scispace - formally typeset
Search or ask a question

Showing papers on "Key escrow published in 2007"


Proceedings ArticleDOI
20 Mar 2007
TL;DR: Wang et al. as discussed by the authors proposed new security models that remove this assumption for both certificateless signature and encryption schemes and showed that a class of certificateless encryption and signature schemes proposed previously are insecure.
Abstract: Identity-based cryptosystems have an inherent key escrow issue, that is, the Key Generation Center (KGC) always knows user secret key. If the KGC is malicious, it can always impersonate the user. Certificateless cryptography, introduced by Al-Riyami and Paterson in 2003, is intended to solve this problem. However, in all the previously proposed certificateless schemes, it is always assumed that the malicious KGC starts launching attacks (so-called Type II attacks) only after it has generated a master public/secret key pair honestly. In this paper, we propose new security models that remove this assumption for both certificateless signature and encryption schemes. Under the new models, we show that a class of certificateless encryption and signature schemes proposed previously are insecure. These schemes still suffer from the key escrow problem. On the other side, we also give new proofs to show that there are two generic constructions, one for certificateless signature and the other for certificateless encryption, proposed recently that are secure under our new models.

212 citations


Proceedings ArticleDOI
20 Mar 2007
TL;DR: A certificateless signature and a certificateless encryption scheme with concrete implementation that are all provably secure in the standard model, which are the first in the literature regardless of the generic constructions by Yum and Lee which may contain security weaknesses as pointed out by others.
Abstract: Certificateless Public Key Cryptography (CL-PKC) enjoys a number of features of Identity-Based Cryptography (IBC) while without having the problem of key escrow. However, it does suffer from an attack where the adversary, Carol, replaces Alice's public key by someone's public key so that Bob, who wants to send an encrypted message to Alice, uses Alice's identity and other's public key as the inputs to the encryption function. As a result, Alice cannot decrypt the message while Bob is unaware of this. We call it Denial-of-Decryption (DoD) Attack as its nature is similar to the well known Denial-of-Service (DoS) Attack. Based on CL-PKC, we propose a new paradigm called Self-Generated-Certificate Public Key Cryptography (SGC-PKC) that captures the DoD Attack. We also provide a generic construction of a self-generated-certificate public key encryption scheme in the standard model. Our generic construction uses certificateless signature and certificateless encryption as the building block.In addition, we further propose a certificateless signature and a certificateless encryption scheme with concrete implementation that are all provably secure in the standard model, which are the first in the literature regardless of the generic constructions by Yum and Lee which may contain security weaknesses as pointed out by others. We believe these concrete implementations are of independent interest.

202 citations


Book ChapterDOI
19 Aug 2007
TL;DR: The concept of Traceable Identity based Encryption is introduced, a new approach to mitigate the (inherent) key escrow problem in identity based encryption schemes and does not require multiple key generation authorities.
Abstract: One day, you suddenly find that a private key corresponding to your Identity is up for sale at e-Bay. Since you do not suspect a key compromise, perhaps it must be the PKG who is acting dishonestly and trying to make money by selling your key. How do you find out for sure and even prove it in a court of law? This paper introduces the concept of Traceable Identity based Encryption which is a new approach to mitigate the (inherent) key escrow problem in identity based encryption schemes. Our main goal is to restrict the ways in which the PKG can misbehave. In our system, if the PKG ever maliciously generates and distributes a decryption key for an Identity, it runs the risk of being caught and prosecuted. In contrast to other mitigation approaches, our approach does not require multiple key generation authorities.

180 citations


Book ChapterDOI
02 Jul 2007
TL;DR: This work proposes the first single sign-on system in which a user can access services using unlinkable digital pseudonyms that can all be revoked in case she abuses any one service.
Abstract: We propose the first single sign-on system in which a user can access services using unlinkable digital pseudonyms that can all be revoked in case she abuses any one service. Our solution does not rely on key escrow: a user needs to trust only her own computing device with following our protocols in order to be assured of the unconditional untraceability and unlinkability of her pseudonyms. Our solution involves two novel ingredients: a technique for invisibly chaining the user's pseudonyms such that all of them can be revoked on the basis of any one of them (without knowing the user's identity with the issuer) and a sublinear-time proof that a committed value is not on a list without revealing additional information about the value. Our solution is highly practical.

76 citations


Proceedings ArticleDOI
21 May 2007
TL;DR: Simulation results show that HIKES provides an efficient and scalable solution to the key management problem and shows robustness against most known routing attacks.
Abstract: This paper presents hierarchical key establishment scheme (HIKES) for wireless sensor networks. In this scheme, the base station, acting as the central trust authority, empowers randomly selected sensors to act as local trust authorities authenticating on its behalf the cluster members and issuing all secret keys. HIKES uses a partial key escrow scheme that enables any sensor node selected as a cluster head to generate all the cryptographic keys needed to authenticate other sensors within its cluster. This scheme localizes authentication and key distribution, thereby reducing the communication cost with the base station. HIKES also provides one-step broadcast authentication mechanism and shows robustness against most known routing attacks. Simulation results show that HIKES provides an efficient and scalable solution to the key management problem.

51 citations


Posted Content
TL;DR: This paper proposes a new secure authentication and key agreement mechanism based on certificateless public-key cryptography SAKA between two previously unknown parties, which provides stronger security assurances for SIP authentication and media stream, and it is provably secure in the CK security model.
Abstract: The session initiation protocol (SIP) is considered as the dominant signaling protocol for calls over the internet. However, SIP authentication typically uses HTTP digest authentication, which is vulnerable to many forms of known attacks. This paper proposes a new secure authentication and key agreement mechanism based on certificateless public-key cryptography, named as SAKA, between two previously unknown parties, which provides stronger security assurances for SIP authentication and media stream, and is provably secure in the CK security model. Due to using certificateless public key cryptography, SAKA effectively avoids the requirement of a large Public Key Infrastructure and conquers the key escrow problem in previous schemes.

45 citations


Journal ArticleDOI
TL;DR: This work presents a secure and robust protocol for key issuing in identity-based cryptosystems by using the concept of threshold cryptos System, which avoids the practical limitation of mandatorily available authorities.

31 citations


Journal ArticleDOI
TL;DR: This paper proposes the first certificateless threshold decryption scheme which avoids both the single point of failure in the distributed networks and the inherent key escrow problem in identity-based cryptosystem.

24 citations


Posted Content
TL;DR: In this article, the authors proposed an efficient perfect forward secure identity-based key agreement protocol in the escrow mode, assuming the intractability of the Gap Bilinear Diffie-Hellman (GBDH) problem.
Abstract: There are several essential features in key agreement protocols such as key escrow (essential when confidentiality, audit trail and legal interception are required) and perfect forward secrecy (i.e., the security of a session key established between two or more entities is guaranteed even when the private keys of the entities are compromised). Majority of the existing escrowable identity-based key agreement protocols, however, only provide partial forward secrecy. Therefore, such protocols are unsuitable for real-word applications that require a stronger sense of forward secrecy — perfect forward secrecy. In this paper, we propose an efficient perfect forward secure identity-based key agreement protocol in the escrow mode. We prove the security of our protocol in the random oracle model, assuming the intractability of the Gap Bilinear Diffie-Hellman (GBDH) problem. Security proofs are invaluable tools in assuring protocol implementers about the security properties of protocols. We note, however, that many existing security proofs of previously published identity-based protocols entail lengthy and complicated mathematical proofs. In this paper, our proof adopts a modular approach and, hence, simpler to follow.

23 citations


Journal ArticleDOI
TL;DR: An identity-based threshold decryption scheme IB-ThDec is proposed and its security is reduced to the Bilinear Diffie-Hellman problem and the formal proof of security of this scheme is provided in the random oracle model.

23 citations


Journal ArticleDOI
TL;DR: A self-certified signature scheme (SCS) from pairings on elliptic curves is proposed that incorporates the advantages of self- Certified public keys and pairings and can also provide an implicit as well as mandatory verification of public keys.

Proceedings ArticleDOI
15 Dec 2007
TL;DR: This paper proposes a new secure authentication and key agreement mechanism based on certificateless public-key cryptography SAKA between two previously unknown parties, which provides stronger security assurances for SIP authentication and media stream, and it is provably secure in the CK security model.
Abstract: The authentication procedure in session initiation protocol (SIP) typically uses HTTP digest authentication, which is vulnerable to many forms of known attacks. This paper proposes a new secure authentication and key agreement mechanism based on certificateless public-key cryptography(SAKA) between two previously unknown parties, which provides stronger security assurances for SIP authentication and media stream, and it is provably secure in the CK security model. Due to using certificateless public key cryptography, SAKA effectively avoids the requirement of a large Public Key Infrastructure and conquers the key escrow problem in previous schemes.

Proceedings ArticleDOI
18 Sep 2007
TL;DR: This work presents a new model of verifiable certificateless ring signcryption schemes (VCRSS), and argues that it is an important cryptographic primitive for private and anonymous communication and proves that the scheme is secure in random oracle model.
Abstract: We present a new model of verifiable certificateless ring signcryption schemes (VCRSS). We argue that it is an important cryptographic primitive for private and anonymous communication. We also propose an efficient VCRSS scheme based on bilinear pairing. In anonymous communications, our scheme allows the message sender to send the message anonymously, while the confidentiality and authenticity of the message are realized at the same time. If necessary, the real sender can prove his/her identity. Since the previous constructions of ring signcryption rely on the identity-based cryptology, key escrow problem is inevitable. We show that in our new scheme, the problem of key escrow is eliminated. We also prove that our scheme is secure in random oracle model.

Posted Content
TL;DR: The concept of Accountable Authority Identity Based Encryption (AIBE) was introduced in this paper, which is a new approach to mitigate the key escrow problem in identity-based encryption schemes.
Abstract: One day, you suddenly find that a private key corresponding to your Identity is up for sale at e-Bay. Since you do not suspect a key compromise, perhaps it must be the PKG who is acting dishonestly and trying to make money by selling your key. How do you find out for sure and even prove it in a court of law? This paper introduces the concept of Accountable Authority Identity based Encryption (AIBE). A-IBE is a new approach to mitigate the (inherent) key escrow problem in identity based encryption schemes. Our main goal is to restrict the ways in which the PKG can misbehave. In our system, if the PKG ever maliciously generates and distributes a decryption key for an Identity, it runs the risk of being caught and prosecuted. In contrast to other mitigation approaches, our approach does not require multiple key generation authorities.

Posted Content
TL;DR: A proxy signature scheme using bilinear pairings that provides effective proxy revocation that overcomes the key escrow problem and fulfills the necessary security requirements of proxy signature and resists other possible threats.
Abstract: We present a proxy signature scheme using bilinear pairings that provides effective proxy revocation. The scheme uses a binding-blinding technique to avoid secure channel requirements in the key issuance stage. With this technique, the signer receives a partial private key from a trusted authority and unblinds it to get his private key, in turn, overcomes the key escrow problem which is a constraint in most of the pairing-based proxy signature schemes. The scheme fulfills the necessary security requirements of proxy signature and resists other possible threats.

Journal ArticleDOI
TL;DR: To solve the inherent key escrow problem of identity-based cryptography, an escrow-free certificate-based authenticated key agreement (CB-AK) protocol with perfect forward secrecy is proposed, which makes use of pairings on elliptic curves.
Abstract: Key agreement protocols are essential for secure communications. In this paper, to solve the inherent key escrow problem of identity-based cryptography, an escrow-free certificate-based authenticated key agreement (CB-AK) protocol with perfect forward secrecy is proposed. Our protocol makes use of pairings on elliptic curves. The protocol is described and its properties are discussed though comparison with Smart’s protocol.

Journal ArticleDOI
TL;DR: The two faces of key escrow in MANETs are discussed, where the analytical results show that in many MANET applications the KGC can be prevented from being a key Escrow.
Abstract: Recently, Identity-Based Cryptography (IBC) schemes have been considered as a tool to secure Mobile Ad Hoc Networks (MANETs) due to the efficient key management of the schemes. In this work, we focus on the role of the Key Generation Centre (KGC) as a key escrow, a property that is inherent to all IBC schemes. We explore the special role of key escrow in MANETs and show that this role significantly differs from key escrows in other networks. We introduce two adversary models for dishonest KGCs in MANETs, including a new spy model where a KGC uses so-called spy nodes that record communications in the network and report them to the KGC. We discuss the two faces of key escrow in MANETs, where our analytical results show that in many MANET applications the KGC can be prevented from being a key escrow. On the other hand, the results of this paper illustrate how a KGC can utilise spy nodes to monitor nodes in a MANET, as needed in some applications.

Journal Article
TL;DR: In this paper, a binding-blinding proxy signature scheme using bilinear pairings was proposed to avoid secure channel requirements in the key issuance stage, where the signer receives a partial private key from a trusted authority and unblinds it to get his private key, in turn, overcomes the key escrow problem which is a constraint in most pairing-based proxy signature schemes.
Abstract: We present a proxy signature scheme using bilinear pairings that provides effective proxy revocation. The scheme uses a binding-blinding technique to avoid secure channel requirements in the key issuance stage. With this technique, the signer receives a partial private key from a trusted authority and unblinds it to get his private key, in turn, overcomes the key escrow problem which is a constraint in most of the pairing-based proxy signature schemes. The scheme fulfills the necessary security requirements of proxy signature and resists other possible threats.

Book ChapterDOI
12 Feb 2007
TL;DR: Designing the security protocols to mitigate man-in-the-middle attacks in bank-card payment systems will include most of the hot topics of IT policy over the last ten years as subproblems.
Abstract: Existing bank-card payment systems, such as EMV, have two serious vulnerabilities: the user does not have a trustworthy interface, and the protocols are vulnerable in a number of ways to man-in-the-middle attacks. Moving to RFID payments may, on the one hand, let bank customers use their mobile phones to make payments, which will go a fair way towards fixing the interface problem; on the other hand, protocol vulnerabilities may become worse. By 2011 the NFC vendors hope there will be 500,000,000 NFC-enabled mobile phones in the world. If these devices can act as cards or terminals, can be programmed by their users, and can communicate with each other, then they will provide a platform for deploying all manner of protocol attacks. Designing the security protocols to mitigate such attacks may be difficult. First, it will include most of the hot topics of IT policy over the last ten years (from key escrow through DRM to platform trust and accessory control) as subproblems. Second, the incentives may lead the many players to try to dump the liability on each other, leading to overall system security that is equivalent to the weakest link rather than to sum-of-efforts and is thus suboptimal.

Proceedings ArticleDOI
21 May 2007
TL;DR: The proposed MCL-PKE scheme solves the inherent key escrow problem of traditional identity-based cryptosystems and provides instantaneous revocation property simultaneously and is IND-CCA secure against two types of adversaries in random oracle based on the hardness of the computational Diffie-Hellman problem.
Abstract: It has always been a critical issue to find efficient methods for fast revocation of a user's identity in traditional ID-based crypto systems. In this paper, we present an efficient mediated certificateless public-key encryption scheme (MCL-PKE for short) without using bilinear pairing. The proposed MCL-PKE scheme solves the inherent key escrow problem of traditional identity-based cryptosystems and provides instantaneous revocation property simultaneously. In addition, our scheme is IND-CCA secure against two types of adversaries in random oracle based on the hardness of the computational Diffie-Hellman problem.

Proceedings ArticleDOI
01 Nov 2007
TL;DR: This paper proposes a practical certificateless signature (CLS) scheme based on bilinear pairings that can be proved to be equivalent to the Inverse Computational Diffie-Hellman problem and q- Strong Diffie the Hellman problem in the random oracle model.
Abstract: In Asiacrypt'03, Al-Riyami and Paterson introduced the concept of certificateless public key cryptography (CLPKC). CLPKC is a paradigm to solve the inherent key escrow problem suffered by identity-based cryptography (IBC). In this paper, we propose a practical certificateless signature (CLS) scheme based on bilinear pairings. Three pairing computations can be used in the verification algo- rithm of our scheme, in contrast to at least four pairing in the verification phase of previous provably secure CLS schemes. In addition, only one pairing which is precom- putable can be saved in the sign algorithm. The security of the proposed scheme can be proved to be equivalent to the Inverse Computational Diffie-Hellman problem and q- Strong Diffie-Hellman problem in the random oracle model.

01 Jan 2007
TL;DR: This work constructs a Certificateless Public Key Signature scheme - CL-PKS, i.e., a crypto- graphic signature scheme which does not require any Digital Certificate to verify a signature generated by a private key, based on asymmetric bilinear pairing functions.
Abstract: We construct a Certificateless Public Key Signature scheme - CL-PKS, i.e., a crypto- graphic signature scheme which does not require any Digital Certificate to verify a signature generated by a private key, based on asymmetric bilinear pairing functions. Our scheme does not allow the so-called key escrow. We analyze both its efficiency and security: it is more efficient than previously published CL-PKS schemes, with shorter signatures and public keys; we prove it is strong against adap- tively chosen message attacks, based on the computational difficulty of the Diffie-Hellman Problems.

Book ChapterDOI
22 May 2007
TL;DR: This paper first presents a secure key issuing and updating model for identity-based cryptosystems, and formalizes the definition and security notion of the corresponding encryption scheme (IBKUE) and signature scheme ( IBKUS), and proposes an IBKUE scheme based on Boneh-Franklin's scheme and anIBKUS schemeBased on Cha-Cheon's scheme that are provably secure in the random oracle model.
Abstract: Standard identity-based cryptosystems typically rely on the assumption that secret keys are kept perfectly secure. However, in practice, there are two threats to the key security in identity-based cryptosystems. One inherent problem is key escrow, that is, the Key Generation Center (KGC) always knows a user's secret key and the malicious KGC can impersonate the user. Meanwhile, another threat is that a user's secret key may be exposed to an adversary in an insecure device, and key exposure typically means that security is entirely lost. At present, there is no solution that can simultaneously solve both of above problems. In this paper, we first present a secure key issuing and updating model for identity-based cryptosystems. Our suggestion is an intermediate between the identity-based key insulation and distributing authorities approach, and can simultaneously solve both key escrow and key exposure problems. We formalize the definition and security notion of the corresponding encryption scheme (IBKUE) and signature scheme (IBKUS), and then propose an IBKUE scheme based on Boneh-Franklin's scheme [2] and an IBKUS scheme based on Cha-Cheon's scheme [9]. Both of the schemes are secure in the remaining time periods against an adversary who compromises the KGC and obtains a user's secret key for the time periods of its choice. All the schemes in this paper are provably secure in the random oracle model.

Journal Article
TL;DR: The proposed scheme not only solves the problem of"once monitor, monitor forever", but also monitor agency can exactly decide which escrow agency forges or tampers secret shadow during monitor procedure.
Abstract: Since this secret sharing scheme is based on a status-tree,it holds characteristic with the more efficiency and smaller computing.The proposed scheme not only solves the problem of"once monitor,monitor forever",but also monitor agency can exactly decide which escrow agency forges or tampers secret shadow during monitor procedure.At the same time,monitor agency can easily reconstruct session key when an escrow agency or a few agencies is not cooperating.

Book ChapterDOI
01 Jan 2007
TL;DR: Secure Hierarchical Energy-Efficient Routing protocol (SHEER) as mentioned in this paper uses a probabilistic broadcast mechanism and a three-level hierarchical clustering architecture to improve the network energy performance and increase its lifetime.
Abstract: This research addresses communication security in the highly constrained wireless sensor environment. The goal of the research is twofold: (1) to develop a key management scheme that provides these constrained systems with the basic security requirements and evaluate its effectiveness in terms of scalability, efficiency, resiliency, connectivity, and flexibility, and (2) to implement this scheme on an appropriate routing platform and measure its efficiency. The proposed key management scheme is called Hierarchical Key Establishment Scheme (HIKES). In HIKES, the base station, acting as the central trust authority, empowers randomly selected sensors to act as local trust authorities, authenticating on its behalf the cluster members and issuing to them all secret keys necessary to secure their communications. HIKES uses a novel key escrow scheme that enables any sensor node selected as a cluster head to generate all the cryptographic keys needed to authenticate other sensors within its cluster. This scheme localizes secret key issuance and reduces the communication cost with the base station. The key escrow scheme also provides the HIKES with as large an addressing mechanism as needed. HIKES also provides a one-step broadcast authentication mechanism. HIKES provides entity authentication to every sensor in the network and is robust against most known attacks. We propose a hierarchical routing mechanism called Secure Hierarchical Energy-Efficient Routing protocol (SHEER). SHEER implements HIKES, which provides the communication security from the inception of the network. SHEER uses a probabilistic broadcast mechanism and a three-level hierarchical clustering architecture to improve the network energy performance and increase its lifetime. Simulation results have shown that HIKES provides an energy-efficient and scalable solution to the key management problem. Cost analysis shows that HIKES is computationally efficient and has low storage requirement. Furthermore, high degree of address flexibility can be achieved in HIKES. Therefore, this scheme meets the desired criteria set forth in this work. Simulation studies also show that SHEER is more energy-efficient and has better scalability than the secure version of LEACH using HIKES.

Proceedings ArticleDOI
15 Dec 2007
TL;DR: This work analyzes an threshold key issuing protocol due to Gangishetti et al. and shows that the protocol suffers from the attacks of the malicious KGC and the users can deny that they have never received the key.
Abstract: Key issuing protocols deal with overcoming the two inherent problems: key escrow and secure channel requirement of the identity based cryptosystems. An efficient and secure key issuing protocol enables the identity-based cryptosystems to be applicable in the real world. We analyze an threshold key issuing protocol due to Gangishetti et al. and show that the protocol suffers from the attacks of the malicious KGC and the users can deny that they have never received the key. Furthermore, we present an improved protocol, which is undeniable and secure against KGC's attacks.