An important open problem in the area of Traitor Tracing is designing a scheme with constant expansion of the size of keys (users' keys and the encryption key) and of the size of ciphertexts with respect to the size of the plaintext. This problem is known from the introduction of Traitor Tracing by Chor, Fiat and Naor. We refer to such schemes as traitor tracing with constant transmission rate. Here we present a general methodology and two protocol constructions that result in the first two public-key traitor tracing schemes with constant transmission rate in settings where plaintexts can be calibrated to be sufficiently large. Our starting point is the notion of copyrighted function which was presented by Naccache, Shamir and Stern. We first solve the open problem of discrete-log-based and public-key-based copyrighted function. Then, we observe the simple yet crucial relation between (public-key) copyrighted encryption and (public-key) traitor tracing, which we exploit by introducing a generic design paradigm for designing constant transmission rate traitor tracing schemes based on copyrighted encryption functions. Our first scheme achieves the same expansion efficiency as regular ElGamal encryption. The second scheme introduces only a slightly larger (constant) overhead, however, it additionally achieves efficient black-box traitor tracing (against any pirate construction).

Traitor Tracing with constant transmission rate

Recently, in 2014, He and Wang proposed a robust and efficient multi-server authentication scheme using biometrics-based smart card and elliptic curve cryptography (ECC). In this paper, we first analyze He–Wang’s scheme and show that their scheme is vulnerable to a known session-specific temporary information attack and impersonation attack. In addition, we show that their scheme does not provide strong user’s anonymity. Furthermore, He–Wang’s scheme cannot provide the user revocation facility when the smart card is lost/stolen or user’s authentication parameter is revealed. Apart from these, He–Wang’s scheme has some design flaws, such as wrong password login and its consequences, and wrong password update during password change phase. We then propose a new secure multi-server authentication protocol using biometric-based smart card and ECC with more security functionalities. Using the Burrows–Abadi–Needham logic, we show that our scheme provides secure authentication. In addition, we simulate our scheme for the formal security verification using the widely accepted and used automated validation of Internet security protocols and applications tool, and show that our scheme is secure against passive and active attacks. Our scheme provides high security along with low communication cost, computational cost, and variety of security features. As a result, our scheme is very suitable for battery-limited mobile devices as compared with He–Wang’s scheme.

A Secure Biometrics-Based Multi-Server Authentication Protocol Using Smart Cards

We present a survey of authentication and key agreement schemes that are proposed for the SIP protocol. SIP has become the center piece for most VoIP architectures. Performance and security of the authentication and key agreement schemes are two critical factors that affect the VoIP applications with large number of users. Therefore, we have identified, categorized and evaluated various SIP authentication and key agreement protocols according to their performance and security features. Although the performance is inversely proportional to the security features provided in general, we observed that there are successful schemes from both the performance and security viewpoint.

A Survey of SIP Authentication and Key Agreement Schemes

With the widespread adoption of Internet of Things and cloud computing in different industry sectors, an increasing number of individuals or organizations are outsourcing their Industrial Internet of Things (IIoT) data in the cloud server to achieve cost saving and collaboration (e.g., data sharing). However, in this environment, preserving the privacy of data remains a key challenge and inhibiting factor to an even wider adoption of IIoT in the cloud environment. To mitigate these issues, in this paper, we design a new secure channel-free certificateless searchable public key encryption with multiple keywords scheme for IIoT deployment. We then demonstrate the security of the scheme in the random oracle model against two types of adversaries, where one adversary is given the power to choose a random public key instead of any user's public key and another adversary is allowed to learn the system master key. In the presence of these types of adversaries, we evaluate the performance of the proposed scheme and demonstrate that it achieves (computational) efficiency with low communication cost.

Certificateless Searchable Public Key Encryption Scheme for Industrial Internet of Things

Security for 4G and 5G cellular networks

A new provably secure authentication and key agreement protocol for SIP using ECC

A new provably secure authentication and key agreement mechanism for SIP using certificateless public-key cryptography

The session initiation protocol (SIP) is considered as the dominant signaling protocol for calls over the internet. However, SIP authentication typically uses HTTP digest authentication, which is vulnerable to many forms of known attacks. This paper proposes a new secure authentication and key agreement mechanism based on certificateless public-key cryptography, named as SAKA, between two previously unknown parties, which provides stronger security assurances for SIP authentication and media stream, and is provably secure in the CK security model. Due to using certificateless public key cryptography, SAKA effectively avoids the requirement of a large Public Key Infrastructure and conquers the key escrow problem in previous schemes.

/pdf/a-new-provably-secure-authentication-and-key-agreement-12wbi61rdv.pdf

A New Provably Secure Authentication and Key Agreement Mechanism for SIP Using Certificateless Public-key Cryptography.

An efficient and provable secure identity-based ring signcryption scheme

The authentication procedure in session initiation protocol (SIP) typically uses HTTP digest authentication, which is vulnerable to many forms of known attacks. This paper proposes a new secure authentication and key agreement mechanism based on certificateless public-key cryptography(SAKA) between two previously unknown parties, which provides stronger security assurances for SIP authentication and media stream, and it is provably secure in the CK security model. Due to using certificateless public key cryptography, SAKA effectively avoids the requirement of a large Public Key Infrastructure and conquers the key escrow problem in previous schemes.

Fengjiao Wang

Papers

A new provably secure authentication and key agreement protocol for SIP using ECC

A new provably secure authentication and key agreement mechanism for SIP using certificateless public-key cryptography

A New Provably Secure Authentication and Key Agreement Mechanism for SIP Using Certificateless Public-key Cryptography.

An efficient and provable secure identity-based ring signcryption scheme

A New Provably Secure Authentication and Key Agreement Mechanism for SIP Using Certificateless Public-Key Cryptography