Showing papers on "Key escrow published in 2016"

Attribute-Based Data Sharing Scheme Revisited in Cloud Computing

Abstract: Ciphertext-policy attribute-based encryption (CP-ABE) is a very promising encryption technique for secure data sharing in the context of cloud computing. Data owner is allowed to fully control the access policy associated with his data which to be shared. However, CP-ABE is limited to a potential security risk that is known as key escrow problem, whereby the secret keys of users have to be issued by a trusted key authority. Besides, most of the existing CP-ABE schemes cannot support attribute with arbitrary state. In this paper, we revisit attribute-based data sharing scheme in order to solve the key escrow issue but also improve the expressiveness of attribute, so that the resulting scheme is more friendly to cloud computing applications. We propose an improved two-party key issuing protocol that can guarantee that neither key authority nor cloud service provider can compromise the whole secret key of a user individually. Moreover, we introduce the concept of attribute with weight, being provided to enhance the expression of attribute, which can not only extend the expression from binary to arbitrary state, but also lighten the complexity of access policy. Therefore, both storage cost and encryption complexity for a ciphertext are relieved. The performance analysis and the security proof show that the proposed scheme is able to achieve efficient and secure data sharing in cloud computing.

Decentralized name-based security for content distribution using blockchains

Abstract: User, content, and device names as a security primitive have been an attractive approach especially in the context of Information-Centric Networking (ICN) architectures. We leverage Hierarchical Identity Based Encryption (HIBE) to build (content) name-based security mechanisms used for securely distributing content. In contrast to similar approaches, in our system each user maintains his own Private Key Generator used for generating the master secret key and the public system parameters required by the HIBE algorithm. This way our system does not suffer from the key escrow problem, which is inherent in many similar solutions. In order to disseminate the system parameters of a content owner in a fully distributed way, we use blockchains, a distributed, community managed, global list of transactions.

Attribute-based access control for multi-authority systems with constant size ciphertext in cloud computing

Abstract: In most existing CP-ABE schemes, there is only one authority in the system and all the public keys and private keys are issued by this authority, which incurs ciphertext size and computation costs in the encryption and decryption operations that depend at least linearly on the number of attributes involved in the access policy. We propose an efficient multi-authority CP-ABE scheme in which the authorities need not interact to generate public information during the system initialization phase. Our scheme has constant ciphertext length and a constant number of pairing computations. Our scheme can be proven CPA-secure in random oracle model under the decision q-BDHE assumption. When user's attributes revocation occurs, the scheme transfers most re-encryption work to the cloud service provider, reducing the data owner's computational cost on the premise of security. Finally the analysis and simulation result show that the schemes proposed in this thesis ensure the privacy and secure access of sensitive data stored in the cloud server, and be able to cope with the dynamic changes of users' access privileges in large-scale systems. Besides, the multi-authority ABE eliminates the key escrow problem, achieves the length of ciphertext optimization and enhances the efficiency of the encryption and decryption operations.

Efficient Certificateless Access Control for Wireless Body Area Networks

Abstract: Wireless body area networks (WBANs) are expected to act as an important role in monitoring the health information and creating a highly reliable ubiquitous healthcare system. Since the data collected by the WBANs are used to diagnose and treat, only authorized users can access these data. Therefore, it is important to design an access control scheme that can authorize, authenticate, and revoke a user to access the WBANs. In this paper, we first give an efficient certificateless signcryption scheme and then design an access control scheme for the WBANs using the given signcryption. Our scheme achieves confidentiality, integrity, authentication, non-repudiation, public verifiability, and ciphertext authenticity. Compared with existing three access control schemes using signcryption, our scheme has the least computational cost and energy consumption for the controller. In addition, our scheme has neither key escrow nor public key certificates, since it is based on certificateless cryptography.

Practical Signcryption for Secure Communication of Wireless Sensor Networks

Abstract: Secure communication is an important task for wireless sensor networks (WSNs). Signcryption is a good choice to guarantee the security of resource-constrained WSNs since it simultaneously achieves confidentiality, authentication, integrity and non-repudiation at a low cost. In this paper, we propose a heterogeneous signcryption scheme for secure communication from the WSNs to an Internet server. In our scheme, the WSNs belong to the certificateless cryptosystem (CLC) and the server belongs to the public key infrastructure (PKI). The CLC has neither key escrow problem nor public key certificates and is very suitable for the WSNs. The PKI is also suitable for the server since the PKI technique has been widely adopted in the Internet security. We prove that our scheme has the existential unforgeability against adaptive chosen message attack under q-strong Diffie---Hellman and modified inverse computational Diffie---Hellman problems and indistinguishability against adaptive chosen ciphertext attack under bilinear Diffie---Hellman inversion problem in the random oracle model. As compared with the existing three certificateless signcryption schemes (i.e., YL, BF and WC), our scheme respectively costs a 28.4, 58.3, and 68.2 % less in computational time and a 26.9, 56.6, and 67.3 % saving in energy consumption (the length of transmitted message is 100 bits).

pCLSC-TKEM: a Pairing-free Certificateless Signcryption-tag Key Encapsulation Mechanism for a Privacy-Preserving IoT

Abstract: Certificateless Signcryption Tag Key Encapsulation Mechanism CLSC-TKEM is an effective method for simultaneously providing key encapsulation and a digital signature on the tag. It has applications in several security services such as communication confidentiality, integrity, authentication, and non-repudiation. Moreover, because CLSC-TKEM is based on certificateless public key cryptography CL-PKC, it has the advantage of not requiring public key certificates. In addition it does not suffer from the key escrow problem which is instead a major drawback of identity-based public key cryptography ID-PKC. Unfortunately, current constructions of CLSC-TKEM rely on the use of bilinear pairing-based operations that are computationally very expensive for small IoT devices. In this paper, we present a new construction of CLSC-TKEM that does not require bilinear pairing operations. We refer to our new construction on pairing-free Certificateless Signcryption Tag Key Encapsulation Mechanism pCLSC-TKEM. We also provide a simple construction for pairing-free certificateless hybrid signcryption by combining pCLSC-TKEM with a data encapsulation mechanism DEM. We provide a security model for pCLSC-TKEM. Then, we prove that our pCLSC-TKEM is secure against both an adaptively chosen ciphertext attack and existential forgery in the random oracle model. We have implemented our pCLSC-TKEM construction and previous pairing-based CLSC-TKEM constructions in order to compare their performance. Our experimental results demonstrate that pCLSC-TKEM is much more efficient that previous pairing-based CLCS-TKEM constructions.

A Provably-Secure Transmission Scheme for Wireless Body Area Networks

Abstract: Wireless body area network (WBANs) is composed of sensors that collect and transmit a person's physiological data to health-care providers in real-time. In order to guarantee security of this data over open networks, a secure data transmission mechanism between WBAN and application provider's servers is of necessity. Modified medical data does not provide a true reflection of an individuals state of health and its subsequent use for diagnosis could lead to an irreversible medical condition. In this paper, we propose a lightweight certificateless signcryption scheme for secure transmission of data between WBAN and servers. Our proposed scheme not only provides confidentiality of data and authentication in a single logical step, it is lightweight and resistant to key escrow attacks. We further provide security proof that our scheme provides indistinguishability against adaptive chosen ciphertext attack and unforgeability against adaptive chosen message attack in random oracle model. Compared with two other Diffie-Hellman based signcryption schemes proposed by Barbosa and Farshim (BF) and another by Yin and Liang (YL), our scheme consumes 46 % and 8 % less energy during signcryption than BF and YL scheme respectively.

Securing Content Sharing over ICN

Abstract: The emerging Information-Centric Networking (ICN) paradigm is expected to facilitate content sharing among users. ICN will make it easy for users to appoint storage nodes, in various network locations, perhaps owned or controlled by them, where shared content can be stored and disseminated from. These storage nodes should be (somewhat) trusted since not only they have (some level of) access to user shared content, but they should also properly enforce access control. Traditional forms of encryption introduce significant overhead when it comes to sharing content with large and dynamic groups of users. To this end, proxy re-encryption provides a convenient solution. In this paper, we use Identity-Based Proxy Re-Encryption (IB-PRE) to provide confidentiality and access control for content items shared over ICN, realizing secure content distribution among dynamic sets of users. In contrast to similar IB-PRE based solutions, our design allows each user to generate the system parameters and the secret keys required by the underlay encryption scheme using their own \emph{Private Key Generator}, therefore, our approach does not suffer from the key escrow problem. Moreover, our design further relaxes the trust requirements on the storage nodes by preventing them from sharing usable content with unauthorized users. Finally, our scheme does not require out-of-band secret key distribution.

An Improved RSA-based Certificateless Signature Scheme for Wireless Sensor Networks

Abstract: The entire world is looking to fulfill the need of the hour in terms of security. Certificateless cryptography is an efficient approach studied widely due to two reasons: first, it eliminates the need of certificate authority in public key infrastructure and second, it can resolve key escrow problem of ID-based cryptography. Recently, Zhang et al. proposed a novel security scheme based on RSA, applicable to real life applications but could not cope up with the well defined attacks. This paper, presents an RSA-based CertificateLess Signature (RSA-CLS) scheme applicable to wireless sensor networks. The security of RSA-CLS is based on the hardness assumption of Strong RSA. The scheme is proven to be secure against Type I and Type II attack in random oracle model.

Attribute-based access control scheme with efficient revocation in cloud computing

Abstract: Attribute-based encryption (ABE) supports the fine-grained sharing of encrypted data. In some common designs, attributes are managed by an attribute authority that is supposed to be fully trustworthy. This concept implies that the attribute authority can access all encrypted data, which is known as the key escrow problem. In addition, because all access privileges are defined over a single attribute universe and attributes are shared among multiple data users, the revocation of users is inefficient for the existing ABE scheme. In this paper, we propose a novel scheme that solves the key escrow problem and supports efficient user revocation. First, an access controller is introduced into the existing scheme, and then, secret keys are generated corporately by the attribute authority and access controller. Second, an efficient user revocation mechanism is achieved using a version key that supports forward and backward security. The analysis proves that our scheme is secure and efficient in user authorization and revocation.

Security and efficiency data sharing scheme for cloud storage

Abstract: With the adoption and diffusion of data sharing paradigm in cloud storage, there have been increasing demands and concerns for shared data security. Ciphertext Policy Attribute-Based Encryption (CP-ABE) is becoming a promising cryptographic solution to the security problem of shared data in cloud storage. However due to key escrow, backward security and inefficiency problems, existing CP-ABE schemes cannot be directly applied to cloud storage system. In this paper, an effective and secure access control scheme for shared data is proposed to solve those problems. The proposed scheme refines the security of existing CP-ABE based schemes. Specifically, key escrow and conclusion problem are addressed by dividing key generation center into several distributed semi-trusted parts. Moreover, secrecy revocation algorithm is proposed to address not only back secrecy but efficient problem in existing CP-ABE based scheme. Furthermore, security and performance analyses indicate that the proposed scheme is both secure and efficient for cloud storage.

CAKA: a novel certificateless-based cross-domain authenticated key agreement protocol for wireless mesh networks

Abstract: Due to the flexibility of wireless mesh networks (WMNs) to form the backhaul subnetworks, future generation networks may have to integrate various kinds of WMNs under possibly various administrative domains. Aiming at establishing secure access and communications among the communication entities in a multi-domain WMN environment, in this paper, we intend to address the cross-domain authentication and key agreement problem. We present a light-weight cross-domain authentication and key agreement protocol, namely CAKA, under certificateless-based public key cryptosystem. CAKA has a few attractive features. First, mutual authentication and key agreement between any pair of users from different WMN domains can be easily achieved with two-round interactions. Second, no central domain authentication server is required and fast authentication for various roaming scenarios is supported by using a repeated cross-domain algorithm. Third, no revocation and renewal of certificates and key escrow are needed. Finally, it provides relatively more security features without increasing too much overhead of computation and storage. Our analysis shows that the proposed CAKA protocol is highly efficient in terms of communication overhead and resilient to various kinds of attacks.

Accountable Large-Universe Attribute-Based Encryption Supporting Any Monotone Access Structures

Abstract: Ciphertext-policy attribute-based encryption CP-ABE is a promising cryptographic primitive for fine-grained access control on data outsourced to clouds. However, there still exists one critical functionality missing in existing CP-ABE schemes, which is the prevention of key abuse. Specifically, two kinds of key abuse problems are considered in this paper: malicious key sharing among colluding users, and key escrow problem of the semi-trusted authority. For a user, any malicious behavior including illegal key sharing should be traced. For the semi-trusted authority, it should be accountable for its misbehavior including illegal key re-distribution. For better performance and security, it is also indispensable to support large universe and full security in CP-ABE. To the best of our knowledge, none of the existing traceable CP-ABE schemes simultaneously supports large universe and full security. In this paper, we construct a white-box traceable CP-ABE scheme with weak public user traceability, weak public authority accountability and weak public auditing in the sense that no additional secret keys are needed. The scheme supports large universe, and attributes do not need to be pre-specified during the system setup phase. Our scheme is proven fully-secure in the random oracle model and it can take any monotonic access structures as ciphertext policies.

Cryptographic key escrow

Abstract: An escrow platform is described that can be used to enable access to devices. The escrow platform can be used to sign cryptographic network protocol challenges on behalf of clients so that the secrets used to sign cryptographic network protocol challenges do not have to be exposed to the clients. The escrow platform can store or control access to private keys, and the corresponding public keys can be stored on respective target platforms. A client can attempt to access a target platform and in response the target platform can issue a challenge. The client platform can send the challenge to the escrow platform, which can use the corresponding private key to sign the challenge. The signed challenge can be sent back to the client, which can forward it to the target platform. The target platform can verify the expected private key and grant access.

Certificateless Public Key Cryptography : A Research Survey

Abstract: Certificateless Public Key Cryptography is a scheme that provides security by avoiding the key escrow and eliminating the drawback of identity-based cryptography Several certificateless models have been proposed to enhance the efficiency and overcome adversaries attacks In this paper, we survey various public key encryption schemes on certificateless setting with the security model and discuss the performance Also, we present the generic model of Certificateless Public Key Encryption (CL-PKE) scheme proposed by various authors

A Strong RSA-based and Certificateless-based Signature Scheme

Abstract: The certificateless-based signature system allows people to verify the signature without the certificate For this reason, we do not need the certificate authority (CA) to store and manage users' certificates and public keys Certificateless-based signature can also overcome the certificate management problem and the key escrow problem of the traditional signature system In 2012, Zhang and Mao first designed the certificateless-based signature scheme based on RSA operations; however, their scheme still has latent vulnerabilities To overcome these short- comings, we propose an improved version to make the RSA-based certificateless scheme stronger and more secure Besides, we reduce the computational cost to make our scheme more efficient

An identity-based digital signature scheme to detect pollution attacks in intra-session network coding

Abstract: Network coding is an approach to increase throughput by combining received packets in intermediate nodes. Despite its benefits, this approach is vulnerable to “Pollution Attacks”, in which an attacker corrupts a packet, this corrupted packet is encoded with other packets and as a result, pollution disseminates through downstream nodes and prevent receivers from decoding the original file. Signature schemes are presented to detect the existence of pollution attacks in the presence of one sender. Most existing signature schemes, proposed to detect pollution attacks, are based on public key infrastructure (PKI). In this paper, we propose an “Identity-based Digital Signature Scheme” to detect pollution attacks in intra-session network coding. The proposed scheme, does not need issuing a third-party query to certificate authority (CA). Moreover, it eliminates the key escrow problem, an important constraint in Identity-based digital signatures. Also, the sender has the ability to update its keys without changing its identity whenever necessary.

An Efficient Certificateless Signature Scheme in the Standard Model

Abstract: Identity-based cryptography has been introduced by Shamir at Crypto’84 to avoid the use of expensive certificates in certified public key cryptography. In such system, the identity becomes the public key and each user needs to interact with a designated authority to obtain the related private key. It however suffers the key escrow problem since the authority knows the private keys of all users. To deal with this problem, Riyami and Paterson have introduced, at Asiacrypt’03, the notion of certificateless public key cryptography. In this case, there is no need to use the certificate to certify the public key, and neither the user nor the authority can derive the full private key by himself. There have been several efforts to propose a certificateless signature (\(\mathsf {CLS}\)) scheme in the standard model, but all of them either make use of the Waters’ technique or of the generic conversion technique (proposed by Yum and Lee at ACISP’04 and later modified by Hu et al. at ACISP’06) which both lead to inefficient schemes. In this paper, we introduce a new and direct approach to construct a \(\mathsf {CLS}\) scheme, secure in the standard model, with constant-size of all parameters and having efficient computing time. Our scheme is therefore very efficient when comparing to existing \(\mathsf {CLS}\) schemes in the standard model.

Location-Aware Authorization Scheme for Emergency Response

Abstract: Effective emergency (such as a hurricane, a building on fire, and so on) response requires accurate, relevant, timely, and location-aware information (e.g., environmental information, health records, and so on). Acquiring information in such critical situations encounters substantial challenges, such as large volume of data processing, unstructured data, privacy, authorized data access, and so forth. Among the issues, access authorization has received little attention. Existing solutions for data authorization either do not scale well or merely consider a Break-the-Glass concept in which a master key is provided to the first responders (FRs) to decrypt the corresponding ciphertext. This may not only enable unauthorized users to access information, but it may also overwhelm FRs by the large volume of accessible data. To jointly address the aforementioned issues, this paper proposes a location-aware authorization scheme that enables FRs to access information provided that they are within a predefined distance from data owners at the time of an emergency. We innovatively integrate attribute-based encryption with broadcast encryption to incorporate dynamic attributes (i.e., location and time) into an access policy. Such attributes act as filters to eliminate data irrelevant to an ongoing emergency. As a result, our scheme provides authorized access to accurate, relevant, timely, and location-aware information. We provide extensive security analysis and performance evaluations to demonstrate the effectiveness of our scheme. The analysis shows that the scheme imposes constant communication and decryption computation overheads. Furthermore, the proposed scheme is proven chosen plain-text attack selectively secure based on $m-$ bilinear Diffie–Hellman exponent assumption. It also addresses the key escrow problem.

A strongly secure pairing-free certificateless authenticated key agreement protocol under the CDH assumption

Abstract: Certificateless authenticated key agreement (CL-AKA) protocols have been studied a great deal since they neither suffer from a heavy certificate management burden nor have the key escrow problem. Recently, many efficient CL-AKA protocols without pairings have been built. However, these pairing-free CL-AKA protocols are either not proved in any formal security model or proved under the gap Diffie-Hellman (GDH) assumption, a non-standard and strong assumption. With available implementation technologies, pairings are needed to realize the GDH assumption, which means that these pairing-free CL-AKA protocols are not pure pairing-free. Furthermore, these protocols are insecure in the strengthened eCK (seCK) model, which encompasses the eCK model and considers leakages on intermediate results. In this paper, we present a pure pairing-free CL-AKA protocol, which is provably secure in the seCK model under the standard computational Diffie-Hellman (CDH) assumption. Compared with the existing CL-AKA protocols, the proposed protocol has advantage over them in security or efficiency.

Server-client key escrow for applied key management system and process

Abstract: Embodiments described herein relate to apparatuses and methods for registering and storing a local key associated with a local application of a communication device, including, but not limited to, receiving a request from the communication device to register and store the local key, evaluating the request based on at least one first policy, and sending the request to register and store the local key to a secure key storage.

A non-interactive certificateless two-party authenticated key agreement protocol for wireless sensor networks

Abstract: Key agreement protocols is one of the important factors for establishing communication between two parties. Recent works support the use of pairing free certificateless authenticated key agreement protocols and becomes a promising base in a energy-famished WSN. Certificateless concept provides an authentication by eliminating the need of certificates of traditional public key cryptography and key escrow problem of identity based cryptography IBC. This paper presents a non-interactive Certificateless two-party authenticated key agreement NI-CTAKA protocol for WSN. NI-CTAKA is pairing-free as well as reduces number of scalar point multiplications. NI-CTAKA has been implemented on MICAz platform using TinyOS-2.1.2 and RELIC-0.3.3 cryptographic library and the results has been analysed for storage-cost, running time and energy consumption. Further, NI-CTAKA is proven to be secure in the security model presented by Lipold et al. extended Canetti-Krawczyk eCK model. The comparative analysis proves that the proposed protocol is more efficient than the existing protocols.

An Efficient Certificate less Encryption for Secure Data Sharing In Public Clouds

Abstract: The study proposes a mediated certificateless encryption scheme without pairing operations for securely sharing sensitive information in public clouds. Mediated certificate less public key encryption (mCL-PKE) solves the key escrow problem in identity based encryption and certificate revocation problem in public key cryptography. However, existing mCL-PKE schemes are either inefficient because of the use of expensive pairing operations or vulnerable against partial decryption attacks. In order to address the performance and security issues, in this paper, we first propose a mCL-PKE scheme without using pairing operations. The study apply our mCL-PKE scheme to construct a practical solution to the problem of sharing sensitive information in public clouds. The cloud is employed as a secure storage as well as a key generation center. In our system, the data owner encrypts the sensitive data using the cloud generated users’ public keys based on its access control policies and uploads the encrypted data to the cloud. Upon successful authorization, the cloud partially decrypts the encrypted data for the users. The users subsequently fully decrypt the partially decrypted data using their private keys. The confidentiality of the content and the keys is preserved with respect to the cloud, because the cloud cannot fully decrypt the information. We also propose an extension to the above approach to improve the efficiency of encryption at the data owner. The study implements our mCL-PKE scheme and the overall cloud based system, and evaluates its security and performance. Our results show that our schemes are efficient and practical.

Robust distributed key issuing protocol for identity based cryptography

Abstract: In this paper, we propose a robust distributed threshold key transfer protocol or issuing protocol that solves the key escrow problem in identity-based approach. We use threshold cryptographic techniques in each phase of the algorithm such as in system public key setup, key issuing, key securing and private key reconstruction. Our protocol is robust means even t KPA's (out of n = 21 + 1) are corrupted or dishonest the user recover the private key. This protocol can be efficient even if the communication between authorities (KGC and KPAs) is insecure. This approach is useful and offer benefits that are in identity-based techniques, while eliminating key escrow from the setup. In this protocol, either KGC or KPA cannot cheat the users to obtain their private keys. Security analysis of proposed protocol and active adversary assumptions are also presented.

A Secure Framework for Ensuring EHR's Integrity Using Fine-Grained Auditing and CP-ABE

Abstract: In this paper, a secured framework for storing the Electronic Health Records (EHR's) on the cloud platform without losing integrity. With the help of cloud computing, healthcare industries outsourcing their services like storing and processing of EHR's from local servers to the cloud servers. Unfortunately, Cloud Computing poses a security risk, that is EHR's integrity in the cloud server which is subjected to suspicious because of the presence of hardware/software crashes or human mistakes. Various schemes were proposed to audit cloud data integrity. However, at the time of auditing, the public auditors undoubtedly reveal the patient information. Therefore, this is a primary issue in EHR's security. To solve this problem, we introduced a secure framework, which enables the public auditor to verify EHR's without revealing patient identity. Our framework allows the auditors to audit EHR's without retrieving complete EHR files. Additionally, our framework solves the key escrow issue by using two-authority key generation scheme. Here, Key Generation Authority (KGA) and cloud server play a significant role to assign each part of the file to auditors for auditing by using Ciphertext Policy Attribute Based Encryption (CP-ABE). It allows independent auditing assignments instead of one by one.

Method and system for protecting condition privacy of internet of vehicles based on certificateless batch verification

Abstract: The invention discloses a method and a system for protecting a condition privacy of an internet of vehicles based on certificateless batch verification. The method comprises the following steps: a key generation center KGA and a track authentication center TRA jointly generate a master key and a system parameter of the internet of vehicles; according to the system parameter and vehicle user real identity information, the TRA generates a pseudonym identity of a vehicle user; the KGC generates a partial private key of the vehicle user; the vehicle user generates an own key; the vehicle user signs a message; an RSU carries out verification on a signature; and the RSU carries out the batch verification on the signature. According to the method and the system disclosed by the invention, by adopting a certificateless cryptography system, the unsolvable inherent certificate management problem and the certificate maintenance problem in the traditional public key cryptography system are effectively solved; and meanwhile, the key escrow problem caused by an identity-based cryptography system is also avoided; by adopting a batch verification technology, the signature verification efficiency in the internet of vehicles is improved; and in the internet of vehicles, the key generation center KGA and the track authentication center TRA are adopted to realize the condition privacy protection on the internet of vehicles.

A short certificate-based signature scheme with provable security

Abstract: Certificate-based signature (CBS) is an attractive paradigm since it simultaneously solves the certificate revocation problem in conventional signatures and the key escrow problem in ID-based signatures. In particular, short certificate-based signatures are useful in bandwidth reduction for communication due to their short signature lengths. However, it is still a challenging and open problem to design a secure short certificate-based signature (SCBS) scheme. Recently, to solve this problem, Li et al . proposed an efficient SCBS scheme. However, in this article, we will show that Li et al .’s scheme is insecure against Type I adversary (i.e. uncertified entity) under an accredited security model. Moreover, we propose a new SCBS scheme with provable security. Based on the computational Diffie–Hellman (CDH) assumption, we demonstrate that our SCBS scheme possesses existential unforgeability against adaptive chosen-message attacks under the same accredited security model. When compared with previous SCBS schemes, our scheme is the first provably secure SCBS scheme while retaining efficiency. DOI: http://dx.doi.org/10.5755/j01.itc.45.3.12814