A Secure Scheme for Authenticated Encryption

The paper proposes a new scheme of authenticated encryption that is either publicly verifiable or not publicly verifiable depending on the quantity of information the recipient released. This property would give recipient much flexibility in many applications. This scheme combines the ElGamal encryption with Schnorr signature. Considering the security goal of signature, the resultant scheme is at least as secure as that of the combined signature scheme. The security goal of encryption is examined under the chosen ciphertext attack, it is proven directly related to the security of signature. Furthermore, this new scheme is also secure against one-more-decryption attack. This novel security goal may be valuable in the applications of private information retrieval

An Enhanced and Secure Protocol for Authenticated Key Exchange

An enhanced authentication key exchange protocol was proposed to exchange multiple session keys between two participants at a time. This paper shows that this enhanced protocol is insecure under the known session key attack, known long-term private key attack, signature forgery attack, and replay attack. This paper also proposes an enhanced and secure key agreement protocol for exchanging multiple session keys in one run of the protocol. The protocol is secure against the attacks mentioned above. Besides, a formal proof is given to guarantee the security of the proposed protocol under other potential attacks

A Secure and Efficient Key Exchange Protocol for Mobile Communications

This paper proposes a key exchange protocol with mutual authentication, which requires only 0.1 modular multiplications for online computations. This online computation is ten times faster than that of conventional protocols. The message size of the proposed protocol is about half (50%~66%) that of the previous protocols. In addition to its efficiency in online computation and bandwidth, the paper provides a formal proof to guarantee the security of the proposed protocol. Possessing of both secure and efficient properties makes the proposed protocol suitable for the low power mobile communications

Cryptanalysis of a threshold proxy signature with known signers

A scheme of threshold proxy signature with known signers was proposed by Hwang et al. In their scheme, the receiver can identify the proxy signers that actually generated a proxy signature. Tzeng et al. demonstrated that this signature scheme is insecure and proposed an improvement to mend the information leakage. This paper shows that the improved scheme is still insecure under the original signer¡¦s forgery attack

Cryptanalysis on an Algorithm for Efficient Digital Signatures

Abstract. The total computation of the generation and verification of personnel identification or digital signature is heavy. For many schemes of them, the total computation is not less than hundreds of modular multiplications. Efficient schemes of personnel identification and digital signature were proposed, which require no more than 10 modular multiplications on generation and verification of challenge-response or digital signature. However, the schemes are weak in security. The paper will show that by interception of a transcript of communications between the prover and verifier, the private key of the prover is revealed.

On the Improvement of the Security of Signcryption Scheme

[[abstract]]Zheng proposed two new authenticated encryption schemes, called signcryption, in 1997. But the studies of Petersen and Michels showed that these schemes have the problem “to achieve non-repudiation is to lose confidentiality”. They outlined a solution to solve the problem. Later, He and Wu pointed out that there are forged signatures in the scheme proposed by Petersen and Michels. They also proposed improvement to mend the leak in security. In this paper, we shall show that the scheme of He-Wu still violates the property of unforgeability. Also, a new scheme based on Nyperg-Rueppel digital signature is presented

A Provably Secure Scheme for Partially Blind Signatures

Abstract: This paper proposes a new scheme for partially blind signature based on the difficulty in solving the discrete logarithm problem. Under the assumption of the generic model, random oracle model, and intractable ROS-problem, this paper formally proves that the proposed scheme is secure against one-more signature forgery under the adaptively parallel attack. Previous schemes using two signing equations for plain information and commitment. The proposed scheme uses two secret keys to combine these two signing equations, thus it is more efficient than previous schemes in both communicational and computational cost

Provable Secure Schemes for Authentication and Access Control Using Smart Cards

電腦科技日新月異的發展與網際網路的普及，促使數位資訊無邊際般的傳播與交流。由於網際網路屬於大眾網路，任何人皆可藉由網路登入遠端的伺服器，藉以查詢或處理資料；因此，登入者的身份認證相當重要。尤其甚者，對於提供服務給廣大使用者的系統而言，身份認證一直是一個重要課題。 為了認證使用者身份，使用公開金鑰系統是較為安全的方法之一。但是，公開金鑰系統的私密參數頗為冗長，不適合人類記憶；因此，促成人們使用智慧卡來儲存私密參數及演算法。在行動資訊、通訊日益普及的今天，充分的使用智慧卡來彌補人類記憶之不足，是一個合理的變通方法。但是，智慧卡也並非萬能丹，計算、記憶能量的限制實乃美中之不足。是故，使用智慧卡的技術協定，必須盡可能的降低其計算、記憶負擔。 目前已經有許多“使用智慧卡的身份認證法”刊登於文獻中，然而，這些文獻大都忽視“可證明安全”的要求。往往，一個技術剛發表，就有研究者指出該技術的安全漏洞，讓使用者不知所措。在此，若一個密碼協定宣稱“可證明安全”，則意指破解該密碼協定，就可藉以破解某個公認的數學難題。 基於上述原因，本篇論文提出四個“可證明安全的智慧卡身份認證法”，它們分別建立在“離散對數難題”和“離散對數及分解大數難題”的基礎上。比較以前的技術，本論文所提出的技術協定將擁有底下的優點: 1. 可證明安全的安全保證。 2. 縱然系統的私密參數洩漏也不會危及使用者的私密參數。 3. 縱然使用者互相共謀也無法滲漏系統的安全。 使用者認證及存取控制是電腦系統的兩項重大安全功能，傳統上這兩項功能是分別設計及實作。然而，為了提供電腦系統較佳的安全及效能，整合使用者認證及存取控制實屬必要。因此，Harn 與 Lin在1992年首先提出整合式的認證及存取控制。之後，亦有頗為甚多的學者，同樣基於整合的概念，相繼提出一些改良機制。 綜合以上這些技術，可以歸納成兩種類別，亦即“單一存取控制權”(適合動態更新存取控制) 與“多個存取控制權”的驗證機制。當使用者的存取控制權常常改變時，就得使用“單一存取控制權”的機制，此時，每個使用者送出的存取要求訊息僅僅包含一個存取控制要求；當使用者的存取控制權難得改變時，可以使用“多個存取控制權”的技術，這時，每個使用者送出的存取要求訊息包含數個存取控制要求。 在安全要求方面，和“使用智慧卡的身份認證法”頗為相似，有許多整合認證與存取控制的技術刊登於文獻中，然而，這些技術仍然大都忽視“可證明安全”的要求。 本篇論文提出兩個“可證明安全的身份認證與存取控制法”。其中之一不但整合“使用者認證”及“存取控制”，甚至同時提供“單一存取控制權”與“多個存取控制權”的功能。其安全等級與上述的“可證明安全的智慧卡身份認證法”不相上下。和類似的研究比較，本篇論文提出的機制，無論在計算成本及通信資料量均有顯著改善。With the rapid and ongoing growth of the Internet, more and more data are being exchanged. Since the Internet is an open channel, everybody can login a remote server to retrieve or process data. Before permitting user's login, the server should first verify whether the user has been authorized. Therefore, for providing system service to a lot of users, user authentication is very much important. One of the secure ways to authenticate users is fulfilled through the public key cryptosystem. However, using the public key cryptosystem, the user's secret parameters are too long and complex to be memorized for human being. Therefore an alternative method, using a smart card to store user's secret information and algorithms, is applied. The usage of smart card also rescues the system from maintaining tables to store user's secret data. However, there are limitations in computing power and storage in using the smart card. Thus the protocol must be designed to reduce the cost of computation and storage. There are many protocols and schemes for authentication using smart cards in literature of cryptography. However, almost all of these are not “provable secure”. Frequently, soon after the emergence of a new scheme, the cryptanalysis of the scheme is proposed. The term “provable secure” implies that breaking a scheme can be reduced to break a well-known difficult problem. For the reasons mentioned above, the dissertation proposes four authentication schemes of provable security using smart cards. They are established based on the mathematical difficulty of “discrete logarithm problem” or “both discrete logarithm problem and factorization problem”. As compared with the previous schemes, these proposed schemes have several advantages over them: 1. These scheme are provable secure. 2. The compromise of system's secret information does not disclose the user's secret information. 3. They are secure even under the collusion of smart card holders. User authentication and access control are two important security mechanisms in a computer system. Conventionally, these two mechanisms are consecutively executed, since they were designed and implemented in two different modules. However, a well-designed integrated scheme, integration of authentication and access control, would provide better performance in terms of security, communication and computation. Harn and Lin first proposed an integrated scheme at 1992. Since then, many schemes on these topics have been proposed. These aforementioned schemes can be classified into two categories: “single access right per message” (suited to dynamically access right updated) and “multiple access rights per message”. The first mechanism is suitable for the environment that the user's access rights are changed frequently. In the case that the user's access rights are rarely updated, the second mechanism is adopted, which allows a request message containing multiple access rights? Like the discussions of authentication scheme mentioned above, most of them lack the requirement of “provable secure”. It is not surprised that a protocol is broken soon after it was proposed. The dissertation proposes two integrated schemes, integration of authentication and access control, with probably secure using smart card. One of the proposed schemes is able to provide the features of “dynamically access right updated” and “multiple request messages per message”. Compared to previous schemes, the proposed scheme greatly enhances the computational and communicational performances, in addition to its flexibility of dynamically updating access right.Table of Contents Chapter 1 Introduction ..................................................................................................1 1.1 Authentication using smart cards.....................................................................1 1.1.1 Related work ............................................................................................1 1.1.2 Contributions ...........................................................................................3 1.2 Access control using smart cards....................................................................4 1.2.1 Single access right per message ...............................................................5 1.2.2 Contributions--single access right per message .......................................6 1.2.3 Multiple access rights per message .........................................................6 1.2.4 Contributions--multiple access rights per message .................................8 Chapter 2 Provable secure schemes for authentication using smart cards..................10 2.1 A provable secure scheme for authentication based on the discrete logarithm problem (scheme-AD) ..................................................................................10 2.1.1 Performance and correctness ..................................................................12 2.1.2 Security of the proposed scheme ............................................................16 2.1.3 Discussion ............................................................................................19 2.2 A provable secure scheme for authentication based on the factorization and discrete logarithm problem (scheme-AFD) ..................................................21 2.2.1 Performance and correctness ..................................................................22 2.2.2 Security of the proposed scheme ............................................................25 2.2.3 Discussion ............................................................................................30 2.3 A provable secure authentication scheme with mutual authentication based on the discrete logarithm problem (scheme-MAD) ..........................................32 2.3.1 Performance and correctness ..................................................................35 2.3.2 Security of the proposed scheme ...........................................................38 2.3.3 Discussion ...........................................................................................42 2.4 A provable secure authentication scheme with mutual authentication based on the factorization and discrete logarithm problem (scheme-MAFD) .............43 2.4.1 Performance and correctness ..................................................................45 2.4.2 Security of the proposed scheme ............................................................48 2.4.3 Discussion ............................................................................................51 2.5 Comparison between the schemes proposed .................................................52 Chapter 3 Provable secure access control using smart cards -- single access right per request message (scheme-SR) ..........................................................................53 3.1 The proposed scheme ...................................................................................54 3.2 Performance and correctness .........................................................................57 3.3 Security of the proposed scheme ...................................................................59 3.4 Discussion ...................................................................................................63 Chapter 4 Provable secure access control using smart cards -- multiple access rights per request message (scheme-MR) ....................................................................65 4.1 Review of a previous scheme ........................................................................66 4.2 Advantages and disadvantages of the reviewed scheme ..............................67 4.3 The proposed scheme ....................................................................................68 4.4 Efficient verification of the proposed scheme ..............................................71 4.5 Performance and correctness .....................................................................72 4.6 Security of the proposed scheme ...................................................................76 4.7 Discussion ...................................................................................................79 Chapter 5 Conclusions ................................................................................................80 References ...................................................................................................................82 Appendix A. Security of a simplified digital signature scheme .................................90 List of Tables Table 1. The proposed schemes for user authentication ...............................................4 Table 2. Requirements for a practical access control system .......................................8 Table 3. Comparison of computations and message sizes between the scheme-AD and previous schemes .........................................................................................15 Table 4. Comparison of computations and message sizes between the scheme-AFD and scheme-AD ............................................................................................24 Table 5. Comparison of computations and message sizes between the scheme-MAD, scheme-AD and scheme-PS .........................................................................37 Table 6. Comparison of computations and message sizes between the scheme-MAFD and scheme-AFD ...........................................................................................47 Table 7. Comparison of computations and message sizes between the scheme-AD, scheme-AFD, scheme-MAD, and scheme-MAFD ......................................52 Table 8. Comparison of computations and message sizes between the scheme-SR and scheme-LEE .................................................................................................58 Table 9. Comparison of computations and message sizes between the scheme-MR and scheme-LEEM ..............................................................................................74 List of Figures Fig. 1. Sizes of request message as a function of requested access rights in the case m = 10 (server granted 10 access rights to user U) .........................................75 Fig. 2. Sizes of request message as a function of requested access rights in the case m = 100 (server granted 100 access rights to user U) ......................................75 Fig. 3. Verification cost as a function of the number of requested access rights (0~10 access rights) ..................................................................................................76 Fig. 4. Verification cost as a function of the number of requested access rights (0~100 access rights) ..................................................................................................7