators, the utility back-end is convinced of the integrity and authenticity of the data from the smart meters. Any data anomaly between smart meters and concentrators can be detected, thus indicating potential compromise of concentrators

Redactable Signatures for Signed CDA Documents

[[abstract]]The Clinical Document Architecture, introduced by Health Level Seven, is a XML-based standard intending to specify the encoding, structure, and semantics of clinical documents for exchange. Since the clinical document is in XML form, its authenticity and integrity could be guaranteed by the use of the XML signature published by W3C. While a clinical document wants to conceal some personal or private information, the document needs to be redacted. It makes the signed signature of the original clinical document not be verified. The redactable signature is thus proposed to enable verification for the redacted document. Only a little research does the implementation of the redactable signature, and there still not exists an appropriate scheme for the clinical document. This paper will investigate the existing web-technologies and find a compact and applicable model to implement a suitable redactable signature for the clinical document viewer.[[notice]]補正完畢[[incitationindex]]SC

Editing-enabled signatures: A new tool for editing authenticated data

tru

Short Transitive Signatures for Directed Trees

A transitive signature scheme allows to sign a graph in such a way that, given the signature of edges (a,b) and (b,c), it is possible to compute the signature for the edge (or path) (a,c) without the Signer\u27s secret. Constructions for undirected graphs are known but the case of directed graphs remains open. A first solution for the easier case of directed trees (DTTS) was given by Yi at CT-RSA 2007. In Yi\u27s construction, the signature for an edge is O(n (\log (n \log n))) bits long in the worst case. A year later, Neven designed a simpler scheme where the signature size is reduced to O(n \log n) bits. Although Neven\u27s construction is more efficient, handling O(n \log n) still remains impractical for large n. In this work, we design a new $DTTS$ scheme where for any value \lambda \geq 1 and security parameter \kappa, we have: * A signature for an edge is only $O(\kappa \lambda)$ bits long. * Signing or verifying the signature for an edge requires O(\lambda) cryptographic operations. * Computing a signature for an edge requires \lambda n^{1/\lambda} cryptographic operations. To the best of our knowledge this is the first construction with such trade off. In particular, we achieve O(\kappa\log(n)) bits signatures, as well as O(\log(n)) time to generate edge signatures, verify or even compute edge signatures. Our construction relies on hashing with common-prefix proofs, a new variant of collision resistance hashing. A family \HashFam is collision resistant hashing with common-prefix proofs if for any H \in \HashFam, given two strings X and Y equal up to position i, a Combiner can convince a Verifier that X[1..i] is a prefix of Y by sending only H(X),H(Y), and a small proof. We believe that this new primitive will lead to other interesting applications

Hard isogeny problems over RSA moduli and groups with infeasible inversion

We initiate the study of computational problems on elliptic curve isogeny graphs defined over RSA moduli. We conjecture that several variants of the neighbor-search problem over these graphs are hard, and provide a comprehensive list of cryptanalytic attempts on these problems. Moreover, based on the hardness of these problems, we provide a construction of groups with infeasible inversion, where the underlying groups are the ideal class groups of imaginary quadratic orders. Recall that in a group with infeasible inversion, computing the inverse of a group element is required to be hard, while performing the group operation is easy. Motivated by the potential cryptographic application of building a directed transitive signature scheme, the search for a group with infeasible inversion was initiated in the theses of Hohenberger and Molnar (2003). Later it was also shown to provide a broadcast encryption scheme by Irrer et al. (2004). However, to date the only case of a group with infeasible inversion is implied by the much stronger primitive of self-bilinear map constructed by Yamakawa et al. (2014) based on the hardness of factoring and indistinguishability obfuscation (iO). Our construction gives a candidate without using iO.Comment: Significant revision of the article previously titled "A Candidate Group with Infeasible Inversion" (arXiv:1810.00022v1). Cleared up the constructions by giving toy examples, added "The Parallelogram Attack" (Sec 5.3.2). 54 pages, 8 figure

Optimal Data Authentication from Directed Transitive Signatures

An authenticated dictionary of size $N$ is said to be optimal when an update operation or proof computation requires at most $O(\log N)$ accesses to the data-structure, and the size of a proof is $O(1)$ with respect to $N$. In this note we show that an optimal authenticated dictionary (OAD) can be built using transitive signatures for directed graphs (DTS). As the existence of DTS and OAD are both still open, our result can be interpreted as following: if optimal authenticated dictionaries do not exist then transitive signatures for directed graphs do not exist either

A blockchain-empowered authentication scheme for worm detection in wireless sensor network

Wireless Sensor Network (WSN) is a distributed sensor network composed a large number of nodes with low cost, low performance and self-management. The special structure of WSN brings both convenience and vulnerability. For example, a malicious participant can launch attacks by capturing a physical device. Therefore, node authentication that can resist malicious attacks is very important to network security. Recently, blockchain technology has shown the potential to enhance the security of the Internet of Things (IoT). In this paper, we propose a Blockchain-empowered Authentication Scheme (BAS) for WSN. In our scheme, all nodes are managed by utilizing the identity information stored on the blockchain. Besides, the simulation experiment about worm detection is executed on BAS, and the security is evaluated from detection and infection rate. The experiment results indicate that the proposed scheme can effectively inhibit the spread and infection of worms in the network

Certification and Efficient Proofs of Committed Topology Graphs

Digital signature schemes are a foundational cryptographic building block in certification and the projection of trust. Based on a signature scheme on committed graphs, we propose a toolkit of certification and proof methods to sign committed topology graphs and to prove properties of their certificates in zero-knowledge. This toolkit allows an issuer, such as an auditor, to sign the topology representation of an infrastructure. The prover, such as an infrastructure provider, can then convince a verifier of topology properties, such as partitions, connectivity or isolation, without disclosing the structure of the topology itself. By that, we can achieve the certification of the structure of critical systems, such as infrastructure clouds or outsourced systems, while still maintaining confidentiality. We offer zero-knowledge proofs of knowledge for a general specification language of security goals for virtualized infrastructures, such that high-level security goalscan be proven over the topology certificate. Our method builds upon the Camenisch-Lysyanskaya signature scheme, is based on honest-verifier proofs and the strong RSA assumption

Accountable Trapdoor Sanitizable Signatures

Abstract. Sanitizable signature (SS) allows a signer to partly delegate signing rights to a predeter-mined party, called sanitizer, who can later modify certain designated parts of a message originally signed by the signer and generate a new signature on the sanitized message without interacting with the signer. One of the important security requirements of sanitizable signatures is accountability, which allows the signer to prove, in case of dispute, to a third party that a message was modified by the sanitizer. Trapdoor sanitizable signature (TSS) enables a signer of a message to delegate the power of sanitization to any parties at anytime but at the expense of losing the accountability property. In this paper, we introduce the notion of accountable trapdoor sanitizable signature (ATSS) which lies between SS and TSS. As a building block for constructing ATSS, we also introduce the notion of accountable chameleon hash (ACH), which is an extension of chameleon hash (CH) and might be of independent interest. We propose a concrete construction of ACH and show how to use it to construct an ATSS scheme