CONSTRUCTION OF EFFICIENT AUTHENTICATION SCHEMES USING TRAPDOOR HASH FUNCTIONS

In large-scale distributed systems, where adversarial attacks can have widespread impact, authentication provides protection from threats involving impersonation of entities and tampering of data. Practical solutions to authentication problems in distributed systems must meet specific constraints of the target system, and provide a reasonable balance between security and cost. The goal of this dissertation is to address the problem of building practical and efficient authentication mechanisms to secure distributed applications. This dissertation presents techniques to construct efficient digital signature schemes using trapdoor hash functions for various distributed applications. Trapdoor hash functions are collision-resistant hash functions associated with a secret trapdoor key that allows the key-holder to find collisions between hashes of different messages. The main contributions of this dissertation are as follows: 1. A common problem with conventional trapdoor hash functions is that revealing a collision producing message pair allows an entity to compute additional collisions without knowledge of the trapdoor key. To overcome this problem, we design an efficient trapdoor hash function that prevents all entities except the trapdoor key-holder from computing collisions regardless of whether collision producing message pairs are revealed by the key-holder. 2. We design a technique to construct efficient proxy signatures using trapdoor hash functions to authenticate and authorize agents acting on behalf of users in agent-based computing systems. Our technique provides agent authentication, assurance of agreement between delegator and agent, security without relying on secure communication channels and control over an agent’s capabilities. 3. We develop a trapdoor hash-based signature amortization technique for authenticating real-time, delay-sensitive streams. Our technique provides independent verifiability of blocks comprising a stream, minimizes sender-side and receiver-side delays, minimizes communication overhead, and avoids transmission of redundant information. 4. We demonstrate the practical efficacy of our trapdoor hash-based techniques for signature amortization and proxy signature construction by presenting discrete log-based instantiations of the generic techniques that are efficient to compute, and produce short signatures. Our detailed performance analyses demonstrate that the proposed schemes outperform existing schemes in computation cost and signature size. We also present proofs for security of the proposed discrete-log based instantiations against forgery attacks under the discrete-log assumption

NEW SECURE SOLUTIONS FOR PRIVACY AND ACCESS CONTROL IN HEALTH INFORMATION EXCHANGE

In the current digital age, almost every healthcare organization (HCO) has moved from storing patient health records on paper to storing them electronically. Health Information Exchange (HIE) is the ability to share (or transfer) patients’ health information between different HCOs while maintaining national security standards like the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Over the past few years, research has been conducted to develop privacy and access control frameworks for HIE systems. The goal of this dissertation is to address the privacy and access control concerns by building practical and efficient HIE frameworks to secure the sharing of patients’ health information. The first solution allows secure HIE among different healthcare providers while focusing primarily on the privacy of patients’ information. It allows patients to authorize a certain type of health information to be retrieved, which helps prevent any unintentional leakage of information. The privacy solution also provides healthcare providers with the capability of mutual authentication and patient authentication. It also ensures the integrity and auditability of health information being exchanged. The security and performance study for the first protocol shows that it is efficient for the purpose of HIE and offers a high level of security for such exchanges. The second framework presents a new cloud-based protocol for access control to facilitate HIE across different HCOs, employing a trapdoor hash-based proxy signature in a novel manner to enable secure (authenticated and authorized) on-demand access to patient records. The proposed proxy signature-based scheme provides an explicit mechanism for patients to authorize the sharing of specific medical information with specific HCOs, which helps prevent any undesired or unintentional leakage of health information. The scheme also ensures that such authorizations are authentic with respect to both the HCOs and the patient. Moreover, the use of proxy signatures simplifies security auditing and the ability to obtain support for investigations by providing non-repudiation. Formal definitions, security specifications, and a detailed theoretical analysis, including correctness, security, and performance of both frameworks are provided which demonstrate the improvements upon other existing HIE systems

Unlinkable Delegation of WebAuthn Credentials

The W3C\u27s WebAuthn standard employs digital signatures to offer phishing protection and unlinkability on the web using authenticators which manage keys on behalf of users. This introduces challenges when the account owner wants to delegate certain rights to a proxy user, such as to access their accounts or perform actions on their behalf, as delegation must not undermine the decentralisation, unlinkability, and attestation properties provided by WebAuthn. We present two approaches, called remote and direct delegation of WebAuthn credentials, maintaining the standard\u27s properties. Both approaches are compatible with Yubico\u27s recent Asynchronous Remote Key Generation (ARKG) primitive proposed for backing up credentials. For remote delegation, the account owner stores delegation credentials at the relying party on behalf of proxies, whereas the direct variant uses a delegation-by-warrant approach, through which the proxy receives delegation credentials from the account owner and presents them later to the relying party. To realise direct delegation we introduce Proxy Signature with Unlinkable Warrants (PSUW), a new proxy signature scheme that extends WebAuthn\u27s unlinkability property to proxy users and can be constructed generically from ARKG. We discuss an implementation of both delegation approaches, designed to be compatible with WebAuthn, including extensions required for CTAP, and provide a software-based prototype demonstrating overall feasibility. On the performance side, we observe only a minor increase of a few milliseconds in the signing and verification times for delegated WebAuthn credentials based on ARKG and PSUW primitives. We also discuss additional functionality, such as revocation and permissions management, and mention usability considerations

Strong proxy signature scheme with proxy signer privacy protection.

by Shum Kwan.Thesis (M.Phil.)--Chinese University of Hong Kong, 2002.Includes bibliographical references (leaves 30-32).Abstracts in English and Chinese.Acknowledgement --- p.iiAbstract --- p.iii□ □ --- p.ivChapter 1 . --- Introduction --- p.1Chapter 1.1 --- Introduction to topic --- p.1Chapter 1.2 --- What is proxy signature? --- p.2Chapter 1.3 --- Terminologies in proxy signature --- p.2Chapter 1.4 --- Levels of delegation --- p.3Chapter 1.5 --- Previous work on Proxy Signature --- p.4Chapter 1.6 --- Our Contributions --- p.4Chapter 1.7 --- Thesis Organization --- p.4Chapter 2. --- Backgroun d --- p.6Chapter 2.1 --- Digital Signature --- p.6Chapter 2.2 --- Digital Certificate and CA --- p.6Chapter 2.3 --- Hash Functions --- p.7Chapter 2.4 --- Bit commitment --- p.7Chapter 3. --- Brief introduction to Our Result --- p.8Chapter 3.1 --- A Proxy Signature Scheme with Proxy Signer Privacy Protection --- p.8Chapter 3.2 --- Applications of Proxy Signature --- p.9Chapter 4. --- Detail Explanation of Certified Alias and its Application on Proxy Signature --- p.10Chapter 4.1 --- Introduction --- p.10Chapter 4.2 --- Protecting Signer Privacy Using Certified Alias Definition 4.2.3 --- p.10Chapter 4.3 --- Constructing Proxy signature Scheme by Consecutive Execution of Cryptographic Primitives (Scheme CE) --- p.11Chapter 4.4 --- Constructing Proxy signature Scheme by Direct Form Equations (Scheme DF) --- p.15Chapter 4.5 --- Comparison between scheme CE and scheme DF --- p.19Chapter 4.6 --- Chapter Summary --- p.20Chapter 5 . --- Applications of Proxy Signature with Proxy Signer Privacy Protection --- p.21Chapter 5.1 --- Secure Mobile agent Signature with Itinerary Privacy --- p.21Chapter 5.1.1 --- Introduction to Mobile Agent --- p.21Chapter 5.1.2 --- "Review on Lee, et al. strong non-designated proxy signature scheme for mobile agents" --- p.21Chapter 5.1.3 --- Constructing Signature scheme for Mobile Agent using Proxy signature with Proxy Signer Privacy Protection --- p.22Chapter 5.1.4 --- Remarks --- p.23Chapter 5.2 --- Group Signature with Unlimited Group Size --- p.24Chapter 5.2.1 --- Introduction to group signature --- p.24Chapter 5.2.2 --- Constructing group signature scheme using certified alias --- p.24Chapter 5.2.4 --- Remarks --- p.26Chapter 5.3 --- Chapter Summary --- p.27Chapter 6. --- Conclusions --- p.28Appendix: Paper derived from this thesis --- p.29Bibliography --- p.3

Cryptanalysis and Performance Evaluation of Enhanced Threshold Proxy Signature Scheme Based on RSA for Known Signers

In these days there are plenty of signature schemes such as the threshold proxy signature scheme (Kumar and Verma 2010). The network is a shared medium so that the weakness security attacks such as eavesdropping, replay attack, and modification attack. Thus, we have to establish a common key for encrypting/decrypting our communications over an insecure network. In this scheme, a threshold proxy signature scheme based on RSA, any or more proxy signers can cooperatively generate a proxy signature while or fewer of them cannot do it. The threshold proxy signature scheme uses the RSA cryptosystem to generate the private and the public key of the signers (Rivest et al., 1978). Comparison is done on the basis of time complexity, space complexity, and communication overhead. We compare the performance of four schemes (Hwang et al. (2003), Kuo and Chen (2005), Yong-Jun et al. (2007), and Li et al. (2007), with the performance of a scheme that has been proposed earlier by the authors of this paper. In the proposed scheme, both the combiner and the secret share holder can verify the correctness of the information that they are receiving from each other. Therefore, the enhanced threshold proxy signature scheme is secure and efficient against notorious conspiracy attacks

A Thesis: A CRYPTOGRAPHIC STUDY OF SOME DIGITAL SIGNATURE SCHEMES.

In this thesis, we propose some directed signature schemes. In addition, we have discussed their applications in different situations. In this thesis, we would like to discuss the security aspects during the design process of the proposed directed digital signature schemes. The security of the most digital signature schemes widely use in practice is based on the two difficult problems, viz; the problem of factoring integers (The RSA scheme) and the problem of finding discrete logarithms over finite fields (The ElGamal scheme). The proposed works in this thesis is divided into seven chapters

Anonymity and trust in the electronic world

Privacy has never been an explicit goal of authorization mechanisms. The traditional approach to authorisation relies on strong authentication of a stable identity using long term credentials. Audit is then linked to authorization via the same identity. Such an approach compels users to enter into a trust relationship with large parts of the system infrastructure, including entities in remote domains. In this dissertation we advance the view that this type of compulsive trust relationship is unnecessary and can have undesirable consequences. We examine in some detail the consequences which such undesirable trust relationships can have on individual privacy, and investigate the extent to which taking a unified approach to trust and anonymity can actually provide useful leverage to address threats to privacy without compromising the principal goals of authentication and audit. We conclude that many applications would benefit from mechanisms which enabled them to make authorization decisions without using long-term credentials. We next propose specific mechanisms to achieve this, introducing a novel notion of a short-lived electronic identity, which we call a surrogate. This approach allows a localisation of trust and entities are not compelled to transitively trust other entities in remote domains. In particular, resolution of stable identities needs only ever to be done locally to the entity named. Our surrogates allow delegation, enable role-based access control policies to be enforced across multiple domains, and permit the use of non-anonymous payment mechanisms, all without compromising the privacy of a user. The localisation of trust resulting from the approach proposed in this dissertation also has the potential to allow clients to control the risks to which they are exposed by bearing the cost of relevant countermeasures themselves, rather than forcing clients to trust the system infrastructure to protect them and to bear an equal share of the cost of all countermeasures whether or not effective for them. This consideration means that our surrogate-based approach and mechanisms are of interest even in Kerberos-like scenarios where anonymity is not a requirement, but the remote authentication mechanism is untrustworthy

Commuting Signatures and Verifiable Encryption and an Application to Non-Interactively Delegatable Credentials

Verifiable encryption allows to encrypt a signature and prove that the plaintext is valid. We introduce a new primitive called commuting signature that extends verifiable encryption in multiple ways: a signer can encrypt both signature and message and prove validity; more importantly, given a ciphertext, a signer can create a verifiably encrypted signature on the encrypted message; thus signing and encrypting commute. We instantiate commuting signatures using the proof system by Groth and Sahai (EUROCRYPT \u2708) and the automorphic signatures by Fuchsbauer (ePrint report 2009/320). As an application, we give an instantiation of delegatable anonymous credentials, a powerful primitive introduced by Belenkiy et al. (CRYPTO \u2709). Our instantiation is arguably simpler than theirs and it is the first to provide non-interactive issuing and delegation, which is a standard requirement for non-anonymous credentials. Moreover, the size of our credentials and the cost of verification are less than half of those of the only previous construction, and efficiency of issuing and delegation is increased even more significantly. All our constructions are proved secure in the standard model