Showing papers on "Key escrow published in 2006"

Certificateless public-key signature : Security model and efficient construction

Abstract: Certificateless public-key cryptosystem is a new and attractive paradigm, which avoids the inherent key escrow property in identity-based public-key cryptosystems, and does not need expensive certificates as in the public key infrastructure. A strong security model for certificateless public key encryption was established by Al-Riyami and Paterson in 2003. In this paper, we first present a security model for certificateless public-key signature schemes, and then propose an efficient construction based on bilinear pairings. The security of the proposed scheme can be proved to be equivalent to the computational Diffie-Hellman problem in the random oracle model with a tight reduction.

Certificateless public-key signature: security model and efficient construction

Abstract: “Certificateless public-key cryptosystem” is a new and attractive paradigm, which avoids the inherent key escrow property in identity-based public-key cryptosystems, and does not need expensive certificates as in the public key infrastructure. A strong security model for certificateless public key encryption was established by Al-Riyami and Paterson in 2003. In this paper, we first present a security model for certificateless public-key signature schemes, and then propose an efficient construction based on bilinear pairings. The security of the proposed scheme can be proved to be equivalent to the computational Diffie-Hellman problem in the random oracle model with a tight reduction.

On constructing certificateless cryptosystems from identity based encryption

Abstract: Certificateless cryptography (CL-PKC) is a concept that aims at enjoying the advantages of identity based cryptography without suffering from its inherent key escrow. Several methods were recently suggested to generically construct a certificateless encryption (CLE) scheme by combining identity based schemes with ordinary public key cryptosystems. Whilst the security of one of these generic compositions was proved in a relaxed security model, we show that all them are insecure against chosen-ciphertext attacks in the strongest model of Al-Riyami and Paterson. We show how to easily fix these problems and give a method to achieve generic CLE constructions which are provably CCA-secure in the random oracle model. We finally propose a new efficient pairing-based scheme that performs better than previous proposals without pre-computation. We also prove its security in the random oracle model.

Self-Generated-Certificate Public Key Cryptography and Certificateless Signature / Encryption Scheme in the Standard Model.

Abstract: Certificateless Public Key Cryptography (CL-PKC) enjoys a number of features of Identity-Based Cryptography (IBC) while without having the problem of key escrow. However, it does suffer to an attack where the adversary, Carol, replaces Alice’s public key by someone’s public key so that Bob, who wants to send an encrypted message to Alice, uses Alice’s identity and other’s public key as the inputs to the encryption function. As a result, Alice cannot decrypt the message while Bob is unaware of this. We call it Denial-of-Decryption (DoD) Attack as its nature is similar to the well known Denial-of-Service (DoS) Attack. Based on CL-PKC, we propose a new paradigm called Self-Generated-Certificate Public Key Cryptography (SGC-PKC) that captures the DoD Attack. We also provide a generic construction of a self-generated-certificate public key encryption scheme in the standard model. Our generic construction uses certificateless signature and certificateless encryption as the building block. In addition, we further propose a certificateless signature and a certificateless encryption scheme with concrete implementation that are all provably secure in the standard model, which are the first in the literature regardless of the generic constructions by Yum and Lee which may contain security weaknesses as pointed out by others. We believe these concrete implementations are of independent interest.

An efficient certificateless signature scheme

Abstract: Certificateless public key cryptography (CLPKC) is a paradi-gm to solve the inherent key escrow problem suffered by identity-based cryptography (IBC). While certificateless signature is one of the most important security primitives in CLPKC, there are relatively few proposed schemes in the literature. In this paper, we manage to construct an efficient certificateless signature scheme based on the intractability of the computational Diffie-Hellman problem. By using a shorter public key, two pairing computations can be saved in the verification algorithm. Besides, no pairing computation is needed in the signing algorithm. The proposed scheme is existential unforgeable in the random oracle model. We also present an extended construction whose trust level is the same as that of a traditional signature scheme.

Security-Mediated certificateless cryptography

Abstract: We introduce the notion of security-mediated certificateless (SMC) cryptography. This allows more lightweight versions of mediated cryptography while maintaining the ability for instantaneous revocation of keys. Moreover, our solutions avoid key escrow, which has been used in all previous mediated cryptography algorithms. We provide a model of security against a fully-adaptive chosen ciphertext attacker, who may be a rogue key generation centre or any coalition of rogue users. We present a generic construction and also a concrete algorithm based on bilinear pairings. Our concrete scheme is more efficient than the identity-based mediated encryption scheme of Baek and Zheng in PKC 2004 which is provably secure in a comparable security model. In addition, our proposals can be easily extended to support distributed security mediators.

Breaking yum and lee generic constructions of certificate-less and certificate-based encryption schemes

Abstract: Identity-based public key cryptography is aimed at simplifying the management of certificates in traditional public key infrastructures by means of using the identity of a user as its public key. The user must identify itself to a trusted authority in order to obtain the secret key corresponding to its identity. The main drawback of this special form of public key cryptography is that it is key escrowed. Certificate-based and certificate-less cryptography have been recently proposed as intermediate paradigms between traditional and identity-based cryptography, seeking to simplify the management of certificates while avoiding the key escrow property of identity-based cryptography. In this work we cryptanalyse the certificate-based and certificate-less encryption schemes presented by Yum and Lee at EuroPKI 2004 and ICCSA 2004 conferences.

System and process for escrow of payments

Abstract: Escrow services involve an escrow agent who facilitates an exchange between two parties, typically a payer and a payee. The “cash on delivery” (“C.O.D.”) service is akin to an escrow service, although carriers do not favor C.O.D. services due to their costs. The claimed invention is a method and system which provides an escrow service akin to a C.O.D. service, allowing a carrier to provide the equivalent of a C.O.D. service while shifting payment management to the escrow agent. The system embodying the claimed invention includes electronic devices facilitating electronic communications between the payer and the payee to the transaction. In one embodiment, such electronic communications are provided via the short message service (SMS) feature available on mobile phones and include a notification to the payee that the purchased item was successfully delivered and that the escrowed funds shall be released and delivered to payee.

Methods and systems for key escrow

Abstract: An embodiment pertains generally to a method of storing keys The method includes receiving a request for generating a subject private key at a token processing system and generating a subject key pair, where the subject key pair includes a subject public and the subject private key The method also includes archiving the subject private key within the token processing system

On the Application of Identity-Based Cryptography in Grid Security

Abstract: This thesis examines the application of identity-based cryptography (IBC) in designing security infrastructures for grid applications. In this thesis, we propose a fully identity-based key infrastructure for grid (IKIG). Our proposal exploits some interesting properties of hierarchical identity-based cryptography (HIBC) to replicate security services provided by the grid security infrastructure (GSI) in the Globus Toolkit. The GSI is based on public key infrastructure (PKI) that supports standard X.509 certificates and proxy certificates. Since our proposal is certificate-free and has small key sizes, it offers a more lightweight approach to key management than the GSI. We also develop a one-pass delegation protocol that makes use of HIBC properties. This combination of lightweight key management and efficient delegation protocol has better scalability than the existing PKI-based approach to grid security. Despite the advantages that IKIG offers, key escrow remains an issue which may not be desirable for certain grid applications. Therefore, we present an alternative identity-based approach called dynamic key infrastructure for grid (DKIG). Our DKIG proposal combines both identity-based techniques and the conventional PKI approach. In this hybrid setting, each user publishes a fixed parameter set through a standard X.509 certificate. Although X.509 certificates are involved in DKIG, it is still more lightweight than the GSI as it enables the derivation of both long-term and proxy credentials on-the-fly based only on a fixed certificate. We also revisit the notion of secret public keys which was originally used as a cryptographic technique for designing secure password-based authenticated key establishment protocols. We introduce new password-based protocols using identity-based secret public keys. Our identity-based techniques can be integrated naturally with the standard TLS handshake protocol. We then discuss how this TLS-like identitybased secret public key protocol can be applied to securing interactions between users and credential storage systems, such as MyProxy, within grid environments.

New ID-based group signature from pairings

Abstract: We argue that traditional identity-based systems from pairings seem unsuitable for designing group signature schemes due to the problem of key escrow. In this paper we first propose new ID-based public key systems without trusted PKG (Private Key Generator) from bilinear pairings. In our new ID-based systems, if the dishonest PKG impersonates an honest user to communicate with others, the user can provide a proof of treachery of the PKG afterwards, which is similar to certificate-based systems. Therefore, our systems reach the Girault’s trusted level 3. We then propose a group signature scheme under the new ID-based systems, the security and performance of which rely on the new systems. The size of the group public key and the length of the signature are independent on the numbers of the group.

Secure and Efficient Threshold Key Issuing Protocol for ID-based Cryptosystems.

Abstract: Key issuing protocols deal with overcoming the two inherent problems: key escrow and secure channel requirement of the identity based cryptosystems. An efficient key issuing protocol enables the identity based cryptosystems to be more acceptable and applicable in the real world. We present a secure and efficient threshold key issuing protocol. In our protocol, neither KGC nor KPA can impersonate the users to obtain the private keys and thus it achieves the trust level III [16]. The protocol is secure against replay, man-in-the-middle and insider attacks.

Adaptive Chosen Ciphertext Secure Threshold Key Escrow Scheme from Pairing

Abstract: This paper proposes a threshold key escrow scheme from pairing. It tolerates the passive adversary to access any internal data of corrupted key escrow agents and the active adversary that can make corrupted servers to deviate from the protocol. The scheme is secure against threshold adaptive chosen-ciphertext attack. The formal proof of security is presented in the random oracle model, assuming the decision Bilinear Diffie-Hellman problem is computationally hard.

Malicious KGC Attacks in Certificateless Cryptography.

Abstract: Identity-based cryptosystems have an inherent key escrow issue, that is, the Key Generation Center (KGC) always knows user secret key. If the KGC is malicious, it can always impersonate the user. Certificateless cryptography, introduced by Al-Riyami and Paterson in 2003, is intended to solve this problem. However, in all the previously proposed certificateless schemes, it is always assumed that the malicious KGC starts launching attacks (so-called Type II attacks) only after it has generated a master public/secret key pair honestly. In this paper, we propose new security models that remove this assumption for both certificateless signature and encryption schemes. Under the new models, we show that a class of certificateless encryption and signature schemes proposed previously are insecure. These schemes still suffer from the key escrow problem. On the other side, we also give new proofs to show that there are two generic constructions, one for certificateless signature and the other for certificateless encryption, proposed recently that are secure under our new models.

Cryptanalysis of Sui et al.'s Second ID-based Key Issuing Protocol without Key Escrow ★

Abstract: Recently, Sui et al. proposed two separable and anonymous IDbased key issuing protocols without secure channel and claimed that their second protocol avoids the key escrow problem. However, in this paper, impersonation attack is proposed to show that Sui et al.’s second protocol is not free from the key escrow problem. We also show that their protocol cannot detect the able to access of illegitimate users instead it suffers from the stolenverifier attack.

Identity-based key issuing without secure channel in a broad area

Abstract: Despite many advantages of identity (ID)-based cryptosystems in removing certificates of public keys over the traditional public key cryptosystems (PKC), some problems related to the inherent key escrow property, user authentication and the need for the confidential channel for private key distribution remain as important issues to be resolved. In this paper, we propose a new key issuing scheme reasonably reducing the burden employed to a trust key issuing authority called key generation center (KGC) in checking the identifications of all users maintained by the KGC by means of separating the duties of the KGC; user identification function by a local trust authority, and private key extracting and issuing function by the KGC, respectively. Furthermore, our scheme provides secure transmission channel through blinding technique between the KGC and users, and deals efficiently with the key escrow problem. Hence, our scheme makes ID-PKC more applicable to real environment, and cover the wider area.

The algorithm to enhance the security of multi-agent in distributed computing environment

Abstract: The usages of public key infrastructure (PKI) in secure e-mail service, e-commerce service, client authentication service with SSL, etc. have increased. However, a PKI faces many challenges in the practice, especially the scalability of the infrastructure. ID-based cryptosystem (ID-C) has been proposed to solve the problems of PKI by eliminating the necessity for the infrastructure to authenticate public keys and manage directories to store certificates. But, the key escrow is integrated in this setting such that private key generator can easily threaten security of agents. In this paper, to enhance the security of multi-agent in distributed computing environment, we first propose an ID-based threshold decryption scheme without key escrow which has a lost share recovery property. Also, the proposed scheme can provide the group division/merge and key update scheme for a dynamic group membership.

Security analysis and improvement for key issuing schemes in ID-Based cryptography

Abstract: In this paper, we analyze some serious weakness for security of existing key issuing schemes in identity(ID)-based cryptosystems which were proposed in order to eliminate key escrow property and remove the need of secure channel, and describe some attacks for them. In addition, we present the improved key issuing protocols for each scheme with weakness, which can resist the attack and overcome key escrow problem.

Research on Key Management Schemes for IBE

Abstract: In IBE system,key update and key escrow are difficult problems which couldn’t be well solved.This paper introduces some typical key management schemes for IBE.From engineering application point of view,it compares these schemes from security,system complexity(cost),adaptability and other aspects.

An Improved Certificateless Public Key Encryption

Abstract: The concept of Identity Based Encryption — IBE — system was proposed by [Sh4] for which the public key can be the identity itself. [BoFr1] presented an IBE system based on bilinear pairing functions, that requires a Public Key Generator — PKG. The PKG needs to be trusted in the sense that it can generate any of the private keys, i.e., it can exercise the so-called key escrow, which is undesirable in many applications. On the other hand this system does not require the so-called Public Key Infrastructure — PKI — with its complex and costly management of Digital Certificates. [AlPa3] proposed a Certificateless Public Key Encryption — CL-PKE — scheme, i.e., a cryptographic scheme which does not require either a Digital Certificate to certify the public key or a PKI. It is also based on bilinear pairing functions. In CL-PKE an adversary A may replace the victm’s public key with another one, say X, so thatA knows the private key corresponding toX; but still A is not able to decrypt the message encrypted with the original published public key. This important property is accomplished by the fact that only the PKG can bind the key pair for any other entity with that entity. For a secure CL-PKE scheme the public key of an entity can be bound to an identity of the entity without any security measure. Furthermore, it is key escrow free, which is not achieved in the framework proposed in [Sh4]. In this paper we construct a CL-PKE scheme based on bilinear pairing functions which: (1) does not allow key escrow by the PKG; (2) does not require Digital Certificates; (3) is more efficient on computation than previously published IBE or CL-PKE schemes ([BoFr1], [Ge3], [AlPa3], [AlPa5], [ChCo5], [Ga5]); (4) and is secure in the sense that it is strong against IND-CCA2 attack 1 [Be8a], based on the Random Oracle Model [Be8a] and the difficulty of the BDH Problem [ChLe2]. For the security proof we reduce (in polynomial time) the problem of solving the BDH Problem to the IND-CCA2 attack against our CL-PKE. The BDH Problem is as follows: (1) Let G1 and G2 be two groups of prime order q and let e : G1 ×G1 → G2 be a bilinear pairing function; (2) Given P ∈ G1, a, b, c ∈ Z∗ q

Key Management Using Certificate-Based Cryptosystem in Ad Hoc Networks

Abstract: This paper proposed a distributed key management approach by using the recently developed concepts of certificate-based cryptosystem and threshold secret sharing schemes. Without any assumption of prefixed trust relationship between nodes, the ad hoc network works in a self-organizing way to provide the key generation and key management services using threshold secret sharing schemes, which effectively solves the problem of single point of failure. The proposed approach combines the best aspects of identity-based key management approaches (implicit certification) and traditional public key infrastructure approaches (no key escrow).

Adaptive Chosen Ciphertext Secure Threshold Key Escrow Scheme from Pairing

Abstract: This paper proposes a threshold key escrow scheme from pairing. It tolerates the passive adversary to access any internal data of corrupted key escrow agents and the active adversary that can make ...

Cryptanalysis and Improvement on An ID-Based Key Issuing Protocol

Abstract: In this paper we analyze an ID-based key issuing protocol due to Gangishetti et al., designed for eliminating the need of secure channel between PKG and users and avoiding the key escrow problem. Their protocol consists of five sub-protocols, namely system setup, system public key setup, key issuing, key securing and key retrieving. We show that both the key issuing and the key securing sub-protocols suffer from impersonation attacks. Further, we present an improved key issuing protocol which is proved to be secure against adaptive chosen message attack in the random oracle model under the CDH assumption

An Improved Anonymous ID-Based Key Issuing Protocol

Abstract: ID-based cryptosystems have several advantages over the traditional PKC (Public Key Cryptosystems), but how to obtain the private key anonymously from them is still an open problem. Sui et al. proposed an ID-based key issuing protocol addressed the anonymity issue recently. But in their scheme, the one time password must be strictly protected, and any adversary can pass the identity verification by replacing the legal user’s authentication parameters. An improved key issuing scheme is proposed to remove these limitations in this paper. Compared with Sui et al.’s scheme, the new scheme has illustrated higher security and better efficiency, and preserves all the other advantages of the original one. An extension of our scheme to remove key escrow problem is also presented.

Cryptographic system and method with key escrow function

Abstract: PROBLEM TO BE SOLVED: To provide a commercial key escrow system that operates by a method of inspiring credit and confidence of the users by using the algorithm disclosed, and solving the problem brought up by national security and by request from the police. SOLUTION: A cryptographic system and method with a key escrow function that uses a method for dividing user's a secret encryption key into components and for transmitting those components to a trusted agent chosen by the specified user and a method of receiving a key escrow and an escrow authentication to be executed by a chip device for self-certification are also applied to a more generalized case of registering a trusted device 150 with a trusted third party and receiving the authorization enabling the device to communicate with other trusted devices from that party. The method comprises a step of escrowing a plurality of asymmetric encryption keys to be used by a plurality of users in a trusted escrow center 153; a step of confirming the plurality of keys in the escrow center; and a step of authenticating the authorities of the plurality of keys at the time of confirming. COPYRIGHT: (C)2006,JPO&NCIPI