Efficient Unlinkable Secret Handshakes for Anonymous Communications


 Ashlie Phelps
 2 years ago
 Views:
Transcription
1 보안공학연구논문지 (Journal of Security Engineering), 제 7권 제 6호 2010년 12월 Efficient Unlinkable Secret Handshakes for Anonymous Communications EunKyung Ryu 1), KeeYoung Yoo 2), KeumSook Ha 3) Abstract The technique of secret handshake is used as a fundamental building block for anonymous peertopeer communications over untrusted networks. However, the fact that most existing schemes fail to meet unlinkability causes the use of schemes to limit for practical use. In this paper, we provide new constructions for unlinkable secret handshake, allowing arbitrary two communication parties with the same role in either one single group or multiple groups to privately authenticate each other. Compared to previous works, our techniques have much better performance in terms of both computational and communication cost, while they obtain good security results. Keywords : Privacy, Security, Secret Handshake, Anonymous Communication, Unlinkability 1. Introduction A secret handshake is a cryptographic mechanism that enables anonymous and secure communication over untrusted networks by allowing arbitrary two members in a same group to privately authenticate to each other, as well as to agree on a shared key for further communication. More specifically, the secret handshake guarantees the following properties [1]. Let party A be a member of group G 1 with the role r A, and party B be a member of group G 2, respectively. 1) Neither A nor B learns anything about the other party if G 1 does not equal G 2. 2) Both A and B learn their respective group memberships only if G 1 equals G 2. 3) A third party observing the exchange between A and B does not learn anything, including whether A and B belong to the same group, the specific identities of the groups, or the roles of either A or B. For such reasons, the techniques for secret handshake are used as fundamental building blocks for anonymous peertopeer communications in a diverse range of applications, including military secret service, Received(October 10, 2010), Review request(october 11, 2010), Review Result(1st:October 25, 2010, 2nd:November 07, 2010) Accepted(December 31, 2010) 1 Graduate School of Electrical Engineering and Computer Science, Kyungpook National University, Daegu School of Computer Science and Engineering, Kyungpook National University, Daegu (Corresponding author) Division of Computer Information and Electronics, Kumi College, Kumi
2 Efficient Unlinkable Secret Handshakes for Anonymous Communications highbandwidth digital content protection systems and anonymous routing in adhoc networks [2]. The first scheme for secret handshakes was introduced by Balfanz et al in [1], which adopts the concept of noninteractive key agreement in pairingsbased cryptography. After that, many interesting results [2][6] have been shown in the literature in recent years, using various cryptographic primitives such as RSA, identitybased encryption, CAoblivious encryption, group signature and etc. However, the fact that most existing schemes fail to meet unlinkability causes the use of schemes to limit for practical use. The unlinkability means that multiple handshake sessions involving the same party cannot be linked by a third party, which is required as a primary security property in the design of any privacypreserving security protocol. In this paper, we describe efficient constructions for secret handshake in twoparty settings and provide the security analysis of the resulting schemes. Our schemes have a number of crucial advantages. They provide the unlinkability, but do not require onetime credentials. They are also capable of preserving all desired security properties, including impersonation resistance and detection resistance. Moreover, compared to previous works, our constructions have much better performance in terms of both computational and communication cost, while they obtain good security results. The rest of this paper is organized as follows. In Section 2, we briefly review some cryptographic tools used in our solutions which include the concept of bilinear pairings and the underlying computational assumption. In Section 3, we describe our solution and provide its security analysis. We then discuss efficiency and other attributes in Section 4. We further discuss about the support for multiplegroups in Section 5. Finally, we conclude in Section Cryptographic Tools Here we briefly introduce the underlying cryptographic tools for our schemes, which include bilinear pairings and the wellknown Bilinear DiffieHellman assumption [7]. Let G and G' be two cyclic additive groups and G T be a cyclic multiplicative group of the same prime order q. Let P be a generator of G and P' be a generator of G'. The symbol ^ denotes the exponentiation operation. A bilinear pairing is a function e : G G' G T with the following properties: Bilinear: For all P 1 G, Q 1 G' and a, b Z q, then e(ap 1, bq 1) = e(p 1, Q 1)^{ab}. Nondegenerate: There exist P 1 G and Q 1 G' such that e(p 1, Q 1 ) 1. Computable: There exists an efficient algorithm to compute e(p 1, Q 1) for any P 1 G and Q 1 G'. The above bilinear pairing is called "Type 3"[8], asymmetric pairings, which is usually implemented using the Weil or Tate pairings over elliptic curve groups G and G', with good performance and flexibility for high security parameters. The elements in G, in general, allow more compact representation than those in G'. The 620
3 보안공학연구논문지 (Journal of Security Engineering), 제 7권 제 6호 2010년 12월 bilinear pairings, in recent years, have been widely used to construct various cryptographic primitives, due to the advantages of its high security assurance with smallsize keys and less bandwidth consumption. Definition 1. (BDH assumption) The Bilinear DiffieHellman (BDH) problem is defined as follows: given P, ap, bp G and P', cp' G', compute e(p, P')^{abc}, where a,b,c are randomly chosen from Z q and P, P' are generators in G, G', respectively. We say that the BDH assumption holds if no probabilistic polynomialtime algorithm can solve the BDH problem with nonnegligible probability. 3. Unlinkable Secret Handshake In this section, we describe our solution for the problem of unlinkable secrete handshake. We first provide our construction with fullfledged security features and then discuss its security results. 3.1 The Construction Let H 0: {0, 1} * G' maps arbitrary strings to points in G', and H 1, H 2 be collisionresistant hash functions, taking arbitrary strings as input, such as SHA1. Let Gen be a parameter generator that takes a security parameter k as input and outputs the bilinear parameters (q, G, G', G T, e, P, P'). We assume that a group authority for each group is associated with a unique pair (pk, sk) of keys, such that pk = sp and sk = s, where s is the group master secret. Also, each group member in the group is assumed to be associated with a group secret key S = s H 0 (gid role) G', corresponding to the group identity gid and the given role role to the party. The protocol is a 3round interactive communication algorithm executed by arbitrary two communication parties. In what follows, we denote by the concatenation of two strings and by A, B two communication parties. ini and res are predefined constant values, representing initiator and responder, respectively. The protocol works as below. Round 1. A B: R A 1.1) Choose a random kbit value r A 1.2) Compute R A = r A P 1.3) Send R A to B Round 2. B A: R B, resp B 2.1) Choose a random kbit value r B 621
4 Efficient Unlinkable Secret Handshakes for Anonymous Communications 2.2) Compute R B = r BP, K B = e(r A, S B)^{r B}, and resp B = H 1(K B R A R B res) 2.3) Send R B, resp B to A Round 3. A B: resp A 3.1) Compute K A = e(r B, S A)^{r A} and verify if resp B = H 1(K A R A R B res) 3.2) If it holds, compute resp A = H 1 (K A R A R B ini) 3.3) Send resp A to B 3.4) Upon receiving resp A, B verifies it using its own key K B, in the exactly same way as A. Note that if A and B are in the same group with the same role, i.e. S A = s A H 0(gid A role A) = s B H 0(gid B role B) = S B, they will successfully authenticate their respective memberships, due to the fact that K A = e(r B, S A )^{r A } = e(p, S A )^{r A r B } = e(p, S B )^{r A r B } = e(r A, S B )^{r B } = K B. After the verifications succeeds, A and B can compute the shared key for future communication as SK A = H 2(K A R A R B resp A resp B) and SK B = H 2(K B R A R B resp A resp B), respectively. 3.2 Security We now discuss the security of our constuction, where unlinkability (UL) is examined in detail. Below our scheme is denoted by SHRYH. Recall the BDH assumption is that it is computationally intractable to compute e(p, P')^{abc}, given (P, ap, bp G, P', cp' G' ) where a, b and c are random numbers in Z q. The security of the SHRYH scheme relies on the BDH assumption. Theorem 1. The SHRYH described above is an unlinkable secret handshake scheme under the BDH assumption. Proof. The property of unlinkability requires that it should be computationally hard for an adversary to link transmitted messages by the same party. Given a pair of transmitted messages, R A, R B, resp A, resp B and R A' R B' resp A', resp B' for secret handshake, the only way for an adversary to distinguish the messages by the same or different parties is to compute a type of shared secrets K A = e(r B, S A)^{r A} and K A' = e(r B', S A)^{r A'}. Suppose that there exists such an adversary E who breaks the unlinkability of the scheme. We then show a 622
5 보안공학연구논문지 (Journal of Security Engineering), 제 7권 제 6호 2010년 12월 simulator S that uses E to solve the BDH problem. Let {P, P', u 1 = ap, u 2 = bp, u 3 = cp'} be an instance of the BDH problem. The challenge of the simulator S is to compute e(p, P')^{abc}, as described above. The S first sets the pair of keys for the group authority as {pk = vp, s = v}, where v is a random value in Z q. Then, S gives {R A = u 1, R B = u 2, resp A = t 1, resp B = t 2} to E as a challenge, where t 1, t 2 are klength random values. Note that this challenge defines H 0(gid A role A) = w u 3, where w is a random value in Z q. That is, t 1 = H 1 (K A u 1 u 2 ini), where K A = e(u 2, vwu 3 )^{a} = e(bp, vwcp')^{a} = e(p, P')^{abcvw}. If E replies e(p, P')^{abcvw} as the answer to its own challenge, S is able to recover e(p, P')^{abc} by raising it to the power of (v w)^{1}. The security properties, which are required for the secret handshake scheme to be used in practice, also include impersonation resistance (IR) and detection resistance (DR). The proof of such properties for our scheme can be similarly done to that given for above Theorem 1. We omitted here. 4. Efficiency and Other Attributes We now compare our construction with some previous ones, which are built on bilinear pairings, in terms of computation and communication cost with other attributes in Table 1. For each scheme we show the computational cost per party, the size of all exchanged messages, the underlying assumptions and the security properties achieved. We denote by "pm" a point multiplication over an elliptic curve, by "pr" a pairing and by "exp" an exponentiation. [Table 1] Secret handshaking scheme comparisons Schemes Computation Message Assumptions Security Properties SHABK [2] 2pm + 2pr + 1exp BDH, SXDH UL, IR, DR SHHC [6] 1pm + 1pr + 1exp broken SHRYH 1pm + 1pr + 1exp BDH UL, IR, DR The message size is in bits. BDH and SXDH stand for the Bilinear DiffieHellman and the Symmetric External DiffieHellman assumptions, respectively. The computational cost is much cheaper in SHHC and SHRYH than in SHABK. Also, the size of all messages in SHHC and SHRYH is shorter than in SHABK. Both SHABK and SHRYH support the all fundamental security properties, but the SHHC scheme is broken, as described in [9]. For the underlying security assumption, the SHRYH scheme requires only the BDH, while the SHABK scheme does an additional assumption, the SXDH. 623
6 Efficient Unlinkable Secret Handshakes for Anonymous Communications 5. The Support for Multiple Groups The scheme we presented earlier supports only for a single group. Here we show how the scheme can be applied to implement the more general case at the almost same cost, where each party is a member of multiple groups. Suppose two communication parties A and B are members of n groups with specific roles, where we assume each party is associated with n secrets S 1,..., S n corresponding one to each group. The party A wants to communicate only the party B, who is a member in the same multiplegroups with the same roles as A, in an anonymous and unlinkable manner. We obtain an extension with multiple groups by changing the SHRYH scheme as below. Round 2. B A: R B, resp' B 2.1) Choose a random kbit value r B 2.2) Compute R B = r BP, K' B = ^{r B}, and resp' B = H 1(K' B R A R B res) 2.3) Send R B, resp' B to A Round 3. A B: resp' A 3.1) Compute K' A = ^{r A} and verify if resp' B = H 1(K' A R A R B res) 3.2) Compute resp' A = H 1(K' A R A R B ini) if it holds 3.3) Send resp' A to B 3.4) Upon receiving resp' A, B verifies resp' A using its own key K' B, as before. Note that if A and B match on both group and role for all groups, it means for all 1 i n. This allows the two parties, A and B, to successfully identify their respective memberships in multiple groups. It is not difficult to see that this extended scheme satisfies the unlinkability property assuming the hardness of the underlying BDH problem. More specifically, an adversary, not possessing the corresponding group secret keys for the member with the specific roles in multiple groups, is not feasible to distinguish whether two executions of the protocol were performed by the same party or not, due to the exactly same reason as that in a single group. That is, in order to break the property of unlinkability for the scheme, the adversary is again 624
7 보안공학연구논문지 (Journal of Security Engineering), 제 7권 제 6호 2010년 12월 faced with the BDH problem. The security proof can be done in a similar way as before. 6. Concluding Remarks We have described two new schemes for secret handshake which allow arbitrary two communication parties in either a single group or multiple groups to authenticate each other in an anonymous and unlinkable manner. Our schemes have crucial advantages. They preserve all the required security properties, including unlinkability, impersonation resistance and the property of detection resistance. Furthermore, compared to previous works, they have much better performance in terms of both computation and computational cost. We believe that our schemes would provide a new building block for the construction of secure and anonymous communication services over untrusted networks. Acknowledgment This research was supported by the Research Project of Kumi College in 2008 and by the Brain Korea 21 Project in References [1] D. Balfanz, G. Durfee, N. Shankar, D. Smetters, J. Staddon, and H. Wong, "Secret Handshakes from Pairingbased Key Agreements," In Proc. IEEE Symposium on Security and Privacy, pp , [2] G. Ateniese, M. Blanton, and J. Kirschm, "Secret Handshakes with Dynamic and Fuzzy Matching," In Proc. Network and Distributed System Security Symposuim (NDSS2007), pp , [3] C. Castelluccia, S. Jarecki, and G. Tsudik, "Secret Handshakes from CAOblivious Encryption," In Proc. Advances in Cryptlogy (ASIACRYPT'04)}, LNCS 3329, pp , [4] S. Jarecki and X. Liu, "Unlinkable Secret Handshakes and KeyPrivate Group Key management Schemes," In Proc. Applied Cryptography and Network Security (ACNS'07), LNCS 4521, pp , [5] S. Jarecki, J. Kim, and G. Tsudik, "Beyond Secret Handshakes: AffiliationHiding Authenticated Key Exchange," In Proc. Topics in Cryptology (CTRSA2008)}, LNCS 4964, pp , [6] H. Huang and Z. Cao, "A Novel and Efficient Unlinkable Secret Handshakes Scheme," IEEE Commun. Lett., vol. 13 (5), pp , [7] D. Boneh and M. Franklin, "IdentityBased Encryption from the Weil Pairing," In Proc. Advances Cryptology (CRYPTO2001), LNCS 2139, pp , [8] D. Page, N. Smart, and F. Vercauteren, "Comparison of MNT Curves and Supersingular Curves," Applicable Algebra in Engineering, Communication and Computing, Vol. 17(5), pp ,
8 Efficient Unlinkable Secret Handshakes for Anonymous Communications [9] R. Su, "On the Security of a Novel and Efficient Unlinkable Secret Handshakes Scheme," IEEE Commun. Lett., vol. 13(9), pp , Authors EunKyung Ryu She received the Ph.D. degree in Computer Engineering from Kyungpook National University (KNU) in She worked as a visiting professor in the Depart. of Mobile Content, Daegu Haany University in In 2007, she worked as a research fellow at School of Systems Information Science, Future University Hakodate, Japan. From 2008 to 2009 she worked as a visiting professor at School of Electrical Engineering and Computer Science (EECS) in KNU. She is currently a postdoc research fellow at KNU EECS. Research Interests: Applied Cryptography, Security Protocols, and Network Security KeeYoung Yoo He received the B.Sc. degree in Education of Mathematics from Kyungpook National University in 1976 and the M.Sc. degree in Computer Engineering from Korea Advanced Institute of Science and Technology in 1978, South Korea. He received the Ph.D. degree in Computer Science from Rensselaer Polytechnic Institute, New York, USA in He is currently a professor at School of Computer Science and Engineering, Kyungpook National University. Research Interests: Cryptography, Smart Card Security, Network security, DRM Security, and Steganography KeumSook Ha She received the B.S. degree in Electronics Engineering at Kyungpook National University in 1983 and M.S. and Ph.D. degrees in Computer Engineering at Kyungpook National University in 1990 and 2003, respectively. She had been a researcher at KIPS corporation and worked as a research assistant at the Department of Electronics Engineering, Kyungpook National University. Currently, she is an associate professor in the Division of Computer Information and Electronics, Kumi College. Research interests: Parallel Processing and Information Security 626
New Efficient Searchable Encryption Schemes from Bilinear Pairings
International Journal of Network Security, Vol.10, No.1, PP.25 31, Jan. 2010 25 New Efficient Searchable Encryption Schemes from Bilinear Pairings Chunxiang Gu and Yuefei Zhu (Corresponding author: Chunxiang
More informationLecture 25: PairingBased Cryptography
6.897 Special Topics in Cryptography Instructors: Ran Canetti and Ron Rivest May 5, 2004 Lecture 25: PairingBased Cryptography Scribe: Ben Adida 1 Introduction The field of PairingBased Cryptography
More informationA New and Efficient Signature on Commitment Values
International Journal of Network Security, Vol.7, No., PP.0 06, July 2008 0 A New and Efficient Signature on Commitment Values Fangguo Zhang,3, Xiaofeng Chen 2,3, Yi Mu 4, and Willy Susilo 4 (Corresponding
More informationAn Introduction to Identitybased Cryptography CSEP 590TU March 2005 Carl Youngblood
An Introduction to Identitybased Cryptography CSEP 590TU March 2005 Carl Youngblood One significant impediment to the widespread adoption of publickey cryptography is its dependence on a publickey infrastructure
More informationIDbased Cryptography and SmartCards
IDbased Cryptography and SmartCards Survol des techniques cryptographiques basées sur l identité et implémentation sur carte à puce The Need for Cryptography Encryption! Transform a message so that only
More informationCryptography. Identitybased Encryption. JeanSébastien Coron and David Galindo. May 15, 2014. Université du Luxembourg
Identitybased Encryption Université du Luxembourg May 15, 2014 Summary IdentityBased Encryption (IBE) What is IdentityBased Encryption? Difference with conventional PK cryptography. Applications of
More informationLEARNING TOWARDS RELIABLE DATA AUTHENTICATION IN MULTICLOUD ENVIRONMENT
INTERNATIONAL JOURNAL OF ADVANCED RESEARCH IN ENGINEERING AND SCIENCE LEARNING TOWARDS RELIABLE DATA AUTHENTICATION IN MULTICLOUD ENVIRONMENT B.Chitra 1, J.V.Krishna 2 1 M.Tech Student, Dept of CSE, Holy
More informationMESSAGE AUTHENTICATION IN AN IDENTITYBASED ENCRYPTION SCHEME: 1KEYENCRYPTTHENMAC
MESSAGE AUTHENTICATION IN AN IDENTITYBASED ENCRYPTION SCHEME: 1KEYENCRYPTTHENMAC by Brittanney Jaclyn Amento A Thesis Submitted to the Faculty of The Charles E. Schmidt College of Science in Partial
More informationBreaking Generalized DiffieHellman Modulo a Composite is no Easier than Factoring
Breaking Generalized DiffieHellman Modulo a Composite is no Easier than Factoring Eli Biham Dan Boneh Omer Reingold Abstract The DiffieHellman keyexchange protocol may naturally be extended to k > 2
More informationLecture 17: Reencryption
600.641 Special Topics in Theoretical Cryptography April 2, 2007 Instructor: Susan Hohenberger Lecture 17: Reencryption Scribe: Zachary Scott Today s lecture was given by Matt Green. 1 Motivation Proxy
More informationIdentityBased Encryption from the Weil Pairing
Appears in SIAM J. of Computing, Vol. 32, No. 3, pp. 586615, 2003. An extended abstract of this paper appears in the Proceedings of Crypto 2001, volume 2139 of Lecture Notes in Computer Science, pages
More informationEnhanced Privacy ID (EPID) Ernie Brickell and Jiangtao Li Intel Corporation
Enhanced Privacy ID (EPID) Ernie Brickell and Jiangtao Li Intel Corporation 1 Agenda EPID overview EPID usages Device Authentication Government Issued ID EPID performance and standardization efforts 2
More informationAn Improved Authentication Protocol for Session Initiation Protocol Using Smart Card and Elliptic Curve Cryptography
ROMANIAN JOURNAL OF INFORMATION SCIENCE AND TECHNOLOGY Volume 16, Number 4, 2013, 324 335 An Improved Authentication Protocol for Session Initiation Protocol Using Smart Card and Elliptic Curve Cryptography
More informationMetered Signatures  How to restrict the Signing Capability 
JOURNAL OF COMMUNICATIONS AND NETWORKS, VOL.?, NO.?, 1 Metered Signatures  How to restrict the Signing Capability  WooHwan Kim, HyoJin Yoon, and Jung Hee Cheon Abstract: We propose a new notion of metered
More informationSimplified Security Notions of Direct Anonymous Attestation and a Concrete Scheme from Pairings
Simplified Security Notions of Direct Anonymous Attestation and a Concrete Scheme from Pairings Ernie Brickell Intel Corporation ernie.brickell@intel.com Liqun Chen HP Laboratories liqun.chen@hp.com March
More informationInternational Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013
FACTORING CRYPTOSYSTEM MODULI WHEN THE COFACTORS DIFFERENCE IS BOUNDED Omar Akchiche 1 and Omar Khadir 2 1,2 Laboratory of Mathematics, Cryptography and Mechanics, Fstm, University of Hassan II MohammediaCasablanca,
More informationKey Privacy for Identity Based Encryption
Key Privacy for Identity Based Encryption Internet Security Research Lab Technical Report 20062 Jason E. Holt Internet Security Research Lab Brigham Young University c 2006 Brigham Young University March
More informationIntroduction. Digital Signature
Introduction Electronic transactions and activities taken place over Internet need to be protected against all kinds of interference, accidental or malicious. The general task of the information technology
More informationA Factoring and Discrete Logarithm based Cryptosystem
Int. J. Contemp. Math. Sciences, Vol. 8, 2013, no. 11, 511517 HIKARI Ltd, www.mhikari.com A Factoring and Discrete Logarithm based Cryptosystem Abdoul Aziz Ciss and Ahmed Youssef Ecole doctorale de Mathematiques
More informationSome Identity Based Strong BiDesignated Verifier Signature Schemes
Some Identity Based Strong BiDesignated Verifier Signature Schemes Sunder Lal and Vandani Verma Department of Mathematics, Dr. B.R.A. (Agra), University, Agra282002 (UP), India. Email sunder_lal2@rediffmail.com,
More informationNEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES
NEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES Ounasser Abid 1, Jaouad Ettanfouhi 2 and Omar Khadir 3 1,2,3 Laboratory of Mathematics, Cryptography and Mechanics, Department of Mathematics, Fstm,
More informationAnonymous IDbased Group Key Agreement for Wireless Networks
Anonymous IDbased Group Key Agreement for Wireless Networks Zhiguo Wan,KuiRen, Wenjing Lou and Bart Preneel K.U.Leuven, ESAT/SCD, Kasteelpark Arenberg 10, B3001 LeuvenHeverlee, Belgium Email: {zhiguo.wan,bart.preneel}@esat.kuleuven.be
More informationSECURITY IMPROVMENTS TO THE DIFFIEHELLMAN SCHEMES
www.arpapress.com/volumes/vol8issue1/ijrras_8_1_10.pdf SECURITY IMPROVMENTS TO THE DIFFIEHELLMAN SCHEMES Malek Jakob Kakish Amman Arab University, Department of Computer Information Systems, P.O.Box 2234,
More informationSecure Key Issuing in IDbased Cryptography
Secure Key Issuing in IDbased Cryptography Byoungcheon Lee 1,2 Colin Boyd 1 Ed Dawson 1 Kwangjo Kim 3 Jeongmo Yang 2 Seungjae Yoo 2 1 Information Security Research Centre, Queensland University of Technology,
More informationCSC 774 Advanced Network Security
CSC 774 Advanced Network Security 1. Instructor: Dr. Peng Ning, Office: 3258 EB II, Centennial Campus Phone: (919) 5134457 Email: pning@ncsu.edu URL: http://www.csc.ncsu.edu/faculty/ning Office hours:
More informationSECURE AND EFFICIENT PRIVACYPRESERVING PUBLIC AUDITING SCHEME FOR CLOUD STORAGE
International Journal of Computer Network and Security(IJCNS) Vol 7. No.1 2015 Pp. 18 gopalax Journals, Singapore available at : www.ijcns.com ISSN: 09758283 
More informationMANAGING OF AUTHENTICATING PASSWORD BY MEANS OF NUMEROUS SERVERS
INTERNATIONAL JOURNAL OF ADVANCED RESEARCH IN ENGINEERING AND SCIENCE MANAGING OF AUTHENTICATING PASSWORD BY MEANS OF NUMEROUS SERVERS Kanchupati Kondaiah 1, B.Sudhakar 2 1 M.Tech Student, Dept of CSE,
More informationExperiments in Encrypted and Searchable Network Audit Logs
Experiments in Encrypted and Searchable Network Audit Logs Bhanu Prakash Gopularam Cisco Systems India Pvt. Ltd Nitte Meenakshi Institute of Technology Email: bhanprak@cisco.com Sashank Dara Cisco Systems
More informationSecure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment
Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment Chih Hung Wang Computer Science and Information Engineering National Chiayi University Chiayi City 60004,
More informationVictor Shoup Avi Rubin. fshoup,rubing@bellcore.com. Abstract
Session Key Distribution Using Smart Cards Victor Shoup Avi Rubin Bellcore, 445 South St., Morristown, NJ 07960 fshoup,rubing@bellcore.com Abstract In this paper, we investigate a method by which smart
More informationTitle Security Related Issues for Cloud Computing
Title Security Related Issues for Cloud Computing Ashwini Singh Abstract: The term CLOUD implies Common Location Independent Online Utility on Demand. It's a rising innovation in IT commercial ventures.
More informationAN EFFECTIVE STUDY ON IMPROVED DATA AUTHENTICATION IN CLOUD SYSTEM
INTERNATIONAL JOURNAL OF ADVANCED RESEARCH IN ENGINEERING AND SCIENCE AN EFFECTIVE STUDY ON IMPROVED DATA AUTHENTICATION IN CLOUD SYSTEM Bairu Ravi 1, B.Ramya 2 1 M.Tech Student, Dept of CSE, Arjun College
More informationIEEE Draft P1363.3. Identity Based Public Key Cryptography Based On Pairings. Daniel Schliebner. 14. Dezember 2009
Identity Based Public Key Cryptography Based On Pairings 14. Dezember 2009 Gliederung Introduction Identity Based Encryption The Protocol Security Of The Protocol Discussion About The Headline Identity
More information1 Digital Signatures. 1.1 The RSA Function: The eth Power Map on Z n. Crypto: Primitives and Protocols Lecture 6.
1 Digital Signatures A digital signature is a fundamental cryptographic primitive, technologically equivalent to a handwritten signature. In many applications, digital signatures are used as building blocks
More informationA novel deniable authentication protocol using generalized ElGamal signature scheme
Information Sciences 177 (2007) 1376 1381 www.elsevier.com/locate/ins A novel deniable authentication protocol using generalized ElGamal signature scheme WeiBin Lee a, ChiaChun Wu a, WoeiJiunn Tsaur
More informationEnhancing Data Security in Cloud Storage Auditing With Key Abstraction
Enhancing Data Security in Cloud Storage Auditing With Key Abstraction 1 Priyadharshni.A, 2 Geo Jenefer.G 1 Master of engineering in computer science, Ponjesly College of Engineering 2 Assistant Professor,
More informationSignature Amortization Technique for Authenticating Delay Sensitive Stream
Signature Amortization Technique for Authenticating Delay Sensitive Stream M Bruntha 1, Dr J. Premalatha Ph.D. 2 1 M.E., 2 Professor, Department of Information Technology, Kongu Engineering College, Perundurai,
More informationThreshold Identity Based Encryption Scheme without Random Oracles
WCAN 2006 Threshold Identity Based Encryption Scheme without Random Oracles Jin Li School of Mathematics and Computational Science Sun Yatsen University Guangzhou, P.R. China Yanming Wang Lingnan College
More informationAn Efficient and Provablysecure Digital signature Scheme based on Elliptic Curve Bilinear Pairings
Theoretical and Applied Informatics ISSN 896 5334 Vol.24 (202), no. 2 pp. 09 8 DOI: 0.2478/v0790200090 An Efficient and Provablysecure Digital signature Scheme based on Elliptic Curve Bilinear Pairings
More informationOutline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures
Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike
More informationKeyword Search over Shared Cloud Data without Secure Channel or Authority
Keyword Search over Shared Cloud Data without Secure Channel or Authority Yilun Wu, Jinshu Su, and Baochun Li College of Computer, National University of Defense Technology, Changsha, Hunan, China Department
More informationConstructing PairingFriendly Elliptic Curves with Embedding Degree 10
with Embedding Degree 10 University of California, Berkeley, USA ANTSVII, 2006 Outline 1 Introduction 2 The CM Method: The Basic Construction The CM Method: Generating Families of Curves 3 Outline 1 Introduction
More informationOverview of Cryptographic Tools for Data Security. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the
More informationStrengthen RFID Tags Security Using New Data Structure
International Journal of Control and Automation 51 Strengthen RFID Tags Security Using New Data Structure Yan Liang and Chunming Rong Department of Electrical Engineering and Computer Science, University
More informationBreaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and
Breaking The Code Ryan Lowe Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and a minor in Applied Physics. As a sophomore, he took an independent study
More informationEfficient and Robust Secure Aggregation of Encrypted Data in Wireless Sensor Networks
Efficient and Robust Secure Aggregation of Encrypted Data in Wireless Sensor Networks J. M. BAHI, C. GUYEUX, and A. MAKHOUL Computer Science Laboratory LIFC University of FrancheComté Journée thématique
More informationProficient Audit Services Outsourced for Data Availability in Clouds
Proficient Audit Services Outsourced for Data Availability in Clouds N Praveen Kumar Reddy #1, Dr Subhash Chandra *2 N Praveen Kumar Reddy, pursuing M.Tech from Holy Mary Institute of Technology and Science,,
More informationCCLAS: A Practical and Compact Certificateless Aggregate Signature with Share Extraction
International Journal of Network Security, Vol.16, No.3, PP.174181, May 2014 174 CCLAS: A Practical and Compact Certificateless Aggregate Signature with Share Extraction Min Zhou 1, Mingwu Zhang 2, Chunzhi
More informationBuilding an Encrypted and Searchable Audit Log
Building an Encrypted and Searchable Audit Log Brent R. Waters 1, Dirk Balfanz 2, Glenn Durfee 2, and D. K. Smetters 2 1 Princeton University Computer Science Department Princeton, NJ 08544 bwaters@cs.princeton.edu
More informationAN EFFICIENT STRATEGY OF THE DATA INTEGRATION BASED CLOUD
INTERNATIONAL JOURNAL OF REVIEWS ON RECENT ELECTRONICS AND COMPUTER SCIENCE AN EFFICIENT STRATEGY OF THE DATA INTEGRATION BASED CLOUD Koncha Anantha Laxmi Prasad 1, M.Yaseen Pasha 2, V.Hari Prasad 3 1
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More informationImproved Online/Offline Signature Schemes
Improved Online/Offline Signature Schemes Adi Shamir and Yael Tauman Applied Math. Dept. The Weizmann Institute of Science Rehovot 76100, Israel {shamir,tauman}@wisdom.weizmann.ac.il Abstract. The notion
More informationLecture 9  Message Authentication Codes
Lecture 9  Message Authentication Codes Boaz Barak March 1, 2010 Reading: BonehShoup chapter 6, Sections 9.1 9.3. Data integrity Until now we ve only been interested in protecting secrecy of data. However,
More informationSecure Attribute Based Mechanism through Access cipher policy in Outsourced Cloud Data
Secure Attribute Based Mechanism through Access cipher policy in Outsourced Cloud Data V.Abinaya PG Scholar Kalasalingam Institute of Technology Krishnankoil. V.Ramesh Assistant professor Kalasalingam
More informationEnabling Public Auditing for Secured Data Storage in Cloud Computing
IOSR Journal of Engineering (IOSRJEN) eissn: 22503021, pissn: 22788719 Vol. 3, Issue 5 (May. 2013), V3 PP 0105 Enabling Public Auditing for Secured Data Storage in Cloud Computing 1 Er.Amandeep Kaur,
More informationSecurity Analysis of DRBG Using HMAC in NIST SP 80090
Security Analysis of DRBG Using MAC in NIST SP 80090 Shoichi irose Graduate School of Engineering, University of Fukui hrs shch@ufukui.ac.jp Abstract. MAC DRBG is a deterministic random bit generator
More informationIMPLEMENTATION OF RESPONSIBLE DATA STORAGE IN CONSISTENT CLOUD ENVIRONMENT
IJRRECS/November 2014/Volume2/Issue11/36993703 ISSN 23215461 INTERNATIONAL JOURNAL OF REVIEWS ON RECENT ELECTRONICS AND COMPUTER SCIENCE IMPLEMENTATION OF RESPONSIBLE DATA STORAGE IN CONSISTENT CLOUD
More informationSecure Conjunctive Keyword Search Over Encrypted Data
Secure Conjunctive Keyword Search Over Encrypted Data Philippe Golle 1 and Jessica Staddon 1 and Brent Waters 2 1 Palo Alto Research Center 3333 Coyote Hill Road Palo Alto, CA 94304, USA Email: {pgolle,staddon}@parc.com
More informationA More Robust Authentication Scheme for Roaming Service in Global Mobility Networks Using ECC
International Journal of Network Security, Vol.18, No.2, PP.217223, Mar. 2016 217 A More Robust Authentication Scheme for Roaming Service in Global Mobility Networks Using ECC Dianli Guo and Fengtong
More informationLecture 1: Introduction. CS 6903: Modern Cryptography Spring 2009. Nitesh Saxena Polytechnic University
Lecture 1: Introduction CS 6903: Modern Cryptography Spring 2009 Nitesh Saxena Polytechnic University Outline Administrative Stuff Introductory Technical Stuff Some Pointers Course Web Page http://isis.poly.edu/courses/cs6903s10
More informationPUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTION http://www.tutorialspoint.com/cryptography/public_key_encryption.htm Copyright tutorialspoint.com Public Key Cryptography Unlike symmetric key cryptography, we do not find historical
More informationCapture Resilient ElGamal Signature Protocols
Capture Resilient ElGamal Signature Protocols Hüseyin Acan 1, Kamer Kaya 2,, and Ali Aydın Selçuk 2 1 Bilkent University, Department of Mathematics acan@fen.bilkent.edu.tr 2 Bilkent University, Department
More informationA New Credit Card Payment Scheme Using Mobile Phones Based on Visual Cryptography
A New Credit Card Payment Scheme Using Mobile Phones Based on Visual Cryptography ChaoWen Chan and ChihHao Lin Graduate School of Computer Science and Information Technology, National Taichung Institute
More information1523943696 RIGOROUS PUBLIC AUDITING SUPPORT ON SHARED DATA STORED IN THE CLOUD BY PRIVACYPRESERVING MECHANISM
RIGOROUS PUBLIC AUDITING SUPPORT ON SHARED DATA STORED IN THE CLOUD BY PRIVACYPRESERVING MECHANISM Dhanashri Bamane Vinayak Pottigar Subhash Pingale Department of Computer Science and Engineering SKN
More informationAnalysis on Secure Data sharing using ELGamal s Cryptosystem in Cloud
Analysis on Secure Data sharing using ELGamal s Cryptosystem in Cloud M.Jayanthi, Assistant Professor, Hod of MCA.E mail: badini_jayanthi@yahoo.co.in MahatmaGandhi University,Nalgonda, INDIA. B.Ranganatha
More informationSAFE: A Social Based Updatable Filtering Protocol with Privacypreserving in Mobile Social Networks
IEEE ICC 23  Wireless Networking Symposium SAFE: A Social Based Updatable Filtering Protocol with Privacypreserving in Mobile Social Networks Kuan Zhang, Xiaohui Liang, Rongxing Lu, and Xuemin (Sherman)
More informationSecure Data Management Scheme using OneTime Trapdoor on Cloud Storage Environment
, pp.257272 http://dx.doi.org/10.14257/ijsia.2014.8.1.24 Secure Data Management Scheme using OneTime Trapdoor on Cloud Storage Environment SunHo Lee and ImYeong Lee 1 Department of Computer Software
More informationCertificate Based Signature Schemes without Pairings or Random Oracles
Certificate Based Signature Schemes without Pairings or Random Oracles p. 1/2 Certificate Based Signature Schemes without Pairings or Random Oracles Joseph K. Liu, Joonsang Baek, Willy Susilo and Jianying
More informationEfficient CertificateBased Encryption Scheme Secure Against Key Replacement Attacks in the Standard Model *
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 0, 55568 (04) Efficient CertificateBased Encryption Scheme Secure Against Key Replacement Attacks in the Standard Model * College of Computer and Information
More informationA Certificateless Signature Scheme for Mobile Wireless CyberPhysical Systems
The 28th International Conference on Distributed Computing Systems Workshops A Certificateless Signature Scheme for Mobile Wireless CyberPhysical Systems Zhong Xu Xue Liu School of Computer Science McGill
More informationCS 758: Cryptography / Network Security
CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html
More informationCUNSHENG DING HKUST, Hong Kong. Computer Security. Computer Security. Cunsheng DING, HKUST COMP4631
Cunsheng DING, HKUST Lecture 08: Key Management for Onekey Ciphers Topics of this Lecture 1. The generation and distribution of secret keys. 2. A key distribution protocol with a key distribution center.
More informationConnected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)
Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business knowhow, or photographs  in short, anything that must be kept safe.
More informationAuthentication Protocols Using HooverKausik s Software Token *
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 22, 691699 (2006) Short Paper Authentication Protocols Using HooverKausik s Software Token * WEICHI KU AND HUILUNG LEE + Department of Computer Science
More informationRandomized Hashing for Digital Signatures
NIST Special Publication 800106 Randomized Hashing for Digital Signatures Quynh Dang Computer Security Division Information Technology Laboratory C O M P U T E R S E C U R I T Y February 2009 U.S. Department
More informationA Secure Index Management Scheme for Providing Data Sharing in Cloud Storage
J Inf Process Syst, Vol.9, No.2, June 2013 pissn 1976913X eissn 2092805X http://dx.doi.org/10.3745/jips.2013.9.2.287 A Secure Index Management Scheme for Providing Data Sharing in Cloud Storage SunHo
More informationGroup Security Model in Wireless Sensor Network using Identity Based Cryptographic Scheme
Group Security Model in Wireless Sensor Network using Identity Based Cryptographic Scheme Asha A 1, Hussana Johar 2, Dr B R Sujatha 3 1 M.Tech Student, Department of ECE, GSSSIETW, Mysuru, Karnataka, India
More information1 Message Authentication
Theoretical Foundations of Cryptography Lecture Georgia Tech, Spring 200 Message Authentication Message Authentication Instructor: Chris Peikert Scribe: Daniel Dadush We start with some simple questions
More informationLecture 15  Digital Signatures
Lecture 15  Digital Signatures Boaz Barak March 29, 2010 Reading KL Book Chapter 12. Review Trapdoor permutations  easy to compute, hard to invert, easy to invert with trapdoor. RSA and Rabin signatures.
More informationNonBlackBox Techniques In Crytpography. Thesis for the Ph.D degree Boaz Barak
NonBlackBox Techniques In Crytpography Introduction Thesis for the Ph.D degree Boaz Barak A computer program (or equivalently, an algorithm) is a list of symbols a finite string. When we interpret a
More informationSecure Index Management Scheme on Cloud Storage Environment
Secure Index Management Scheme on Cloud Storage Environment SunHo Lee and ImYeong Lee 1 Dept. of Computer Software Engineering, Soonchunhyang University, Korea 1 Dept. of Computer Software Engineering,
More information36 Toward Realizing PrivacyPreserving IPTraceback
36 Toward Realizing PrivacyPreserving IPTraceback The IPtraceback technology enables us to trace widely spread illegal users on Internet. However, to deploy this attractive technology, some problems
More informationFormal Modelling of Network Security Properties (Extended Abstract)
Vol.29 (SecTech 2013), pp.2529 http://dx.doi.org/10.14257/astl.2013.29.05 Formal Modelling of Network Security Properties (Extended Abstract) Gyesik Lee Hankyong National University, Dept. of Computer
More informationTHE ADVANTAGES OF ELLIPTIC CURVE CRYPTOGRAPHY FOR WIRELESS SECURITY KRISTIN LAUTER, MICROSOFT CORPORATION
T OPICS IN WIRELESS SECURITY THE ADVANTAGES OF ELLIPTIC CURVE CRYPTOGRAPHY FOR WIRELESS SECURITY KRISTIN LAUTER, MICROSOFT CORPORATION Q 2 = R 1 Q 2 R 1 R 1 As the wireless industry explodes, it faces
More informationSecurity Strength of RSA and Attribute Based Encryption for Data Security in Cloud Computing
Security Strength of RSA and Attribute Based Encryption for Data Security in Cloud Computing S.Hemalatha, Dr.R.Manickachezian Ph.D Research Scholar, Department of Computer Science, N.G.M College, Pollachi,
More informationA Proposal for Authenticated Key Recovery System 1
A Proposal for Authenticated Key Recovery System 1 Tsuyoshi Nishioka a, Kanta Matsuura a, Yuliang Zheng b,c, and Hideki Imai b a Information & Communication Business Div. ADVANCE Co., Ltd. 57 Nihombashi
More informationDigital Signatures. What are Signature Schemes?
Digital Signatures Debdeep Mukhopadhyay IIT Kharagpur What are Signature Schemes? Provides message integrity in the public key setting Counterparts of the message authentication schemes in the public
More informationKey Agreement from Close Secrets over Unsecured Channels Winter 2010
Key Agreement from Close Secrets over Unsecured Channels Winter 2010 Andreas Keller Contens 1. Motivation 2. Introduction 3. Building Blocks 4. Protocol Extractor Secure Sketches (MAC) message authentication
More informationComments on "public integrity auditing for dynamic data sharing with multiuser modification"
University of Wollongong Research Online Faculty of Engineering and Information Sciences  Papers Faculty of Engineering and Information Sciences 2016 Comments on "public integrity auditing for dynamic
More informationHybrid Signcryption Schemes with Insider Security (Extended Abstract)
Hybrid Signcryption Schemes with Insider Security (Extended Abstract) Alexander W. Dent Royal Holloway, University of London Egham Hill, Egham, Surrey, TW20 0EX, U.K. a.dent@rhul.ac.uk http://www.isg.rhul.ac.uk/~alex/
More informationSecurity Aspects of. Database Outsourcing. Vahid Khodabakhshi Hadi Halvachi. Dec, 2012
Security Aspects of Database Outsourcing Dec, 2012 Vahid Khodabakhshi Hadi Halvachi Security Aspects of Database Outsourcing Security Aspects of Database Outsourcing 2 Outline Introduction to Database
More informationKeywords:  Ring Signature, Homomorphic Authenticable Ring Signature (HARS), Privacy Preserving, Public Auditing, Cloud Computing.
Survey on Privacy Preserving Public Auditing Techniques for Shared Data in the Cloud Kedar Jayesh Rasal 1, Dr. S.V.Gumaste 2, Sandip A. Kahate 3 Computer Engineering, Pune University, SPCOE, Otur, Pune,
More informationSoftware Tool for Implementing RSA Algorithm
Software Tool for Implementing RSA Algorithm Adriana Borodzhieva, Plamen Manoilov Rousse University Angel Kanchev, Rousse, Bulgaria Abstract: RSA is one of the mostcommon used algorithms for publickey
More informationCS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure Email
CS 393 Network Security Nasir Memon Polytechnic University Module 11 Secure Email Course Logistics HW 5 due Thursday Graded exams returned and discussed. Read Chapter 5 of text 4/2/02 Module 11  Secure
More informationCryptanalysis and security enhancement on the generation of MuVaradharajan electronic voting protocol. Vahid Jahandideh and Amir S.
72 Int. J. Electronic Governance, Vol. 3, No. 1, 2010 Cryptanalysis and security enhancement on the generation of MuVaradharajan electronic voting protocol Vahid Jahandideh and Amir S. Mortazavi Department
More informationA Secure Decentralized Access Control Scheme for Data stored in Clouds
A Secure Decentralized Access Control Scheme for Data stored in Clouds Priyanka Palekar 1, Abhijeet Bharate 2, Nisar Anjum 3 1 SKNSITS, University of Pune 2 SKNSITS, University of Pune 3 SKNSITS, University
More informationFuzzy IdentityBased Encryption
Fuzzy IdentityBased Encryption Janek Jochheim June 20th 2013 Overview Overview Motivation (Fuzzy) IdentityBased Encryption Formal definition Security Idea Ingredients Construction Security Extensions
More informationTimeBased Proxy Reencryption Scheme for Secure Data Sharing in a Cloud Environment
TimeBased Proxy Reencryption Scheme for Secure Data Sharing in a Cloud Environment Qin Liu a,b, Guojun Wang a,, Jie Wu b a School of Information Science and Engineering Central South Uversity Changsha,
More informationModular Security Proofs for Key Agreement Protocols
Modular Security Proofs for Key Agreement Protocols Caroline Kudla and Kenneth G. Paterson Information Security Group Royal Holloway, niversity of London, K {c.j.kudla,kenny.paterson}@rhul.ac.uk Abstract.
More information