Showing papers on "Key escrow published in 2018"

An Anonymous ECC-Based Self-Certified Key Distribution Scheme for the Smart Grid

Abstract: In the smart grid, the various stakeholders can communicate securely and efficiently only if they employ a proper key distribution scheme. In recent years, a number of key distribution schemes have been proposed to be used in the context of the smart grid. However, some suffer from security challenges, some do not provide the smart meter anonymity, some require high communication and computational costs that make them less suitable for the resource-constrained smart meters, some are based on the public key infrastructure, and most of the newly published ones have the key escrow problem. Therefore, to remedy these challenges, in this paper, we propose an anonymous elliptic curve cryptography-based self-certified key distribution scheme that not only is free from the overhead of the certificate management and the key escrow issue, but also is more efficient than anonymous schemes in terms of both communication and computational costs. More significantly, we have implemented the cryptographic elements on two state-of-the-art ARM chips. First, a 32-bit ARM Cortex-M4 microcontroller as a candidate for the smart meter and second, a 64-bit Octa core ARM Cortex-A53 as a candidate for the service provider. We hope that the achieved results be beneficial for other future researches in this field.

A Dynamic and Cross-Domain Authentication Asymmetric Group Key Agreement in Telemedicine Application

Abstract: Telemedicine offers medical services remotely via telecommunications systems and physiological monitoring devices. Group-oriented communication is an important application for telemedicine. However, transmission of information over an insecure channel such as Internet or private data storing generates a security problem. Therefore, authentication, confidentiality, and privacy are important challenges in telemedicine. Therefore, developing suitable encryption communication protocol for group communication is quite important for modern medicine. Group key agreement is one way to ensure the security of group-oriented communication for telemedicine. In this paper, we propose a dynamic and cross-domain authenticated asymmetric group key agreement. The protocol adopts cross-domain authentication mechanism to avoid the security risks of key escrow and the complexity of certificate management. It supports the dynamic group key update of nodes for forward secrecy and backward security of group key, and also achieving the key self-certified, the member participated group key agreement can self-certify whether the calculated group keys are correct. The protocol is proven secure under the inverse computational Diffie-Hellman problem assumption, and the performance analysis shows that the proposed scheme is highly efficient. The proposed scheme is more suitable for security group communication in telemedicine.

An efficient certificateless user authentication and key exchange protocol for client-server environment

Abstract: Identity-based user authentication protocols have been presented to be applicable to resource-constrained devices such as mobile phones. Unfortunately, the previous protocols have the drawback of the key escrow problem. A new protocol of a user authenticated key exchange for the mobile client-server environment is presented based on certificateless public key cryptography (CL-PKC). Our protocol solves the key escrow problem in user authentication schemes based on identity-based public key cryptography (ID-PKC). In addition, the proposed protocol is resisted to both adversaries’ types I and II and achieves perfect forward secrecy. The security of the proposed protocol has been proved using computational Diffie-Hellman (CDH) assumption in the random oracle model. Experimental results show that our scheme is better than He et al. and Tsai et al. schemes respectively in communication cost.

An Authentication Scheme Using Identity-based Encryption & Blockchain

Abstract: Identity-based encryption is a key distribution system in which the public key of a user is derived directly from his identity information. Compared with PKI, Identity-based encryption simplifies key management issue, but it still suffers from drawbacks inkey escrow and private key delivering. Motivated by this, we propose an improved key distribution solution called BIBE by integrating the technique of blockchain into the identity-based encryption. Specifically, we split the nodes in the chain to complete user authentication and private key protection, respectively. Furthermore, the two sides complete the mutual identity authentication with the identity information key pairs obtained from BIBE. Additionally, to prevent network attack, we employ timestamps, random numbers and hash algorithm in the process of identification. Through the rigorous and mathematical analysis, the proposed scheme demonstratesa far better performance on correctness, safety and efficiency.

An Enhanced Certificateless Signcryption in the Standard Model

Abstract: Signcryption is a cryptography prototype which performs message encryption and signature in a logical step. Certificateless public key cryptography successfully resolves the problem of certificate management in traditional public key cryptography and key escrow problem in identity-based public key cryptography. There are lots of efficient certificateless signcryption schemes that have been proposed, most of which are proved secure under the random oracle model. But when applied in practical situations, the random oracle model will cause many security problems due to its own defects. Nowadays, more and more people pay attention to the standard model which provides a stronger security. In this paper, we present an efficient certificateless signcryption scheme that is provably secure in the standard model. Under the Decisional Bilinear Diffie–Hellman and Computational Diffie–Hellman hard problems, our scheme satisfies the ability of indistinguishability against adaptive chosen ciphertext attack and existential unforgeability against adaptive chosen message attack. Moreover, our scheme satisfies known session-specific temporary information security that most of signcryption schemes in the standard model cannot achieve this security attribute. Compared with other signcryption schemes, our scheme achieves shorter ciphertext length, better performance efficiency and stronger security.

Crypto Crumple Zones: Enabling Limited Access without Mass Surveillance

Abstract: Governments around the world are demanding more access to encrypted data, but it has been difficult to build a system that allows the authorities some access without providing unlimited access in practice In this paper, we present new techniques for maximizing user privacy in jurisdictions that require support for so-called "exceptional access" to encrypted data In contrast to previous work on this topic (eg, key escrow), our approach places most of the responsibility for achieving exceptional access on the government, rather than on the users or developers of cryptographic tools As a result, our constructions are very simple and lightweight, and they can be easily retrofitted onto existing applications and protocols Critically, we introduce no new third parties, and we add no new messages beyond a single new Diffie-Hellman key exchange in protocols that already use Diffie-Hellman We present two constructions that make it possible— although arbitrarily expensive—for a government to recover the plaintext for targeted messages First, our symmetric crumpling technique uses a hash-based proof of work to impose a linear cost on the adversary for each message she wishes to recover Second, our public key abrasion method uses a novel application of Diffie-Hellman over modular arithmetic groups to create an extremely expensive puzzle that the adversary must solve before she can recover even a single message Our initial analysis shows that we can impose an upfront cost in the range of $100M to several billion dollars and a linear cost between $1K-$1M per message We show how our constructions can easily be adapted to common tools including PGP, Signal, SRTP, full-disk encryption, and file-based encryption

Certificateless Signcryption Scheme Without Random Oracles

Abstract: Signcryption can realize encryption and signature simultaneously with lower computational costs and communication overhead than those of the traditional sign-then-encrypt approach. Certificateless cryptosystem solves the key escrow problem in the identity-based cryptosystem and simplifies the public key management in the traditional public key cryptosystem. So far there have been some certificateless signcryption schemes proposed in the standard model. However, they are either insecure or inefficient. They need long system public parameters, making it hard to deploy them in the limited storage environments. Based on the Gentry's identity-based encryption scheme, the authors propose a certificateless signcryption scheme in the standard model. Compared with previous schemes, the proposed scheme has not only much higher computational efficiency, but also shorter public parameters. The authors also give rigorous proof of its security.

Remove key escrow from the BF and Gentry identity-based encryption with non-interactive key generation

Abstract: Key escrow is inherent in identity based encryption (IBE) since it was first put forward by Shamir. A key generation center (KGC) or private key generator is in charge of generating the user’s secret key, therefore a malicious one can decrypt any ciphertext without being found. This paper introduces a new scheme to eliminate key escrow from IBE. This scheme is based on the security concept of anonymous ciphertext indistinguishability against key generation center (ACI-KGC) which is introduced by Chow. We equip the Boneh and Franklin IBE (BF-IBE) and Gentry-IBE with our scheme and give the security analysis to show the accuracy and the security of it. In contrast to Chow’s scheme, to generate the secret key, our approach does not require the interactive protocol which brings about much extra costs.

Achieving Collaborative Cloud Data Storage by Key-Escrow-Free Multi-Authority CP-ABE Scheme with Dual-Revocation

Abstract: Nowadays, more and more users store their data in cloud storage servers for great convenience and real benefits offered by the service, so cloud data storage becomes one of the desirable services provided by cloud service providers. Multi-Authority Ciphertext-Policy Attribute-Based Encryption (MA-CP-ABE) is an emerging cryptographic solution to data access control for large-scale collaborative cloud storage service, which allows any data owner to outsource the data to cloud data storage in order to enable users from collaborating domains or organizations to access the outsourced data. However, the existing MA-CPABE schemes cannot be directly applied to collaborative cloud storage services as data access control due to the key escrow problem and the absence of dual revocation mechanism (user revocation and attribute revocation). By addressing these issues, this paper presents a Key-EscrowFree Multi-Authority Ciphertext-Policy Attribute-Based Encryption Scheme with Dual-Revocation by introducing “the essential attribute” and making use of a certificate authority apart from attribute authorities. Compared with the existing MA-CP-ABE schemes, the proposed scheme is the most suitable one to enable data access control for collaborative cloud storage systems. Furthermore, the security and performance analysis indicates that our scheme is more secure and reasonably efficient to be applied to practical scenarios as collaborative cloud storage systems.

Context-Aware Authorization and Anonymous Authentication in Wireless Body Area Networks

Abstract: With the pervasiveness of the Internet of Things (IoT) and the rapid progress of wireless communications, Wireless Body Area Networks (WBANs) have attracted significant interest from the research community in recent years. As a promising networking paradigm, it is adopted to improve the healthcare services and create a highly reliable ubiquitous healthcare system. However, the flourish of WBANs still faces many challenges related to security and privacy preserving. In such pervasive environment where the context conditions dynamically and frequently change, context-aware solutions are needed to satisfy the users' changing needs. Therefore, it is essential to design an adaptive access control scheme that can simultaneously authorize and authenticate users while considering the dynamic context changes. In this paper, we propose a context-aware access control and anonymous authentication approach based on a secure and efficient Hybrid Certificateless Signcryption (H-CLSC) scheme. The proposed scheme combines the merits of Ciphertext-Policy Attribute-Based Signcryption (CP-ABSC) and Identity-Based Broadcast Signcryption (IBBSC) in order to satisfy the security requirements and provide an adaptive contextual privacy. From a security perspective, it achieves confidentiality, integrity, anonymity, context-aware privacy, public verifiability, and ciphertext authenticity. Moreover, the key escrow and public key certificate problems are solved through this mechanism. Performance analysis demonstrates the efficiency and the effectiveness of the proposed scheme compared to benchmark schemes in terms of functional security, storage, communication and computational cost.

A Lightweight Privacy-Preserving Solution for IoT: The Case of E-Health

Abstract: E-health, as an IoT application, promises to improve the human daily life. It collects periodically biomedical data through intelligent sensors and transmits it for remote medical diagnostics. Due to the importance of exchanged medical data, privacy preserving is a huge issue. To this aim, several solutions were proposed. However, either they cannot provide a high level of privacy, or they incur an important overhead. Motivated by this observation, we introduce a privacy preserving E-health system including a novel cryptographic scheme called PKE-IBE. The proposed cryptographic scheme is based on Identity-Based Cryptography (IBC). It tackles the key escrow issue and ensures blind partial private key generation. A chosen ciphertext security variant is also introduced. Our detailed security and performance analysis reveals that our proposal not only overcomes various known attacks but also is efficient in comparison to existing approaches.

A Provably-Secure Outsourced Revocable Certificateless Signature Scheme Without Bilinear Pairings

Abstract: Certificateless public key cryptosystem (CLPKC) is a desirable cryptographic system because it refrains from both certificate management and key escrow. In CLPKC, how to revoke a misbehaving or compromised user is an important issue. However, the existing revocable methods in CLPKC are impractical because of the use of either an expensive mediator or a burdensome key generation center (KGC). In order to overcome this drawback, we introduce outsourcing computation into CLPKC for the first time and design an outsourced revocable certificateless signature (ORCLS) scheme, and the revocation functionality is outsourced to a cloud server. The amount of computation needed to revoke a user is borne by the cloud server, which greatly reduces the burden on the KGC. In the rest of this paper, we formalize the definition and the security model for an ORCLS scheme and construct the first ORCLS scheme without bilinear pairings. It is proved that our scheme is existential unforgeable against adaptive chosen-message attacks from Type I, Type II, Type III, and Type IV adversaries under the elliptic curve discrete logarithm problem. Moreover, our scheme needs less computational cost and communication overhead and thus is more efficient than the other proposed revocable certificateless signature schemes so far.

Certificateless Provable Group Shared Data Possession with Comprehensive Privacy Preservation for Cloud Storage

Abstract: Provable Data Possession (PDP) protocol makes it possible for cloud users to check whether the cloud servers possess their original data without downloading all the data. However, most of the existing PDP schemes are based on either public key infrastructure (PKI) or identity-based cryptography, which will suffer from issues of expensive certificate management or key escrow. In this paper, we propose a new construction of certificateless provable group shared data possession (CL-PGSDP) protocol by making use of certificateless cryptography, which will eliminate the above issues. Meanwhile, by taking advantage of zero-knowledge protocol and randomization method, the proposed CL-PGSDP protocol leaks no information of the stored data and the group user’s identity to the verifiers during the verifying process, which is of the property of comprehensive privacy preservation. In addition, our protocol also supports efficient user revocation from the group. Security analysis and experimental evaluation indicate that our CL-PGSDP protocol provides strong security with desirable efficiency.

Efficient Deduplicated Reporting in Fog-Assisted Vehicular Crowdsensing

Abstract: In this paper, we propose an efficient deduplicated reporting scheme in fog-assisted vehicular crowdsensing. Based on a certificateless aggregate signcryption scheme (CLASC), the proposed scheme provides a promising approach for improving storage and communication overhead while maintaining content privacy. Specifically, roadside units (RSUs) as fog nodes are able to detect and remove any replicate crowdsensing reports without accessing information about their contents. Furthermore, the proposed scheme achieves fairness between vehicles whose reports are reduplicated and deleted. The scheme is designed with security properties, including report confidentiality, integrity, mutual authenticity, privacy, anonymity, secure data deduplication and key escrow resilience. To conclude, we elaborate on the achievement of secure data deduplication property and demonstrate the efficiency of the low computational and communication overhead of the proposed scheme.

Cryptanalysis and Enhancement of an Anonymous Self-Certified Key Exchange Protocol

Abstract: Authentication protocols with anonymity have gained much popularity recently which allows users to access any public network without compromising their identity. Several key exchange protocols have been proposed in the literature using either public key infrastructure or identity-based cryptosystem. However, the former suffers from heavy computation cost and latter fails to prevent key escrow problem. Recently, Islam et al. have proposed a self-certified authenticated key agreement protocol based on ECC which removes the above limitations. However, through careful analysis, we found that their scheme lack anonymity and vulnerable to trace the attack, clogging attack, and fails to prevent the replay attack. To overcome these weaknesses, we propose an anonymous self-certified authenticated key exchange protocol by including the required security features. The scheme is formally proved using Automated Validation of Internet Security protocols and Applications software. Also, the formal authentication proofs using Burrows–Abadi–Needham logic ensures successful authentication. Furthermore, the performance analysis demonstrates that the proposed scheme accomplishes less computational cost and is applicable to a client–server architecture.

Toward privacy preserving in IoT e-health systems: A key escrow identity-based encryption scheme

Abstract: E-health represents one of the most promising Internet of Things (IoT) applications. Indeed, it enhances the traditional medical services by monitoring periodically patient's health information. Due to the sensitivity of exchanged medical data, strong and efficient security and privacy protocols must be deployed. However, existing privacy preserving approaches either cannot achieve a high level of privacy, or have an important computation and/ or storage overheads. In this paper, we propose a privacy-preserving e-health system, achieving patient privacy and better meeting the IoT environment requirements. This system includes a new cryptographic scheme called KE-IBE which relies on Identity-Based Cryptography (IBC) and resolves its key escrow issue. To prove that the proposed protocol can withstand various known attacks, we perform an informal security analysis. To assess the performance of our proposal, we implement it and expose the experiments simulation results. This evaluation shows that the proposed system is highly efficient in comparison to related approaches found in literature and that it achieves privacy with an acceptable running time.

Mitigating Risk while Complying with Data Retention Laws

Abstract: Data breaches represent a significant threat to organizations. While the general problem of protecting data has received much attention, one large (and growing) class has not - data that must be kept due to mandatory retention laws. Such data is often of little use to an organization, is rarely accessed, and represents a significant potential liability, yet cannot be discarded. Protecting such data entails an unusual combination of practical constraints (such as providing verification to a party that may be unknown) and thus requires functionality that is not well addressed by traditional cryptographic primitives. We propose to mitigate the risk to such data through a new system called Dragchute, which creates a time window during which locked data cannot be accessed by anyone. Based on a verifiable non-interactive, non-parallelizable, time-delay key escrow mechanism, Dragchute is novel in that it requires that no cryptographic material capable of providing early access to the data be retained, yet provides verification for multiple properties. We define a base construction for Dragchute, show possible extensions that help meet additional verification requirements, and characterize its performance. Our results show that Dragchute systems offer verifiable, customizable, computational protection against data exposure for encryption costs similar to traditional methods (e.g., less than 6% overhead compared to AEAD). We thus show that Dragchute systems provide a critical new means for protecting data that must be retained long term due to mandatory retention laws.

Where did I leave my keys?: lessons from the Juniper Dual EC incident

Abstract: In December 2015, Juniper Networks announced multiple security vulnerabilities stemming from unauthorized code in ScreenOS, the operating system for their NetScreen Virtual Private Network (VPN) routers. The more sophisticated of these vulnerabilities was a passive VPN decryption capability, enabled by a change to one of the parameters used by the Dual Elliptic Curve (EC) pseudorandom number generator.In this paper, we described the results of a full independent analysis of the ScreenOS randomness and VPN key establishment protocol subsystems, which we carried out in response to this incident. While Dual EC is known to be insecure against an attacker who can choose the elliptic curve parameters, Juniper had claimed in 2013 that ScreenOS included countermeasures against this type of attack. We find that, contrary to Juniper's public statements, the ScreenOS VPN implementation has been vulnerable to passive exploitation by an attacker who selects the Dual EC curve point since 2008. This vulnerability arises due to flaws in Juniper's countermeasures as well as a cluster of changes that were all introduced concurrently with the inclusion of Dual EC in a single 2008 release. We demonstrate the vulnerability on a real NetScreen device by modifying the firmware to install our own parameters, and we show that it is possible to passively decrypt an individual VPN session in isolation without observing any other network traffic. This incident is an important example of how guidelines for random number generation, engineering, and validation can fail in practice. Additionally, it casts further doubt on the practicality of designing a safe "exceptional access" or "key escrow" scheme of the type contemplated by law enforcement agencies in the United States and elsewhere.

Proposing a Key Escrow Mechanism for Real-Time access to End-to-End encryption systems in the Interest of Law Enforcement

Abstract: Since end-to-end encryption is now a prevalent in text based communication, it has become necessary to explore its flip side as well. This paper studies and analyses the working and security mechanisms of one such application, WhatsApp messenger. It also discusses the pitfalls of perfect forward secrecy and its consequences for law enforcement, which essentially hold true for any end-to-end encryption system. Lastly, a model is proposed using key escrow that tries to provide selective access to law enforcement under justified conditions. This model can be generalized to extend to other WhatsApp-like applications and implemented or enforced in the form of a guideline or regulation respectively.

Generic Construction of Outsourced Attribute-Based Encryption Without Key Escrow

Abstract: Attribute-based encryption (ABE) has a broad developing prospect in fine-grained sharing of ciphertext in the background of cloud computing. However, most of ABE schemes have a potential security risk called key escrow problem because users’ secret keys are issued by a trusted attribute authority (AA). Moreover, the pairing and exponential operations are heavy for users who are resource limited. In this paper, we introduce a semi-trusted organization called ministrant attribute authority (MAA). Based on our proposed master-key and parameters (MAP) transform, we construct a key issuing protocol where AA and MAA not only cooperate with but also restrain each other skillfully to generate users’ secret keys. These keys can be utilized directly for outsourced decryption. Based on the MAP transform, the key issuing protocol and an ABE scheme, we propose a generic construction of outsourced ABE without key escrow (OABE-WoKE). We provide security definitions for three types of adversaries where AA and MAA are included, and we are the first to prove that the construction is CPA secure against any one of the three types of adversaries. Finally, we provide two instantiations of OABE-WoKE schemes. Analyzing the simulation of them, we can conclude that they are more efficient than their competitive schemes.

Key escrow-free secure multi-keyword sorting and searching system

Abstract: The invention relates to a key escrow-free secure multi-keyword sorting and searching system. The system comprises a key generation center, a cloud server, a data owner and a data user; the key generation center is used for achieving interactive computing with the cloud server to jointly generate a public parameter of the system and a property public key-private key pair of the data user; the cloud server is used for storing a file of the data owner and responding to a searching query request of the data user; the data owner extracts a keyword set from the file, encrypts the keyword set into asecure index, encrypts the file, makes an access strategy and embeds the access strategy into ciphertext; and the data user defines the searched keyword set and generates a trap door by using the property private key of the data user to search for the encrypted file stored in the cloud server. According to the system, the key escrow problem is solved, flexible authorization keyword searching andfine-grained data access authorization are achieved, multi-keyword subset searching is supported, and the searching result is not influenced by changes of the keyword query order.

A Proxy Signature Based Efficient and Robust Handover AKA Protocol for LTE/LTE-A Networks

Abstract: An efficient and robust handover is one of the essential requirements of several applications in LTE/LTE-A network. These applications are reliable only after a successful authentication of communication entities. Hence, the third generation partnership project has recommended the handover schemes for different mobility scenarios with a new key management approach that increases the complexity of the overall system. To overcome the above problems, researchers have proposed various handover authentication protocols. But, most of the handover protocols can’t avoid the key escrow problem and suffers from key forward/backward secrecy. Also, these protocols are vulnerable to various malicious attacks and incur high computational overhead during the authentication process. Therefore, these protocols don’t suit for handover authentication in LTE/LTE-A networks. However, researchers have proposed the proxy signature based handover protocols but, these protocols fail to achieve an adequate solution for proxy revocation and necessary security demands. In order to mitigate the aforesaid problems, we propose a proxy signature based efficient and robust handover authentication and key agreement protocol with revocation in LTE/LTE-A network. To prove the correctness of the proposed protocol, the formal analysis is carried out by BAN logic and simulated using the AVISPA tool. Moreover, the security analysis illustrates that the proposed protocol fulfills all the security features and avoids the identified attacks. Finally, the performance analysis of the proposed protocol is shown with existing handover protocols. The analysis shows that the protocol has improved results in terms of transmission, storage, message and computation overhead.

Key escrow method and device and computer-readable storage medium

Abstract: The present invention discloses a key escrow method. The method comprises a step of receiving a key escrow request sent by a key custodian and acquiring a custodian identity identifier and an asymmetric key to be escrowed carried in the key escrow request, a step of verifying the custodian identity identifier and the asymmetric key to be escrowed, and a step of storing the custodian identity identifier and the asymmetric key to be escrowed into a front-end escrow system of a blockchain participants when the verification is passed. The invention also discloses a key escrow device and a computer-readable storage medium. The usage threshold of a blockchain application can be reduced, and the quick promotion of a blockchain application deployed by other participants of the blockchain is facilitated.