Showing papers on "Key escrow published in 2013"

Improving Security and Efficiency in Attribute-Based Data Sharing

Abstract: With the recent adoption and diffusion of the data sharing paradigm in distributed systems such as online social networks or cloud computing, there have been increasing demands and concerns for distributed data security. One of the most challenging issues in data sharing systems is the enforcement of access policies and the support of policies updates. Ciphertext policy attribute-based encryption (CP-ABE) is becoming a promising cryptographic solution to this issue. It enables data owners to define their own access policies over user attributes and enforce the policies on the data to be distributed. However, the advantage comes with a major drawback which is known as a key escrow problem. The key generation center could decrypt any messages addressed to specific users by generating their private keys. This is not suitable for data sharing scenarios where the data owner would like to make their private data only accessible to designated users. In addition, applying CP-ABE in the data sharing system introduces another challenge with regard to the user revocation since the access policies are defined only over the attribute universe. Therefore, in this study, we propose a novel CP-ABE scheme for a data sharing system by exploiting the characteristic of the system architecture. The proposed scheme features the following achievements: 1) the key escrow problem could be solved by escrow-free key issuing protocol, which is constructed using the secure two-party computation between the key generation center and the data-storing center, and 2) fine-grained user revocation per each attribute could be done by proxy encryption which takes advantage of the selective attribute group key distribution on top of the ABE. The performance and security analyses indicate that the proposed scheme is efficient to securely manage the data distributed in the data sharing system.

New certificateless short signature scheme

Abstract: The certificateless public key cryptography has attracted wide attention since it could solve the certificate management problem in the traditional public key cryptography and the key escrow problem in the identity-based public key cryptography. Recently, several certificateless short signature schemes, which could satisfy the requirement of low-bandwidth communication environments, have been proposed. However, most of them are not secure against either the Type I adversary or the Type II adversary. In this study, the authors propose a new efficient certificateless short signature scheme. The analysis shows the authors' scheme has better performance than the related schemes and is secure against both of the super Type I and the super Type II adversaries.

ORIGINAL ARTICLE: Provably secure certificateless strong designated verifier signature scheme based on elliptic curve bilinear pairings

Abstract: Diffie and Hellman first invented the public key cryptosystem (PKC) wherein the public key infrastructure (PKI) is used for the management of public keys; however, the PKI-based cryptosystems suffer from heavy management trouble of public keys and certificates. An alternative solution to the PKI is Shamir's identity-based cryptosystems (IBC), which eliminate the need of public key certificates; however, the most important shortcoming of IBC is the key escrow problem. To cope with these problems, Al-Riyami and Paterson proposed a novel scheme of certificateless PKC (CL-PKC) by combining the advantages of PKI and IBC. Since then, several certificateless signature schemes have been designed and most of them have been analyzed and proven insecure against different types of adversaries. Besides, the researchers have given very less attention to the certificateless strong designated verifier signature (CL-SDVS) scheme. Therefore, we proposed a CL-SDVS scheme using elliptic curve bilinear parings in this paper. Our scheme, which is provably secure in the random oracle model with the intractability of BDH and CDH assumptions, supports all desirable security necessities of the CL-SDVS scheme such as strongness, source hiding and non-delegatability. The rigorous security analysis and comparison with others guarantee the better performance of the proposed scheme.

Escrowable identity-based authenticated key agreement protocol with strong security

Abstract: Escrowable identity-based authenticated key agreement protocols are welcome in certain closed groups applications, where audit trail is a legal requirement. In this paper, we present a strongly secure one-round escrowable identity-based two-party authenticated key agreement protocol, which captures all basic desirable security properties including perfect forward secrecy, ephemeral secrets reveal resistance and so on, and is provably secure in the extended Canetti–Krawczyk (eCK) model. We show that the security of the protocol can be reduced to the standard computational bilinear Diffie–Hellman assumption in the random oracle model. Assuming that no adversary can obtain the master private key for the escrow mode, our scheme is secure as long as each party has at least one uncompromised secret. To the best of our knowledge, our scheme is the first escrowable identity-based authenticated key agreement protocol provably secure in the eCK model.

An Efficient Certificateless Designated Verifier Signature Scheme

Abstract: To solve the key escrow problem in identity%based cryptosystem, Al%Riyami et al. introduced the Certi ficateLess Public Key Cryptography (CL%PKC). As an important c ryptographic primitive, CertificateLess Designated Verifier Signature (CLDVS) scheme was studied widely. Following Al%Riy ami et al. work, many certificateless Designated Verifier Signature (DVS) schemes using bilinear pairings have been proposed. But the relative computation cost of the pairing is approximately twenty times higher than that of the scalar multiplication over elliptic curve group. In order to improve the performance we propose a certificateless DVS scheme without bilinear pairings. With the running time of the signature being saved greatly, our scheme is more practical than the previous related schemes for practical application.

Removing escrow from ciphertext policy attribute-based encryption

Abstract: Attribute-based encryption (ABE) is a promising cryptographic primitive for fine-grained access control of distributed data. In ciphertext policy attribute-based encryption (CP-ABE), each user is associated with a set of attributes and data are encrypted with access policies on attributes. A user is able to decrypt a ciphertext if and only if his attributes satisfy the access policy embedded in the ciphertext. However, key escrow is inherent in ABE systems. A curious key generation center in that construction has the power to decrypt every ciphertext. We found that most of the existing ABE schemes depending on a single key authority suffer from the key escrow problem. In this study, we propose a novel CP-ABE key issuing architecture that solves the key escrow problem. The proposed scheme separates the power of issuing user keys into two parties: the key generation center and the attribute authority. In the proposed construction, the key generation center and the attribute authority issue different parts of secret key components to users through a secure two-party computation protocol such that none of them can determine the whole set of keys of users individually. We demonstrate how the proposed key issuing protocol can be applied in the existing CP-ABE scheme and resolve the key escrow problem.

Strongly secure identity-based authenticated key agreement protocols in the escrow mode

Abstract: Escrowable identity-based authenticated key agreement (AKA) protocols are desirable under certain circumstances especially in certain closed groups applications. In this paper, we focus on two-party identitybased AKA schemes in the escrow mode, and present a strongly secure escrowable identity-based AKA protocol which captures all basic desirable security properties including perfect forward secrecy, ephemeral secrets reveal resistance and so on. The protocol is provably secure in the extended Canetti-Krawczyk model, and its security can be reduced to the standard computational bilinear Diffie-Hellman assumption in the random oracle model. Assuming no adversary can obtain the master private key for the escrow mode, our scheme is secure as long as each party has at least one uncompromised secret. Also, we present two strongly secure variants of the protocol, which are computationally more efficient than the original scheme.

Certificateless Proxy Re-Encryption Without Pairings

Abstract: Proxy re-encryption (PRE) allows a proxy with re-encryption keys to transform a ciphertext under a given public key into a ciphertext of the same message under a different public key, and can not learn anything about the encrypted message. Due to its transformation property, PRE has many practical applications such as cloud storage, confidential email, and digital right management, and so on. Certificateless proxy re-encryption (CLPRE) provides not only the transformation property of PRE but also the advantage of identity-based cryptography without suffering from its inherent key escrow. Unfortunately, construction of CLPRE schemes has so far depended on the costly bilinear pairings. In this paper, we propose the first construction of CLPRE schemes without the bilinear pairings whose security is based on the standard computational Diffie-Hellman (CDH) assumption in the random oracle model. We first present a chosen-plaintext (CPA) secure CLPRE scheme, and then convert it into a chosen-ciphertext (CCA) secure CLPRE scheme. Compared with other CLPRE schemes, our CLPRE schemes provide the shortest re-encryption key and do not require any pairing operation and map-to-point hash operation, which are more efficient and more suitable for low-power devices.

A Strongly Secure Pairing-free Certificateless Authenticated Key Agreement Protocol for Low-Power Devices

Abstract: Certificateless authenticated key agreement (CL-AKA) protocols neither suffer from a heavy certificate managementburden nor have the key escrow problem. Recently, many CL-AKA protocols have been proposed. However, manyof them need expensive bilinear pairings, which cannot be suitable for low-power devices such as sensors or mobile devices.To be implemented in practice, some pairing-free CL-AKA protocols have been built, however, very few of these pairing-freeCL-AKA protocols can be secure in the eCK model. In this paper, we present a pairing-free CL-AKA protocol and providea full proof of its security in the eCK model. Compared with the existing CL-AKA protocols, our protocol is more secure,practical and suitable for low-power devices. DOI: http://dx.doi.org/10.5755/j01.itc.42.2.1689

Anonymous Multi-receiver Certificate-Based Encryption

Abstract: In a multi-receiver encryption environment, a sender can randomly choose a set of authorized receivers while distributing messages to them efficiently and securely. Recently, more and more researchers concern the privacy of receivers. They mentioned that an authorized receiver does not want other entities, except the service provider, to be able to derive her/his identity in many applications such as pay-TV. However, most of these protocols either provide no formal security proofs or are inefficient owing to high computation cost. In this paper, we construct a provably secure and efficient anonymous multi-receiver certificated-based encryption scheme, PMCE, which avoids the key escrow problem while preserving the implicit certification of identity-based setting. The proposed PMCE gets rid of pairing computation to encrypt a message and only needs one pairing computation to decrypt the cipher text. Finally, we define the security models and offer formal proofs to all properties including receiver anonymity.

Robust Certificateless Signature Scheme without Bilinear Pairings

Abstract: During these years, the research field of certificateless signature (CLS) scheme without bilinear pairings is promptly investigated as the key escrow problem in identity-based cryptography can be solved via this concept. In this paper, we demonstrate that a certificateless signature scheme proposed by Gong and Li cannot fulfil its security claims. The authors argued that their proposed certificateless signature scheme is able to resist to the type of super adversary. However, this security argument can be improved. We present a series of attack processes to point out that Gong and Li's scheme is insecure against a super type I ad-versary. A remedy mechanism is then proposed to provide the security enhancement .

Certificateless signature method based on elliptic curve discrete logarithm problem

Abstract: The invention discloses an efficient certificateless signature method based on an elliptic curve discrete logarithm problem. The method has the advantages of a common certificateless signature algorithm, namely a certificate management problem of a traditional public key system and a key escrow problem in an identity password system are eliminated; and the algorithm is simple in calculation process, and time-consuming bilinear operation does not need to use. The algorithm can be efficiently applied to fields such as e-commerce and the like of requiring the electronic signature.

Accountable authority identity-based encryption with public traceability

Abstract: At Crypto'07, Goyal introduced the notion of accountable authority identity-based encryption (A-IBE) in order to mitigate the inherent key escrow problem in identity-based encryption, and proposed two concrete constructions. In an A-IBE system, if the private key generator (PKG) distributes a decryption key or produces an unauthorized decryption box for a user maliciously, it runs the risk of being caught and sued in the court of law with the help of a tracing algorithm. Subsequent efforts focused on constructions of A-IBE schemes with enhanced security. In these A-IBE constructions, the tracing algorithm needs to take a user's decryption key as input. If the user lost his key or is deliberately uncooperative in court, then we cannot implicate the PKG or the user. An interesting open problem left by Goyal et al. at CCS'08 is to consider the possibility of tracing a decryption box using only a public tracing key, or with the assistance of a tracing authority. In this paper, we address this problem positively. We first extend the original model of A-IBE to accommodate public traceability, and then propose an A-IBE scheme in the new model. To the best of our knowledge, the proposed scheme is the first A-IBE with public traceability.

Identity-based security systems for vehicular ad-hoc networks

Abstract: Cooperative Intelligent Transport Systems (ITS) based on vehicular car to car ad-hoc networks have been extensively investigated by the research community and industry to improve efficiency and safety in road traffic. The management and control of the vehicular ad-hoc network (VANET) is still one of the most challenging research fields in the networking domain. In particular, security and privacy protection are very important requirements for the design of VANETs. The potential high dynamicity of VANETs and the need for flexibility and scalability in ITS applications supports the research for new security frameworks and the application of novel cryptographic schemes that ensure authentication, integrity and confidentiality given the constrained computational environment in which such applications usually operate. This paper investigates the application of identity based (id-based, for short) cryptographic (IBC) scheme (in particular, signature schemes) to provide better security and privacy for VANET. Along with a presentation of the state-of-the-art in this area, this paper presents a security framework for car-to-car VANETs based on a protocol for the distributed generation of signing keys that overcome key escrow issues.

Certificateless signature algorithm for user identity authentication in network environment

Abstract: The invention discloses an efficient certificateless signature algorithm which solves the problem of certificate management in a traditional public key cryptosystem and the problem of key escrow based on an identity password system, and safety is guaranteed in a certificateless environment. The certificateless signature is simple and efficient in computational process and high in, specific hush function does not need, and the length of an output signature is also short. The certificateless signature algorithm has high safety and execution efficiency, and can be effectively used in a signature environment which has a high requirement for safety.

On the Security of Certificateless Signature Schemes

Abstract: Wireless Sensor Network (WSN) has proved its presence in various real time applications and hence the security of such embedded devices is a vital issue. Certificateless cryptography is one of the recent paradigms to provide security. Certificateless public key cryptography (CL-PKC) deals effectively with the twin issues of certificate management in traditional public key cryptography and key escrow problem in identity-based cryptography. CL-PKC has attracted special attention in the field of information security as it has opened new avenues for improvement in the present security architecture. Recently, Tsai et al. proposed an improved certificateless signature scheme without pairing and claimed that their new construction is secure against different kinds of attacks. In this paper, we present a security analysis of their scheme and our results show that scheme does not have resistance against malicious-KGC attack. In addition, we have found some security flaws in the certificateless signature scheme of Fan et al. and proved the scheme vulnerable to Strong Type I attack.

Efficient identity-based encryption without pairings and key escrow for mobile devices

Abstract: We propose a new construction of identity-based encryption without key escrow over the tradition cryptosystems. The security of our scheme follows from the decisional Diffie-Hellman assumption and the difficulty of a new problem --- modular inversion hidden number problem with error (MIHNPwE). The latter can be seen as a generalization of the modular inversion hidden number problem. We give an analysis on the hardness of MIHNPwE by lattice techniques. In our construction, we generate each user's partial private key in the form of an MIHNPwE instance. The hardness of MIHNPwE provides our scheme with resistance against key-collusion attacks from any number of traitors.

An Escrow-Free Two-party Identity-based Key Agreement Protocol without Using Pairings for Distinct PKGs

Abstract: Key escrow is a default property that is inherent in identity-based cryptography, where a curious private key generator (PKG) can derive a secret value shared by communicating entities in its domain. Therefore, a dishonest PKG can encrypt and decrypt ciphers or can carry out any attack on the communicating parties. Of course, the escrow property is not completely unwanted but is acceptable in other particular applications. On the other hand, in more civil applications, this key escrow property is undesirable and needs to be removed to provide maximum communication privacy. Therefore, this paper presents an escrow-free identity-based key agreement protocol that is also applicable even in a distinct PKG condition that does not use pairings. The proposed protocol has comparable computational and communicational performance to many other protocols with similar security attributes, of which their security is based on costly bilinear pairings. The protocol’s notion was inspired by McCullagh et al. and Chen-Kudla, in regard to escrow-free and multi-PKG key agreement ideas. In particular, the scheme captures perfect forward secrecy and key compromise impersonation resilience, which were lacking in McCullagh et al.’s study, as well as all other desirable security attributes, such as known key secrecy, unknown key-share resilience and no-key control. The merit in the proposed protocol is the achievement of all required security requirements with a relatively lower computational overhead than many other protocols because it precludes pairings.

Provably Secure Certificate-based Signature Scheme Without Pairings

Abstract: The certificate-based encryption is a novel and attractive cryptography primitive whose original motivation is to simply management of certificate and to overcome key escrow problem. The paper proposes a provable secure efficient certificate-based signature scheme based on the elliptic curve group. The proposed scheme does not require any bilinear pairing operations which is considered as costly operation compared with other operations, thus, our certificate-based signature scheme enjoys lower computational overhead, smaller key size, shorter signature length and less running time by compared with the previous certificatebased signature schemes. Then we give a rigorous security proof in the random oracle model. The result shows that our new scheme is against adaptively chosen message attacks under the Elliptic Curve Discrete Logarithm Problem over the finite field.

A key escrow scheme to IOT based on Shamir

Abstract: The Internet of Things in this article is formed of security center, key escrow centers, readers and tags. Authentication use asymmetric encryption algorithm, there is a private key in the reader / tag. When the reader / tag in some special cases, it may be lost or damaged their own private key and can't be authenticated, then the key recovery is very important. This article compares the two threshold scheme, eventually propose a key escrow program based on the Shamir threshold. Using a the shamir threshold algorithm, the private key of the reader / tag is divided into n parts and sent to key escrow centers. if you want to restore the private key, you need at least t parts. This scheme makes key management more secure and flexible.

Detection of invalid escrow keys

Abstract: A secure hash, such as a Hash-based Message Authentication Code ("HMAC"), is generated using a piece of secret information (e.g., a secret key) and a piece of public information specific to each escrow key (e.g., a certificate hash or public key). Using the secret key ensures that escrow key validation data can only be generated by knowing the secret key, which prevents an attacker from generating the appropriate escrow key validation data. Using the certificate hash as the public data ties each escrow key validation data to a particular certificate, thereby preventing the attacker from simply copying the validation data from another escrow key. Any escrow key that is found to be invalid may be removed from the file container and a system audit log may be generated so that a company, individual, or other entity can be aware of the possible attempt at a security breach.

A Survey on Key Management of Identity-based Schemes in Mobile Ad Hoc Networks

Abstract: In mobile ad hoc networks (MANETs), the research on key management of identity-based scheme is attracting more and more attention. In this paper, we study on four types of identity-based schemes which resist key escrow problem at different degrees, and introduce several schemes for each type. Then, we give an overview of the characteristics of their key management, and made a summary of key generation and distribution. Subsequently, to build a more secure identity-based scheme for MANET, we recommend some techniques to improve security and availability of its key management. Finally, we point out some problems of identity-based schemes in MANETs, which are not addressed and we will explore in the

An efficient and provably secure certificateless identification scheme

Abstract: Identity-based identification, first formalized independently by Bellare et al. and Kurosawa and Heng in 2004, still had the inherent key escrow problem, as the TA generating the user secret keys had full access to every user's secret key. In 2003, Al-Riyami and Paterson introduced the notion of certificateless cryptography, and subsequently many certificateless encryption, signature and other schemes were introduced in literature. However, to this date there are still no certificateless identification schemes in existence. Therefore, in this paper, we formalize the notion of certificateless identification schemes and construct the first concrete certificateless identification scheme.

Towards Anonymous Ciphertext Indistinguishability with Identity Leakage

Abstract: Key escrow is a major drawback of identity-based encryption (IBE) The key generation centre (KGC) can generate the user secret key of any user by using the master secret key and the user's identity This paper presents a systematic study of what it takes to prevent a malicious KGC from decrypting a ciphertext encrypted for an honest user, which covers the case for certificateless encryption, and shows the impossibility of ideal escrow-free IBE, unless there is uncertainty in the user's identity Our study also explains the underpinning idea of anonymous ciphertext indistinguishability (ACI), formalized by Chow in PKC 2009 An ACI-secure IBE prevent a KGC (or any logical entity which get holds of the master secret key, such as the collusion of a number of authorities holding the sufficient number of master secret's shares) from decrypting if it does not know the intended recipient of the ciphertext, a guarantee that none of the existing attempts in the literature can provide The notion of ACI crucially relies on the privacy of user's identity in the eyes of the KGC The only privacy leakage allowed in Chow's model is via querying an embedded-identity encryption oracle In this paper, we strengthen his model to allow arbitrary bounded leakage of the recipient's identity We also give a generic construction on how to achieve this notion when the identity has enough entropy

A novel detective and self-organized certificateless key management scheme in mobile ad hoc networks

Abstract: The mobile ad-hoc network is an infrastructure-free and dynamic kind of network. For its mobility and self-organized features, it is a great challenge to ensure the security of the network. And the basic aspect of providing the security is managing the encrypting keys. The current key management schemes mainly depend on certificates and identity-based key encryption. Schemes based on certificates suffer from huge computational costs of certificates verification while the identity-based schemes lead to key escrow problem. In this paper, we propose a novel detective and self-organized key management by combining certificateless public key cryptography and threshold secret share scheme, which can completely perform key generation by nodes themselves and pick up the compromised node.

A Certificateless Authenticated Key Agreement Protocol for Digital Rights Management System

Abstract: Digital rights management (DRM) is the system which tries to ensure authorized content consumption. Current DRM systems either adopt public key cryptography (PKC) or identity based public key cryptography (ID-PKC). PKC associates certificate management which includes revocation, storage, distribution and verification of certificate, as a result, certificate authority becomes the bottleneck for the large network. While, ID-PKC has drawback of key escrow. However, for secure and authorized content distribution, evacuation from these problems is needed. In this paper, we present a certificateless authenticated key agreement protocol for DRM system, which ensures flawless mutual authentication and establishes a session key between user and license server. Furthermore, we analyzed proposed scheme to show that proposed scheme is secured.

Fully Distributed Self Certified Key Management for Large-Scale MANETs

Abstract: Mobile ad hoc networks (MANETs) have received considerable attention while their special characteristics make them vulnerable against different attacks. Providing security in such networks becomes a challenge and cryptography is an essential solution for it, to implement a cryptosystem, key management is the main challenge. In this paper a new deterministic scheme for key management in MANETs is proposed. Since public and private keys in this algorithm have an unforgeable relationship, there is no need for any certificate. Proposed scheme distributes the role of the key generation center (KGC) among all nodes, therefore the private key is issued by distributed KGCs (DKGCs) and the node itself. Furthermore, each pair of nodes can share a symmetric key in a non-interactive way while communicating with each other. The proposed scheme is certificate-less, does not require any trusted authority and also it can solve the key escrow problem. Moreover, the performance of the proposed algorithm is analyzed analytically and it is compared with previous works.

Recoverable encryption through a noised secret over a large cloud

Abstract: The safety of keys is the Achilles' heel of cryptography. A key backup at an escrow service lowers the risk of loosing the key, but increases the danger of key disclosure. We propose Recoverable Encryption (RE) schemes that alleviate the dilemma. RE encrypts a backup of the key in a manner that restricts practical recovery by an escrow service to one using a large cloud. For example, a cloud with ten thousand nodes could recover a key in at most 10 minutes with an average recovery time of five minutes. A recovery attempt at the escrow agency, using a small cluster, would require seventy days with an average of thirty five days. Large clouds have become available even to private persons, but their pay-for-use structure makes their use for illegal purposes too dangerous. We show the feaibility of two RE schemes and give conditions for their deployment.

Public Key Replacement and Universal Forgery of SCLS Scheme

Abstract: Certificateless cryptography eliminates the need of certificates in the PKI and solves the inherent key escrow problem in the ID-based cryptography. Recently, Du and Wen proposed a short certificateless signature scheme (SCLS) without MapToPoint hash function, and the signature size is short enough with only half of the DSA signature. In this paper, after the detailing the formal of certificateless signature scheme, we show that the Du-Wen's short certificateless signature scheme is insecure that is broken by a type-I adversary who has the ability in replacing users' public keys and accessing to the signing oracles, and also cannot resist on the universal forgery attack for any third user.