115 research outputs found
Lattice-based Multi-signature with Linear Homomorphism
Abstract: This paper extends the lattice-based linearly homomorphic signature to have multiple signers with the security proof. In our construction, we assume that there are one trusted dealer and either single signer or multiple signers for a message. The dealer pre-shares the message vector v during the set-up phase and issues a pre-shared vector v i to each signer. Then, from partial signatures σ i of v i signed by each signer, one obtains a valid signature σ of v by combining all partial signatures σ i of v i . We use well-known lattice-based algorithms like trapdoor generation algorithm and extracting basis algorithm to distribute different secret keys to each signer. Our signature holds multi-unforgeability and weakly context hiding property and is shown to be provably secure in the random oracle model under k-Small Integer Solution problem assuming the soundness of Boneh and Freeman's signature
Attribute-Based Ring Signatures
Ring signature was proposed to keep signer\u27s anonymity when it
signs messages on behalf of a ``ring of possible signers. In this
paper, we propose a novel notion of ring signature which is called
attribute-based ring signature. In this kind of signature, it allows
the signer to sign message with its attributes from attribute
center. All users that possess of these attributes form a ring. The
identity of signer is kept anonymous in this ring. Furthermore,
anyone out of this ring could not forge the signature on behalf of
the ring.
Two constructions of attribute-based ring signature are also
presented in this paper. The first scheme is proved to be secure in
the random oracle model, with large universal attributes. We also
present another scheme in order to avoid the random oracle model. It
does not rely on non-standard hardness assumption or random oracle
model. Both schemes in this paper are based on standard
computational Diffie-Hellman assumption
Security Analysis of A Remote User Authentication Protocol by Liao and Wang
In Elsevier\u27s journal of Computer Standards & Interfaces, 2007, Liao and Wang proposed an authentication protocol using smart card and claimed that their protocol provides security against replay attacks, active attacks and insider attacks. In addition, they argued that user anonymity is guaranteed. In this paper, we point out that Liao-Wang protocol is vulnerable to an insider attack by presenting a simple method for a malicious server to impersonate any user authenticating to the server. We also demonstrate that user anonymity can be violated as colluding servers can easily track activities of users
Security weakness in the Proof of Storage with Deduplication
Achieving both security and efficiency is the challenging issue for a data outsourcing service in the cloud computing.
Proof of Storage with Deduplication (POSD) is the first solution that addresses the issue for the cloud storage. However, the validity of the POSD scheme stands on the strong assumption that all clients are honest in terms of generating their keys. We present insecurity of the scheme
under new attack model that malicious clients exploit dishonestly manipulated keys. We also propose an improvement of the POSD scheme to mitigate our attack
Grouping-Proof Protocol for RFID Tags: Security Definition and Scalable Construction
In this paper, we propose a grouping-proof protocol for RFID tags based on secret sharing. Our proposed protocol addresses the scalability issue of the previous protocols by removing the need for an RFID reader to relay messages from one tag to another tag. We also present a security model for a secure grouping-proof protocol which properly addresses the so called \emph{mafia fraud atttack}. Mafia fraud attack (sometimes called distance fraud) is a simple relay attack suggested by Yvo Desmedt. Any location-based protocol including RFID protocols is vulnerable to this attack even if cryptography is used. One practical countermeasure to mafia fraud attack is to employ a distance-bounding protocol into a location-based protocol. However, in the light of work by Chandran et al., mafia fraud attack cannot be theoretically prevented. Therefore, we need to take hits fact into account in order to make sense about security notion for secure grouping-proof protocols
A2BE: Accountable Attribute-Based Encryption for Abuse Free Access Control
As a recently proposed public key primitive, attribute-based
encryption (ABE) (including Ciphertext-policy ABE (CP-ABE) and
Key-policy ABE (KP-ABE)) is a highly promising tool for secure
access control. In this paper, the issue of key abuse in ABE is
formulated and addressed. Two kinds of key abuse problems are
considered, i) illegal key sharing among colluding users and ii)
misbehavior of the semi-trusted attribute authority including
illegal key (re-)distribution. Both problems are extremely important
as in an ABE-based access control system, the attribute private keys
directly imply users\u27 privileges to the protected resources. To the
best knowledge of ours, such key abuse problems exist in all current
ABE schemes as the attribute private keys assigned to the users are
never designed to be linked to any user specific information except
the commonly shared user attributes.
To be concrete, we focus on the prevention of key abuse in CP-ABE in
this paper \footnote{Our technique can easily be extended to KP-ABE
as well.}. The notion of accountable CP-ABE (CP-ABE, in short)
is first proposed to prevent illegal key sharing among colluding
users. The accountability for user is achieved by embedding
additional user specific information in the attribute private key
issued to the user. To further obtain accountability for the
attribute authority as well, the notion of strong CP-ABE is
proposed, allowing each attribute private key to be linked to the
corresponding user\u27s secret that is unknown to the attribute
authority. We show how to construct such a strong CP-ABE and
prove its security based on the computational Diffie-Hellman
assumption. Finally, we show how to utilize the new technique to
solve some open problems existed in the previous accountable
identity-based encryption schemes
Constant-round Dynamic Group Key Exchange from RLWE Assumption
In this paper, we propose a novel lattice-based group key exchange protocol with dynamic membership. Our protocol is constructed by generalizing Dutta-Barua protocol to RLWE setting, inspired by Apon et al.’s recent paper in PQCrypto 2019.
We describe our (static) group key exchange protocol from Apon et al.’s paper by modifying its third round and computation step. Then, we present both authenticated and dynamic group key exchange protocol with Join and Leave algorithms. The number of rounds for authenticated group key exchange remains the same as unauthenticated one.
Our protocol also supports the scalable property so that the number of rounds does not change depending on the number of group participants. By assuming the hardness of RLWE assumption and unforgeability of digital signatures, we give a full security proof for (un-)authenticated (dynamic) group key exchange protocols
Untraceable Mobile Node Authentication in WSN
Mobility of sensor node in Wireless Sensor Networks (WSN) brings security issues such as re-authentication and tracing the node movement. However, current security researches on WSN are insufficient to support such environments since their designs only considered the static environments. In this paper, we propose the efficient node authentication and key exchange protocol that reduces the overhead in node re-authentication and also provides untraceability of mobile nodes. Compared with previous protocols, our protocol has only a third of communication and computational overhead. We expect our protocol to be the efficient solution that increases the lifetime of sensor network
Identity-Based Chameleon Hash Scheme Without Key Exposure
In this paper, we propose the first identity-based chameleon hash
scheme without key exposure, which gives a positive answer for the open problem introduced by Ateniese and de Medeiros in 2004
- …