Showing papers on "Key escrow published in 2011"

A scalable and efficient key escrow model for lawful interception of IDBC-based secure communication

Abstract: Key escrowing is one of the core technologies for the lawful interception (LI) of secure communications in the wired and wireless networks. Although many previous studies on the key escrowing have been done before, they are insufficient to be deployed in practical networks due to conflicts with the LI requirements. Moreover, there is lack of consideration on the LI of ID-based cryptosystem (IDBC)-based secure communication because the interest of the LI was moved to the industries and IDBC has the inherent key escrowing property. However, the inherent property of IDBC cannot prevent ‘illegal’ eavesdropping of all the communications in the networks from the law enforcement agency with the ‘legally’ obtained key. Thus, we propose a new key escrow model that satisfies the requirements of LI and overcomes the potential threats of IDBC. Our contributions enable the scalable and efficient key escrowing for the LI of secure one-way and two-pass communication in the mobile networks. Copyright © 2010 John Wiley & Sons, Ltd. (A part of this paper was presented in IEEE International Conference on Consumer Electronics '09 [1].)

A pairing-based publicly verifiable secret sharing scheme

Abstract: A publicly verifiable secret sharing (PVSS) scheme is a verifiable secret sharing scheme with the special property that anyone is able to verify the shares whether they are correctly distributed by a dealer. PVSS plays an important role in many applications such as electronic voting, payment systems with revocable anonymity, and key escrow. Up to now, all PVSS schemes are based on the traditional public-key systems. Recently, the pairing-based cryptography has received much attention from cryptographic researchers. Many pairing-based schemes and protocols have been proposed. However, no PVSS scheme using bilinear pairings is proposed. This paper presents the first pairing-based PVSS scheme. In the random oracle model and under the bilinear Diffie-Hellman assumption, the authors prove that the proposed scheme is a secure PVSS scheme.

Poster: a certificateless proxy re-encryption scheme for cloud-based data sharing

Abstract: We propose CL-PRE, a certificateless proxy re-encryption scheme for data sharing with cloud. In CL-PRE, a data owner encrypts shared data in cloud with an encryption key, which is further encrypted and transformed by cloud, and then distributed to legitimate recipients for access control. Uniquely, the cloud-based transformation leverages re-encryption keys derived from private key of data owner and public keys of receipts, and eliminates the key escrow problem with identity based cryptography and the need of certificate. While preserving data and key privacy from semi-trusted cloud, CL-PRE maximumly leverages cloud resources to reduce the computing and communication cost for data owner. We implement CL-PRE and evaluate its security and performance.

Short and efficient certificate-based signature

Abstract: In this paper, we propose a short and efficient certificate-based signature (CBS) scheme. Certificate-based cryptography proposed by Gentry [6] combines the merit of traditional public key cryptography (PKI) and identity based cryptography, without use of the costly certificate chain verification process and the removal of key escrow security concern. Under this paradigm, we propose the shortest certificate-based signature scheme in the literature. We require one group element for the signature size and public key respectively. Thus the public information for each user is reduced to just one group element. It is even shorter than the state-of-the-art PKI based signature scheme, which requires one group element for the public key while another group element for the certificate. Our scheme is also very efficient. It just requires one scalar elliptic curve multiplication for the signing stage. Our CBS is particularly useful in power and bandwidth limited environment such as Wireless Cooperative Networks.

A Certificateless Proxy Ring Signature Scheme with Provable Security

Abstract: Proxy ring signature allows proxy signer to sign messages on behalf of the original signer while providing anonymity Certificateless public key cryptography was first introduced by Al-Riyami and Paterson in Asiacrypt 2003 In certificateless cryptography, it does not require the use of certificates to guarantee the authenticity of users' public keys Meanwhile, certificateless cryptography does not have the key escrow problem, which seems to be inherent in the Identity-based cryptography In this paper, we introduce the notion of proxy ring signature into certificateless public key cryptography and propose a concrete certificateless proxy ring signature scheme The security models of certificateless proxy ring signature are also formalized The security of the proposed scheme can be proved to be equivalent to the computational Diffe-Hellman problem in the random oracle with a tight reduction

On the Security of a Certificateless Aggregate Signature Scheme

Abstract: Certificateless cryptography eliminates the need of certificates in public key cryptosystems and solves the inherent key escrow problem in identity-based cryptosystems. An aggregate signature scheme is a signature scheme which allows to aggregate n signatures on n distinct messages from n distinct users into a single signature. Recently, Zhang and Zhang proposed a certificateless aggregate signature scheme provably secure in the random oracle model under the Computational Diffie-Hellman assumption. In this paper, we propose a novel fundamental security requirement for certificateless aggregate signature schemes, called coalition resistance, by presenting coalition attacks on Zhang-Zhang's scheme.

Authentication group key management method based on identity

Abstract: The present invention discloses a identity-based authentication group key management method which comprises the following steps: embedding ID into key with bilinear pairing in elliptic curve; generating Ci as part of main key ui according to the secret key and ID of group member ui by key generating center, and transmitting the Ci to ui through overt channel; generating main key according to Ci and its own secret key by each group member ui; calculating overt key verification information according to Hash value of main key and over key by each group member, and broadcasting the link between over key and verification information inside the group; calculating the secret value sharing with left and right neighbors when the received information is verified to be true by each group member, and calculating the group member information Xi included in group session key according to the secret value, and then broadcasting the Xi inside the group; calculating group session key K according to all Xj, j=1, ...,n, by each group member. The invention has the advantages of no key escrow and no need of secure channel, which can be applied in coordination and distributed network as secure reliable group communication.

Strong Security Enabled Certificateless Aggregate Signatures Applicable to Mobile Computation

Abstract: An aggregate signature scheme allows a public algorithm to aggregate n signatures of n distinct messages from n signers into a single signature. By validating the single resulting signature, one can be convinced that the messages have been endorsed by all the signers. Certificateless aggregate signatures allow the signers to authenticate messages without suffering from the complex certificate management in the traditional public key cryptography or the key escrow problem in identity-based cryptography. In this paper, we present a new efficient certificate less aggregate signature scheme. Compared with up-to-date certificate less aggregate signatures, our scheme is equipped with a number of attracting features: (1) it is shown to be secure under the standard computational Diffie-Hellman assumption in the random oracle model, (2) the security is proven in the strongest security model so far, (3) the signers do not need to be synchronized, and (4) its performance is comparable to the most efficient up-to-date schemes. These features are desirable in a mobile networking and computing environment where the storage/computation capacity of the end devices are limited, and due to the wireless connection and distributed feature, the computing devices are easy to be attacked and hard to be synchronized.

A Certificateless Key Management Scheme in Mobile Ad Hoc Networks

Abstract: Key management plays an important role in the security of today's information technology, especially in wireless and mobile environments like mobile ad hoc networks (MANETs) in which key management has received more and more attention for the difficulty to be implemented in such dynamic network. Traditional key management schemes are mainly based on PKI and identity-based public key cryptography (ID-PKC), which suffers from the computational costs of certificate verification and the key escrow problem. In this paper, we present a novel distributed key management scheme, a combination of certificateless public key cryptography (CL-PKC) and threshold cryptography, which not only eliminates the need for certificate-based public key distribution and the key escrow problem but also prevents single point of failure.

Incentive-compatible escrow mechanisms

Abstract: The most prominent way to establish trust between buyers and sellers on online auction sites are reputation mechanisms. Two drawbacks of this approach are the reliance on the seller being long-lived and the susceptibility to whitewashing. In this paper, we introduce so-called escrow mechanisms that avoid these problems by installing a trusted intermediary which forwards the payment to the seller only if the buyer acknowledges that the good arrived in the promised condition. We address the incentive issues that arise and design an escrow mechanism that is incentive compatible, efficient, interim individually rational and ex ante budget-balanced. In contrast to previous work on trust and reputation, our approach does not rely on knowing the sellers' cost functions or the distribution of buyer valuations.

SC-OA: A Secure and Efficient Scheme for Origin Authentication of Interdomain Routing in Cloud Computing Networks

Abstract: IP prefix hijacking is one of the top threats in the cloud computing Internets. Based on cryptography, many schemes for preventing prefix hijacks have been proposed. Securing binding between IP prefix and its owner underlies these schemes. We believe that a scheme for securing this binding should try to satisfy these seven critical requirements: no key escrow, no other secure channel, defending against Malicious Key Issuer (MKI) in the phase of prefix announcement, defending against MKI in the phase of key issuing, no certificate, in-band delegation attestation, and in-band public key witness. In this paper, we propose a new scheme, Origin Authentication based on Self-Certified public keys (SC-OA), using self-certified public keys to authenticate origin autonomous systems. To the best of our knowledge, it is the first work for securing prefix ownership using self-certified public keys to achieve an efficient and secure scheme that satisfies all seven requirements. The analyses show that SC-OA can defend against regular prefix, sub prefix, unassigned prefix, interception-based, and MKI hijacking, and improve performance in many aspects. It will be pushed ahead to practical deployment for preventing prefix hijacks.

Research on Certificateless Public Key Cryptography

Abstract: Certificateless public key cryptography (CL-PKC for short) is a new type of public key cryptography, which is developed on the foundation of identity based cryptography (ID-PKC for short). CL-PKC elimilates the key escrow problem and the need for public key certificate. These two advantages are what makes it attractive to the research community and industrial world form the beginning of its birth. It has been a very active research hot topic in the field of cryptology and information security. In about seven years, the study of CL-PKC has advanced step by step, making its theories and techniques more and more enriching. This paper revisits, analyzes, compares, and briefly reviews some of the main results. Furthermore, this study discusses some existing problems in this research field that deserve further investigation.

Random encryption method for decrypting by adopting exhaustion method

Abstract: The invention provides a random encryption method for decrypting by adopting an exhaustion method, which is mainly used for encrypting backup keys, certificates and important documents. The random encryption method comprises the following encryption flow: inputting use identity information and encryption strength; calculating the random length of a random key and generating the random key of the random length according to the relationship among encryption strength and other factors; and encrypting the key and the certificate by using the user identity information and the random key according to the encryption algorithm to obtain backups of the encrypted key and certificate and locking the user identity information and the random key in password identification information by using the encryption algorithm determined by the program. The backups generated by the encryption method are decrypted by using the exhaustion method no matter how to write the decryption program even if the correct user identity is input; in addition, the user and the random key are required to be respectively compared. The method is not only applied to a stand-alone system, but also can be applied to key escrow services in clouds.

Authentication system realizing method supporting exclusive control of digital signature key

Abstract: The invention relates to the technical field of information security, in particular to an authentication system supporting exclusive control of a digital signature key on the basis of a combined public key. A seed key consisting of multiple key sections is constructed and comprises a seed public key and a seed private key; by using a user identifier, a key management centre generates a user identifier private key through the seed private key and writes the user identifier private key into a key device; the key device starts an initialization program to automatically generate a composite private key for digital signature and a random public key digitally signed by the user identifier private key while used for the first time; and the composite private key and the digitally signed random public key are written into a secure storage area of the key device, and the user identifier private key and process data are destructed. The digital signature key is automatically produced and controlled by the user so that regulations of relevant laws are satisfied; furthermore, the exclusive control of the digital signature key by the user is assured through a third party of register link; and one-way key exchange, key escrow and key recovery are realized through providing the identifier key for the key exchange.

A Pairing-Free Identity-Based Authenticated Key Agreement Mechanism for SIP

Abstract: The session initiation protocol (SIP) is widely used as a signaling protocol based on the challenge-response exchange mode for handling multimedia sessions in both wire line and wireless world. The original authentication mechanism of SIP is HTTP digest based authentication, which is vulnerable to many forms of known attacks and therefore can not provide security at an acceptable level. In this paper, we propose an identity-based authenticated key agreement mechanism which can be used in SIP to solve the security problems existing in its original authentication procedure. The proposed scheme uses Elliptic Curve Cryptography and does not require expensive bilinear pairing operations, which makes it computationally much more efficient than previous identity-based and Certificateless schemes using pairings. We show the security of our proposal under the Canetti-Krawczky model. Our scheme captures many desirable security properties and can prevent various possible attacks induced by open networks and the standard of SIP message. Furthermore, through introducing some design ideas from Certificateless cryptography, our proposal avoids not only the requirement of a large Public Key Infrastructure but also key escrow problem.

Identity-based key distribution for mobile Ad Hoc networks

Abstract: An identity-based cryptosystem can make a special contribution to building key distribution and management architectures in resource-constrained mobile ad hoc networks since it does not suffer from certificate management problems. In this paper, based on a lightweight cryptosystem, elliptic curve cryptography (ECC), we propose an identity-based distributed key-distribution protocol for mobile ad hoc networks. In this protocol, using secret sharing, we build a virtual private key generator which calculates one part of a user's secret key and sends it to the user via public channels, while, the other part of the secret key is generated by the user. So, the secret key of the user is generated collaboratively by the virtual authority and the user. Each has half of the secret information about the secret key of the user. Thus there is no secret key distribution problem. In addition, the user's secret key is known only to the user itself, therefore there is no key escrow.

Certificateless strong key-insulated signature without random oracles

Abstract: It is important to ensure the private key secure in cryptosystem. To reduce the underlying danger caused by the private key leakage, Dodis et al. (2003) introduced the notion of key-insulated security. To handle the private key leakage problems in certificateless signature schemes, we propose a new certificateless strong key-insulated signature scheme. Our scheme has two desirable properties. First, its security can be proved without utilizing the random oracle model. Second, it solves the key escrow problems in identity-based key-insulated signatures (IBKISs).

A unified security framework for multi-domain wireless mesh networks

Abstract: The research issues of large scale wireless mesh networks (WMNs) have attracted increasing attention due to the excellent properties of WMNs. Although some proposals for WMN security framework with different security aspects have been put forward recently, it is a challenging issue of employing uniform public key cryptography to maintain trust relationships flexibly among domains and to achieve key-escrow-free anonymous access control. In this paper, a unified security framework (USF) for multi-domain wireless mesh networks is proposed, which unifies id-based encryption and certificateless signature in a single public key cryptography context. Trust relationship between different domains and anonymous access control of wireless clients can be realized by employing of cryptography operations on bilinear groups. To achieve perfect forward secrecy and attack-resilience, trust domain construction methods and authentication protocols are devised within the security framework without key escrow.

Key escrow from a safe distance: looking back at the Clipper Chip

Abstract: In 1993, the US Government proposed a novel (and highly controversial) approach to cryptography, called key escrow. Key escrow cryptosystems used standard symmetric- and public- key ciphers, key management techniques and protocols, but with one added feature: a copy of the current session key, itself encrypted with a key known to the government, was sent at the beginning of every encrypted communication stream. In this way, if a government wiretapper encountered ciphertext produced under a key escrowed cryptosystem, recovering the plaintext would be a simple matter of decrypting the session key with the government's key, regardless of the strength of the underlying cipher algorithms. Key escrow was intended to strike a "balance" between the needs for effective communications security against bad guys on the one hand and the occasional need for the good guys to be able to recover meaningful content from (presumably) legally-authorized wiretaps. It didn't quite work out that way.

A Key Escrow-Free Identity-Based Signature Scheme without using Secure Channel

Abstract: Over the years, several identity-based signature schemes using bilinear pairings have been proposed, but most of them suffer from key escrow problems and require a secure channel during the private key issuance stage. In this paper, we present an identity-based signature scheme variant using bilinear pairings. We use a binding-blinding technique to eliminate key escrow problems and to avoid using a secure channel in the key issuance stage. We then extend the proposed scheme to a multi-signature scheme. We show that both schemes are secure against chosen message attacks.

The research on certificateless hierarchical key management in wireless mesh network

Abstract: A certificateless hierarchical key management is proposed. The program uses a two-layered structure. The upper clustering head nodes generate the key by using threshold secret sharing, and the lower nodes use certificateless signcryption to generate the keys. The users use their own identify as their public key to reduce the computational complexity without public key certificate. And the program solves the problem of key escrow, realizes the periodic update of the key, which has good scalability and security. It's proved to be suitable for wireless mesh network.

Key-escrow resistant ID-based authentication scheme for IEEE 802.11s mesh networks

Abstract: Nowadays, ID-based cryptography is reported as an alternative to Public Key Infrastructures (PKI). It proposes to derive the public key from the node's identity directly. As such, there is no need for public key certifcates, and direct beneft of this is to remove the burdensome management of certifcates. However, the drawback is the need for a Private Key Generator (PKG) entity which can perform a key escrow attack. In this article, we present an ID-based authentication scheme that is adapted to the IEEE 802.11s mesh networks and resistant against key escrow attacks.

Efficient certificateless signcryption scheme

Abstract: Certificateless cryptography not only overcomes the certificate management problems in the traditional public key cryptosystems,but also solves the key escrow problems in identity-based cryptosystemsSigncryption scheme combines the functionality of public key encryption and digital signature,which can realize the confidentiality and unforgeability of message simultaneouslyThis paper presents an efficient certificateless signcryption scheme,which only requires one pairing operation in the signcryption phase and three pairing operations in the unsigncryption phaseWith comparison to the existing schemes,the efficiency of the scheme is betterFor security requirements,this new scheme satisfies confidentiality,unforgeability and public verifiability

Certificateless Ordered Sequential Aggregate Signature Scheme

Abstract: Ordered sequential aggregate signature scheme is a signature scheme in which each signer for a group signs an individual document, and guarantees both of the validity of the document and the signing order. Many ordered sequential aggregate signature schemes are ID-based scheme and inherit an intrinsic insider problem, called key escrow problem, of the ID-based scheme. In this paper, we propose an ordered sequential aggregate signature scheme with certificate less property which solves the key escrow problem. Our proposed scheme can be regarded as a hybrid scheme of PKI and ID-based scheme and has the advantages of both of PKI and ID-based scheme. To the best of our knowledge, certificate less ordered sequential aggregate signature scheme has never been proposed. The proposed scheme is a pairing-based scheme and has a fixed signature size with respect to the number of signers. Also, the security of the proposed scheme is analyzed in the random oracle model.

Certificateless strong key-insulated signature

Abstract: To mitigate the damages of key-exposure, Dodis, Katz, Xu, and Yung [3], in Eurocrypt 2002, proposed a new paradigm called key-insulated security which provides tolerance against key exposures. Recently many identity-based key insulated signatures schemes have been proposed, however the problem of key escrow is inherent in this setting. To overcome this problem, certificateless public key cryptography was introduced in 2003 [1]. In this paper, we extend ID-based key-insulated signatures to certificateless scenarios and propose a certificateless key-insulated signature scheme with secure key-updates. The proposed scheme is strong key-insulated and perfectly key-insulated in the random oracle model.

Certificateless-based two-party authenticated key agreement protocols in a multiple PKG environment

Abstract: To date, most identity-based key agreement protocols are based on a single PKG (Private Key Generator) environment However, it is not realistic to assume that all schemes use a single PKG and each PKG shares identical system parameters but possesses a distinct master key Recently, Lee et al proposed an ID-based 2-party key agreement protocol between users whose private keys were issued by independent PKGs that do not share any system parameters However, Lee et al protocol has a flaw that allows attackers to impersonate others without knowing their private keys and the key escrow issues inherited in the identity-based schemes In this paper, we propose a new certificateless-based two party authenticated key agreement protocol based on bilinear pairings in elliptic curves between users belonging to different PKGs that do not share identical system parameters Compared with other two-party key agreement protocols for a multiple PKG environment, the proposed key agreement protocols satisfy every security requirements of key agreement protocols

Certificate-less Mechanism for Preventing IP Prefix Hijacks Among Autonomous Systems

Abstract: IP prefix hijacking is one of the top threats on the InternetCurrently,the mechanisms for preventing IP prefix hijacks based on asymmetric cryptographies are confronted with problems including public keys storaging,keys escrow and too heavy overhead of online authenticationsAll these problems prevent these mechanisms from practically deployingFrom this,we authenticate the ownerships of IP prefixes using signature scheme of no certificateOur preventing mechanism doesn′t need public key certificates and key escrowThe analyses show that our mechanism can improve performance at many aspectsIt may push ahead the practical deploys of mechanisms for preventing IP prefix hijacks

A Proposal of Key Recovery Mechanism for Personal Decryptographic Keys

Abstract: Encryption technology is a very effective mean for companies, organizations and persons to protect their important data. We have so many keys to decrypt our data, which are called personal decryptographic keys here. If the personal decryptographic keys are lost, any data cannot be able to be decrypted and the important data are lost. But, up to now, a key recovery system is usually used in the business world, but isn`t used for persons. Therefore, in this paper, we have proposed a key recovery mechanism for individuals, which uses both a public key cryptosystem and a master key. At first, a data owner divides his/hers personal decryptographic key into several fragments, then, uses the public key cryptosystem to encrypt these fragments. After then, the owner sends each encrypted fragment to different key escrow agent. At the same time, the owner uses the master key to control the encryptographic keys. When the owner loses the personal decryptographic key, the owner can obtain fragments from the key escrow agents and recover the personal decryptographic key by using the fragments and the master key.