Efficient Unlinkable Secret Handshakes for Anonymous Communications
|
|
- Ashlie Phelps
- 8 years ago
- Views:
Transcription
1 보안공학연구논문지 (Journal of Security Engineering), 제 7권 제 6호 2010년 12월 Efficient Unlinkable Secret Handshakes for Anonymous Communications Eun-Kyung Ryu 1), Kee-Young Yoo 2), Keum-Sook Ha 3) Abstract The technique of secret handshake is used as a fundamental building block for anonymous peer-to-peer communications over untrusted networks. However, the fact that most existing schemes fail to meet unlinkability causes the use of schemes to limit for practical use. In this paper, we provide new constructions for unlinkable secret handshake, allowing arbitrary two communication parties with the same role in either one single group or multiple groups to privately authenticate each other. Compared to previous works, our techniques have much better performance in terms of both computational and communication cost, while they obtain good security results. Keywords : Privacy, Security, Secret Handshake, Anonymous Communication, Unlinkability 1. Introduction A secret handshake is a cryptographic mechanism that enables anonymous and secure communication over untrusted networks by allowing arbitrary two members in a same group to privately authenticate to each other, as well as to agree on a shared key for further communication. More specifically, the secret handshake guarantees the following properties [1]. Let party A be a member of group G 1 with the role r A, and party B be a member of group G 2, respectively. 1) Neither A nor B learns anything about the other party if G 1 does not equal G 2. 2) Both A and B learn their respective group memberships only if G 1 equals G 2. 3) A third party observing the exchange between A and B does not learn anything, including whether A and B belong to the same group, the specific identities of the groups, or the roles of either A or B. For such reasons, the techniques for secret handshake are used as fundamental building blocks for anonymous peer-to-peer communications in a diverse range of applications, including military secret service, Received(October 10, 2010), Review request(october 11, 2010), Review Result(1st:October 25, 2010, 2nd:November 07, 2010) Accepted(December 31, 2010) 1 Graduate School of Electrical Engineering and Computer Science, Kyungpook National University, Daegu ekryu@ku.ac.kr 2 School of Computer Science and Engineering, Kyungpook National University, Daegu yook@knu.ac.kr 3 (Corresponding author) Division of Computer Information and Electronics, Kumi College, Kumi KeumS.Ha@gmail.com 619
2 Efficient Unlinkable Secret Handshakes for Anonymous Communications high-bandwidth digital content protection systems and anonymous routing in ad-hoc networks [2]. The first scheme for secret handshakes was introduced by Balfanz et al in [1], which adopts the concept of non-interactive key agreement in pairings-based cryptography. After that, many interesting results [2]-[6] have been shown in the literature in recent years, using various cryptographic primitives such as RSA, identity-based encryption, CA-oblivious encryption, group signature and etc. However, the fact that most existing schemes fail to meet unlinkability causes the use of schemes to limit for practical use. The unlinkability means that multiple handshake sessions involving the same party cannot be linked by a third party, which is required as a primary security property in the design of any privacy-preserving security protocol. In this paper, we describe efficient constructions for secret handshake in two-party settings and provide the security analysis of the resulting schemes. Our schemes have a number of crucial advantages. They provide the unlinkability, but do not require one-time credentials. They are also capable of preserving all desired security properties, including impersonation resistance and detection resistance. Moreover, compared to previous works, our constructions have much better performance in terms of both computational and communication cost, while they obtain good security results. The rest of this paper is organized as follows. In Section 2, we briefly review some cryptographic tools used in our solutions which include the concept of bilinear pairings and the underlying computational assumption. In Section 3, we describe our solution and provide its security analysis. We then discuss efficiency and other attributes in Section 4. We further discuss about the support for multiple-groups in Section 5. Finally, we conclude in Section Cryptographic Tools Here we briefly introduce the underlying cryptographic tools for our schemes, which include bilinear pairings and the well-known Bilinear Diffie-Hellman assumption [7]. Let G and G' be two cyclic additive groups and G T be a cyclic multiplicative group of the same prime order q. Let P be a generator of G and P' be a generator of G'. The symbol ^ denotes the exponentiation operation. A bilinear pairing is a function e : G G' G T with the following properties: Bilinear: For all P 1 G, Q 1 G' and a, b Z q, then e(ap 1, bq 1) = e(p 1, Q 1)^{ab}. Non-degenerate: There exist P 1 G and Q 1 G' such that e(p 1, Q 1 ) 1. Computable: There exists an efficient algorithm to compute e(p 1, Q 1) for any P 1 G and Q 1 G'. The above bilinear pairing is called "Type 3"[8], asymmetric pairings, which is usually implemented using the Weil or Tate pairings over elliptic curve groups G and G', with good performance and flexibility for high security parameters. The elements in G, in general, allow more compact representation than those in G'. The 620
3 보안공학연구논문지 (Journal of Security Engineering), 제 7권 제 6호 2010년 12월 bilinear pairings, in recent years, have been widely used to construct various cryptographic primitives, due to the advantages of its high security assurance with small-size keys and less bandwidth consumption. Definition 1. (BDH assumption) The Bilinear Diffie-Hellman (BDH) problem is defined as follows: given P, ap, bp G and P', cp' G', compute e(p, P')^{abc}, where a,b,c are randomly chosen from Z q and P, P' are generators in G, G', respectively. We say that the BDH assumption holds if no probabilistic polynomial-time algorithm can solve the BDH problem with non-negligible probability. 3. Unlinkable Secret Handshake In this section, we describe our solution for the problem of unlinkable secrete handshake. We first provide our construction with full-fledged security features and then discuss its security results. 3.1 The Construction Let H 0: {0, 1} * G' maps arbitrary strings to points in G', and H 1, H 2 be collision-resistant hash functions, taking arbitrary strings as input, such as SHA-1. Let Gen be a parameter generator that takes a security parameter k as input and outputs the bilinear parameters (q, G, G', G T, e, P, P'). We assume that a group authority for each group is associated with a unique pair (pk, sk) of keys, such that pk = sp and sk = s, where s is the group master secret. Also, each group member in the group is assumed to be associated with a group secret key S = s H 0 (gid role) G', corresponding to the group identity gid and the given role role to the party. The protocol is a 3-round interactive communication algorithm executed by arbitrary two communication parties. In what follows, we denote by the concatenation of two strings and by A, B two communication parties. ini and res are predefined constant values, representing initiator and responder, respectively. The protocol works as below. Round 1. A B: R A 1.1) Choose a random k-bit value r A 1.2) Compute R A = r A P 1.3) Send R A to B Round 2. B A: R B, resp B 2.1) Choose a random k-bit value r B 621
4 Efficient Unlinkable Secret Handshakes for Anonymous Communications 2.2) Compute R B = r BP, K B = e(r A, S B)^{r B}, and resp B = H 1(K B R A R B res) 2.3) Send R B, resp B to A Round 3. A B: resp A 3.1) Compute K A = e(r B, S A)^{r A} and verify if resp B = H 1(K A R A R B res) 3.2) If it holds, compute resp A = H 1 (K A R A R B ini) 3.3) Send resp A to B 3.4) Upon receiving resp A, B verifies it using its own key K B, in the exactly same way as A. Note that if A and B are in the same group with the same role, i.e. S A = s A H 0(gid A role A) = s B H 0(gid B role B) = S B, they will successfully authenticate their respective memberships, due to the fact that K A = e(r B, S A )^{r A } = e(p, S A )^{r A r B } = e(p, S B )^{r A r B } = e(r A, S B )^{r B } = K B. After the verifications succeeds, A and B can compute the shared key for future communication as SK A = H 2(K A R A R B resp A resp B) and SK B = H 2(K B R A R B resp A resp B), respectively. 3.2 Security We now discuss the security of our constuction, where unlinkability (UL) is examined in detail. Below our scheme is denoted by SH-RYH. Recall the BDH assumption is that it is computationally intractable to compute e(p, P')^{abc}, given (P, ap, bp G, P', cp' G' ) where a, b and c are random numbers in Z q. The security of the SH-RYH scheme relies on the BDH assumption. Theorem 1. The SH-RYH described above is an unlinkable secret handshake scheme under the BDH assumption. Proof. The property of unlinkability requires that it should be computationally hard for an adversary to link transmitted messages by the same party. Given a pair of transmitted messages, R A, R B, resp A, resp B and R A' R B' resp A', resp B' for secret handshake, the only way for an adversary to distinguish the messages by the same or different parties is to compute a type of shared secrets K A = e(r B, S A)^{r A} and K A' = e(r B', S A)^{r A'}. Suppose that there exists such an adversary E who breaks the unlinkability of the scheme. We then show a 622
5 보안공학연구논문지 (Journal of Security Engineering), 제 7권 제 6호 2010년 12월 simulator S that uses E to solve the BDH problem. Let {P, P', u 1 = ap, u 2 = bp, u 3 = cp'} be an instance of the BDH problem. The challenge of the simulator S is to compute e(p, P')^{abc}, as described above. The S first sets the pair of keys for the group authority as {pk = vp, s = v}, where v is a random value in Z q. Then, S gives {R A = u 1, R B = u 2, resp A = t 1, resp B = t 2} to E as a challenge, where t 1, t 2 are k-length random values. Note that this challenge defines H 0(gid A role A) = w u 3, where w is a random value in Z q. That is, t 1 = H 1 (K A u 1 u 2 ini), where K A = e(u 2, vwu 3 )^{a} = e(bp, vwcp')^{a} = e(p, P')^{abcvw}. If E replies e(p, P')^{abcvw} as the answer to its own challenge, S is able to recover e(p, P')^{abc} by raising it to the power of (v w)^{-1}. The security properties, which are required for the secret handshake scheme to be used in practice, also include impersonation resistance (IR) and detection resistance (DR). The proof of such properties for our scheme can be similarly done to that given for above Theorem 1. We omitted here. 4. Efficiency and Other Attributes We now compare our construction with some previous ones, which are built on bilinear pairings, in terms of computation and communication cost with other attributes in Table 1. For each scheme we show the computational cost per party, the size of all exchanged messages, the underlying assumptions and the security properties achieved. We denote by "pm" a point multiplication over an elliptic curve, by "pr" a pairing and by "exp" an exponentiation. [Table 1] Secret handshaking scheme comparisons Schemes Computation Message Assumptions Security Properties SH-ABK [2] 2pm + 2pr + 1exp BDH, SXDH UL, IR, DR SH-HC [6] 1pm + 1pr + 1exp broken SH-RYH 1pm + 1pr + 1exp BDH UL, IR, DR The message size is in bits. BDH and SXDH stand for the Bilinear Diffie-Hellman and the Symmetric External Diffie-Hellman assumptions, respectively. The computational cost is much cheaper in SH-HC and SH-RYH than in SH-ABK. Also, the size of all messages in SH-HC and SH-RYH is shorter than in SH-ABK. Both SH-ABK and SH-RYH support the all fundamental security properties, but the SH-HC scheme is broken, as described in [9]. For the underlying security assumption, the SH-RYH scheme requires only the BDH, while the SH-ABK scheme does an additional assumption, the SXDH. 623
6 Efficient Unlinkable Secret Handshakes for Anonymous Communications 5. The Support for Multiple Groups The scheme we presented earlier supports only for a single group. Here we show how the scheme can be applied to implement the more general case at the almost same cost, where each party is a member of multiple groups. Suppose two communication parties A and B are members of n groups with specific roles, where we assume each party is associated with n secrets S 1,..., S n corresponding one to each group. The party A wants to communicate only the party B, who is a member in the same multiple-groups with the same roles as A, in an anonymous and unlinkable manner. We obtain an extension with multiple groups by changing the SH-RYH scheme as below. Round 2. B A: R B, resp' B 2.1) Choose a random k-bit value r B 2.2) Compute R B = r BP, K' B = ^{r B}, and resp' B = H 1(K' B R A R B res) 2.3) Send R B, resp' B to A Round 3. A B: resp' A 3.1) Compute K' A = ^{r A} and verify if resp' B = H 1(K' A R A R B res) 3.2) Compute resp' A = H 1(K' A R A R B ini) if it holds 3.3) Send resp' A to B 3.4) Upon receiving resp' A, B verifies resp' A using its own key K' B, as before. Note that if A and B match on both group and role for all groups, it means for all 1 i n. This allows the two parties, A and B, to successfully identify their respective memberships in multiple groups. It is not difficult to see that this extended scheme satisfies the unlinkability property assuming the hardness of the underlying BDH problem. More specifically, an adversary, not possessing the corresponding group secret keys for the member with the specific roles in multiple groups, is not feasible to distinguish whether two executions of the protocol were performed by the same party or not, due to the exactly same reason as that in a single group. That is, in order to break the property of unlinkability for the scheme, the adversary is again 624
7 보안공학연구논문지 (Journal of Security Engineering), 제 7권 제 6호 2010년 12월 faced with the BDH problem. The security proof can be done in a similar way as before. 6. Concluding Remarks We have described two new schemes for secret handshake which allow arbitrary two communication parties in either a single group or multiple groups to authenticate each other in an anonymous and unlinkable manner. Our schemes have crucial advantages. They preserve all the required security properties, including unlinkability, impersonation resistance and the property of detection resistance. Furthermore, compared to previous works, they have much better performance in terms of both computation and computational cost. We believe that our schemes would provide a new building block for the construction of secure and anonymous communication services over untrusted networks. Acknowledgment This research was supported by the Research Project of Kumi College in 2008 and by the Brain Korea 21 Project in References [1] D. Balfanz, G. Durfee, N. Shankar, D. Smetters, J. Staddon, and H. Wong, "Secret Handshakes from Pairing-based Key Agreements," In Proc. IEEE Symposium on Security and Privacy, pp , [2] G. Ateniese, M. Blanton, and J. Kirschm, "Secret Handshakes with Dynamic and Fuzzy Matching," In Proc. Network and Distributed System Security Symposuim (NDSS2007), pp , [3] C. Castelluccia, S. Jarecki, and G. Tsudik, "Secret Handshakes from CA-Oblivious Encryption," In Proc. Advances in Cryptlogy (ASIACRYPT'04)}, LNCS 3329, pp , [4] S. Jarecki and X. Liu, "Unlinkable Secret Handshakes and Key-Private Group Key management Schemes," In Proc. Applied Cryptography and Network Security (ACNS'07), LNCS 4521, pp , [5] S. Jarecki, J. Kim, and G. Tsudik, "Beyond Secret Handshakes: Affiliation-Hiding Authenticated Key Exchange," In Proc. Topics in Cryptology (CT-RSA2008)}, LNCS 4964, pp , [6] H. Huang and Z. Cao, "A Novel and Efficient Unlinkable Secret Handshakes Scheme," IEEE Commun. Lett., vol. 13 (5), pp , [7] D. Boneh and M. Franklin, "Identity-Based Encryption from the Weil Pairing," In Proc. Advances Cryptology (CRYPTO2001), LNCS 2139, pp , [8] D. Page, N. Smart, and F. Vercauteren, "Comparison of MNT Curves and Supersingular Curves," Applicable Algebra in Engineering, Communication and Computing, Vol. 17(5), pp ,
8 Efficient Unlinkable Secret Handshakes for Anonymous Communications [9] R. Su, "On the Security of a Novel and Efficient Unlinkable Secret Handshakes Scheme," IEEE Commun. Lett., vol. 13(9), pp , Authors Eun-Kyung Ryu She received the Ph.D. degree in Computer Engineering from Kyungpook National University (KNU) in She worked as a visiting professor in the Depart. of Mobile Content, Daegu Haany University in In 2007, she worked as a research fellow at School of Systems Information Science, Future University Hakodate, Japan. From 2008 to 2009 she worked as a visiting professor at School of Electrical Engineering and Computer Science (EECS) in KNU. She is currently a post-doc research fellow at KNU EECS. Research Interests: Applied Cryptography, Security Protocols, and Network Security Kee-Young Yoo He received the B.Sc. degree in Education of Mathematics from Kyungpook National University in 1976 and the M.Sc. degree in Computer Engineering from Korea Advanced Institute of Science and Technology in 1978, South Korea. He received the Ph.D. degree in Computer Science from Rensselaer Polytechnic Institute, New York, USA in He is currently a professor at School of Computer Science and Engineering, Kyungpook National University. Research Interests: Cryptography, Smart Card Security, Network security, DRM Security, and Steganography Keum-Sook Ha She received the B.S. degree in Electronics Engineering at Kyungpook National University in 1983 and M.S. and Ph.D. degrees in Computer Engineering at Kyungpook National University in 1990 and 2003, respectively. She had been a researcher at KIPS corporation and worked as a research assistant at the Department of Electronics Engineering, Kyungpook National University. Currently, she is an associate professor in the Division of Computer Information and Electronics, Kumi College. Research interests: Parallel Processing and Information Security 626
Lecture 25: Pairing-Based Cryptography
6.897 Special Topics in Cryptography Instructors: Ran Canetti and Ron Rivest May 5, 2004 Lecture 25: Pairing-Based Cryptography Scribe: Ben Adida 1 Introduction The field of Pairing-Based Cryptography
More informationNew Efficient Searchable Encryption Schemes from Bilinear Pairings
International Journal of Network Security, Vol.10, No.1, PP.25 31, Jan. 2010 25 New Efficient Searchable Encryption Schemes from Bilinear Pairings Chunxiang Gu and Yuefei Zhu (Corresponding author: Chunxiang
More informationA New and Efficient Signature on Commitment Values
International Journal of Network Security, Vol.7, No., PP.0 06, July 2008 0 A New and Efficient Signature on Commitment Values Fangguo Zhang,3, Xiaofeng Chen 2,3, Yi Mu 4, and Willy Susilo 4 (Corresponding
More informationAn Introduction to Identity-based Cryptography CSEP 590TU March 2005 Carl Youngblood
An Introduction to Identity-based Cryptography CSEP 590TU March 2005 Carl Youngblood One significant impediment to the widespread adoption of public-key cryptography is its dependence on a public-key infrastructure
More informationMESSAGE AUTHENTICATION IN AN IDENTITY-BASED ENCRYPTION SCHEME: 1-KEY-ENCRYPT-THEN-MAC
MESSAGE AUTHENTICATION IN AN IDENTITY-BASED ENCRYPTION SCHEME: 1-KEY-ENCRYPT-THEN-MAC by Brittanney Jaclyn Amento A Thesis Submitted to the Faculty of The Charles E. Schmidt College of Science in Partial
More informationSimplified Security Notions of Direct Anonymous Attestation and a Concrete Scheme from Pairings
Simplified Security Notions of Direct Anonymous Attestation and a Concrete Scheme from Pairings Ernie Brickell Intel Corporation ernie.brickell@intel.com Liqun Chen HP Laboratories liqun.chen@hp.com March
More informationLecture 17: Re-encryption
600.641 Special Topics in Theoretical Cryptography April 2, 2007 Instructor: Susan Hohenberger Lecture 17: Re-encryption Scribe: Zachary Scott Today s lecture was given by Matt Green. 1 Motivation Proxy
More informationBreaking Generalized Diffie-Hellman Modulo a Composite is no Easier than Factoring
Breaking Generalized Diffie-Hellman Modulo a Composite is no Easier than Factoring Eli Biham Dan Boneh Omer Reingold Abstract The Diffie-Hellman key-exchange protocol may naturally be extended to k > 2
More informationMetered Signatures - How to restrict the Signing Capability -
JOURNAL OF COMMUNICATIONS AND NETWORKS, VOL.?, NO.?, 1 Metered Signatures - How to restrict the Signing Capability - Woo-Hwan Kim, HyoJin Yoon, and Jung Hee Cheon Abstract: We propose a new notion of metered
More informationSECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES
www.arpapress.com/volumes/vol8issue1/ijrras_8_1_10.pdf SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES Malek Jakob Kakish Amman Arab University, Department of Computer Information Systems, P.O.Box 2234,
More informationIdentity-Based Encryption from the Weil Pairing
Appears in SIAM J. of Computing, Vol. 32, No. 3, pp. 586-615, 2003. An extended abstract of this paper appears in the Proceedings of Crypto 2001, volume 2139 of Lecture Notes in Computer Science, pages
More informationA Factoring and Discrete Logarithm based Cryptosystem
Int. J. Contemp. Math. Sciences, Vol. 8, 2013, no. 11, 511-517 HIKARI Ltd, www.m-hikari.com A Factoring and Discrete Logarithm based Cryptosystem Abdoul Aziz Ciss and Ahmed Youssef Ecole doctorale de Mathematiques
More informationEnhanced Privacy ID (EPID) Ernie Brickell and Jiangtao Li Intel Corporation
Enhanced Privacy ID (EPID) Ernie Brickell and Jiangtao Li Intel Corporation 1 Agenda EPID overview EPID usages Device Authentication Government Issued ID EPID performance and standardization efforts 2
More informationAnonymous ID-based Group Key Agreement for Wireless Networks
Anonymous ID-based Group Key Agreement for Wireless Networks Zhiguo Wan,KuiRen, Wenjing Lou and Bart Preneel K.U.Leuven, ESAT/SCD, Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee, Belgium Email: {zhiguo.wan,bart.preneel}@esat.kuleuven.be
More informationInternational Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013
FACTORING CRYPTOSYSTEM MODULI WHEN THE CO-FACTORS DIFFERENCE IS BOUNDED Omar Akchiche 1 and Omar Khadir 2 1,2 Laboratory of Mathematics, Cryptography and Mechanics, Fstm, University of Hassan II Mohammedia-Casablanca,
More informationAn Improved Authentication Protocol for Session Initiation Protocol Using Smart Card and Elliptic Curve Cryptography
ROMANIAN JOURNAL OF INFORMATION SCIENCE AND TECHNOLOGY Volume 16, Number 4, 2013, 324 335 An Improved Authentication Protocol for Session Initiation Protocol Using Smart Card and Elliptic Curve Cryptography
More informationSome Identity Based Strong Bi-Designated Verifier Signature Schemes
Some Identity Based Strong Bi-Designated Verifier Signature Schemes Sunder Lal and Vandani Verma Department of Mathematics, Dr. B.R.A. (Agra), University, Agra-282002 (UP), India. E-mail- sunder_lal2@rediffmail.com,
More informationNEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES
NEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES Ounasser Abid 1, Jaouad Ettanfouhi 2 and Omar Khadir 3 1,2,3 Laboratory of Mathematics, Cryptography and Mechanics, Department of Mathematics, Fstm,
More informationCSC 774 Advanced Network Security
CSC 774 Advanced Network Security 1. Instructor: Dr. Peng Ning, Office: 3258 EB II, Centennial Campus Phone: (919) 513-4457 Email: pning@ncsu.edu URL: http://www.csc.ncsu.edu/faculty/ning Office hours:
More informationExperiments in Encrypted and Searchable Network Audit Logs
Experiments in Encrypted and Searchable Network Audit Logs Bhanu Prakash Gopularam Cisco Systems India Pvt. Ltd Nitte Meenakshi Institute of Technology Email: bhanprak@cisco.com Sashank Dara Cisco Systems
More informationIntroduction. Digital Signature
Introduction Electronic transactions and activities taken place over Internet need to be protected against all kinds of interference, accidental or malicious. The general task of the information technology
More informationSecure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment
Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment Chih Hung Wang Computer Science and Information Engineering National Chiayi University Chiayi City 60004,
More informationSECURE AND EFFICIENT PRIVACY-PRESERVING PUBLIC AUDITING SCHEME FOR CLOUD STORAGE
International Journal of Computer Network and Security(IJCNS) Vol 7. No.1 2015 Pp. 1-8 gopalax Journals, Singapore available at : www.ijcns.com ISSN: 0975-8283 ----------------------------------------------------------------------------------------------------------------------------------------------------------
More informationMANAGING OF AUTHENTICATING PASSWORD BY MEANS OF NUMEROUS SERVERS
INTERNATIONAL JOURNAL OF ADVANCED RESEARCH IN ENGINEERING AND SCIENCE MANAGING OF AUTHENTICATING PASSWORD BY MEANS OF NUMEROUS SERVERS Kanchupati Kondaiah 1, B.Sudhakar 2 1 M.Tech Student, Dept of CSE,
More informationA novel deniable authentication protocol using generalized ElGamal signature scheme
Information Sciences 177 (2007) 1376 1381 www.elsevier.com/locate/ins A novel deniable authentication protocol using generalized ElGamal signature scheme Wei-Bin Lee a, Chia-Chun Wu a, Woei-Jiunn Tsaur
More informationTitle Security Related Issues for Cloud Computing
Title Security Related Issues for Cloud Computing Ashwini Singh Abstract: The term CLOUD implies Common Location Independent Online Utility on Demand. It's a rising innovation in IT commercial ventures.
More informationAn Efficient and Provably-secure Digital signature Scheme based on Elliptic Curve Bilinear Pairings
Theoretical and Applied Informatics ISSN 896 5334 Vol.24 (202), no. 2 pp. 09 8 DOI: 0.2478/v079-02-0009-0 An Efficient and Provably-secure Digital signature Scheme based on Elliptic Curve Bilinear Pairings
More informationAN EFFECTIVE STUDY ON IMPROVED DATA AUTHENTICATION IN CLOUD SYSTEM
INTERNATIONAL JOURNAL OF ADVANCED RESEARCH IN ENGINEERING AND SCIENCE AN EFFECTIVE STUDY ON IMPROVED DATA AUTHENTICATION IN CLOUD SYSTEM Bairu Ravi 1, B.Ramya 2 1 M.Tech Student, Dept of CSE, Arjun College
More informationKeyword Search over Shared Cloud Data without Secure Channel or Authority
Keyword Search over Shared Cloud Data without Secure Channel or Authority Yilun Wu, Jinshu Su, and Baochun Li College of Computer, National University of Defense Technology, Changsha, Hunan, China Department
More informationVictor Shoup Avi Rubin. fshoup,rubing@bellcore.com. Abstract
Session Key Distribution Using Smart Cards Victor Shoup Avi Rubin Bellcore, 445 South St., Morristown, NJ 07960 fshoup,rubing@bellcore.com Abstract In this paper, we investigate a method by which smart
More information1 Digital Signatures. 1.1 The RSA Function: The eth Power Map on Z n. Crypto: Primitives and Protocols Lecture 6.
1 Digital Signatures A digital signature is a fundamental cryptographic primitive, technologically equivalent to a handwritten signature. In many applications, digital signatures are used as building blocks
More informationStrengthen RFID Tags Security Using New Data Structure
International Journal of Control and Automation 51 Strengthen RFID Tags Security Using New Data Structure Yan Liang and Chunming Rong Department of Electrical Engineering and Computer Science, University
More informationOutline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures
Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike
More informationConstructing Pairing-Friendly Elliptic Curves with Embedding Degree 10
with Embedding Degree 10 University of California, Berkeley, USA ANTS-VII, 2006 Outline 1 Introduction 2 The CM Method: The Basic Construction The CM Method: Generating Families of Curves 3 Outline 1 Introduction
More informationEfficient and Robust Secure Aggregation of Encrypted Data in Wireless Sensor Networks
Efficient and Robust Secure Aggregation of Encrypted Data in Wireless Sensor Networks J. M. BAHI, C. GUYEUX, and A. MAKHOUL Computer Science Laboratory LIFC University of Franche-Comté Journée thématique
More informationAN EFFICIENT STRATEGY OF THE DATA INTEGRATION BASED CLOUD
INTERNATIONAL JOURNAL OF REVIEWS ON RECENT ELECTRONICS AND COMPUTER SCIENCE AN EFFICIENT STRATEGY OF THE DATA INTEGRATION BASED CLOUD Koncha Anantha Laxmi Prasad 1, M.Yaseen Pasha 2, V.Hari Prasad 3 1
More informationSignature Amortization Technique for Authenticating Delay Sensitive Stream
Signature Amortization Technique for Authenticating Delay Sensitive Stream M Bruntha 1, Dr J. Premalatha Ph.D. 2 1 M.E., 2 Professor, Department of Information Technology, Kongu Engineering College, Perundurai,
More informationSecure Attribute Based Mechanism through Access cipher policy in Outsourced Cloud Data
Secure Attribute Based Mechanism through Access cipher policy in Outsourced Cloud Data V.Abinaya PG Scholar Kalasalingam Institute of Technology Krishnankoil. V.Ramesh Assistant professor Kalasalingam
More informationEnhancing Data Security in Cloud Storage Auditing With Key Abstraction
Enhancing Data Security in Cloud Storage Auditing With Key Abstraction 1 Priyadharshni.A, 2 Geo Jenefer.G 1 Master of engineering in computer science, Ponjesly College of Engineering 2 Assistant Professor,
More informationBuilding an Encrypted and Searchable Audit Log
Building an Encrypted and Searchable Audit Log Brent R. Waters 1, Dirk Balfanz 2, Glenn Durfee 2, and D. K. Smetters 2 1 Princeton University Computer Science Department Princeton, NJ 08544 bwaters@cs.princeton.edu
More informationImproved Online/Offline Signature Schemes
Improved Online/Offline Signature Schemes Adi Shamir and Yael Tauman Applied Math. Dept. The Weizmann Institute of Science Rehovot 76100, Israel {shamir,tauman}@wisdom.weizmann.ac.il Abstract. The notion
More informationEnabling Public Auditing for Secured Data Storage in Cloud Computing
IOSR Journal of Engineering (IOSRJEN) e-issn: 2250-3021, p-issn: 2278-8719 Vol. 3, Issue 5 (May. 2013), V3 PP 01-05 Enabling Public Auditing for Secured Data Storage in Cloud Computing 1 Er.Amandeep Kaur,
More informationOverview of Cryptographic Tools for Data Security. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the
More informationHow To Ensure Data Integrity In Clouds
Proficient Audit Services Outsourced for Data Availability in Clouds N Praveen Kumar Reddy #1, Dr Subhash Chandra *2 N Praveen Kumar Reddy, pursuing M.Tech from Holy Mary Institute of Technology and Science,,
More informationCapture Resilient ElGamal Signature Protocols
Capture Resilient ElGamal Signature Protocols Hüseyin Acan 1, Kamer Kaya 2,, and Ali Aydın Selçuk 2 1 Bilkent University, Department of Mathematics acan@fen.bilkent.edu.tr 2 Bilkent University, Department
More informationCCLAS: A Practical and Compact Certificateless Aggregate Signature with Share Extraction
International Journal of Network Security, Vol.16, No.3, PP.174-181, May 2014 174 CCLAS: A Practical and Compact Certificateless Aggregate Signature with Share Extraction Min Zhou 1, Mingwu Zhang 2, Chunzhi
More informationA Certificateless Signature Scheme for Mobile Wireless Cyber-Physical Systems
The 28th International Conference on Distributed Computing Systems Workshops A Certificateless Signature Scheme for Mobile Wireless Cyber-Physical Systems Zhong Xu Xue Liu School of Computer Science McGill
More informationBreaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and
Breaking The Code Ryan Lowe Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and a minor in Applied Physics. As a sophomore, he took an independent study
More informationA More Robust Authentication Scheme for Roaming Service in Global Mobility Networks Using ECC
International Journal of Network Security, Vol.18, No.2, PP.217-223, Mar. 2016 217 A More Robust Authentication Scheme for Roaming Service in Global Mobility Networks Using ECC Dianli Guo and Fengtong
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More informationLecture 1: Introduction. CS 6903: Modern Cryptography Spring 2009. Nitesh Saxena Polytechnic University
Lecture 1: Introduction CS 6903: Modern Cryptography Spring 2009 Nitesh Saxena Polytechnic University Outline Administrative Stuff Introductory Technical Stuff Some Pointers Course Web Page http://isis.poly.edu/courses/cs6903-s10
More informationAnalysis on Secure Data sharing using ELGamal s Cryptosystem in Cloud
Analysis on Secure Data sharing using ELGamal s Cryptosystem in Cloud M.Jayanthi, Assistant Professor, Hod of MCA.E mail: badini_jayanthi@yahoo.co.in MahatmaGandhi University,Nalgonda, INDIA. B.Ranganatha
More informationConnected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)
Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.
More informationEfficient Certificate-Based Encryption Scheme Secure Against Key Replacement Attacks in the Standard Model *
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 0, 55-568 (04) Efficient Certificate-Based Encryption Scheme Secure Against Key Replacement Attacks in the Standard Model * College of Computer and Information
More information15-2394-3696 RIGOROUS PUBLIC AUDITING SUPPORT ON SHARED DATA STORED IN THE CLOUD BY PRIVACY-PRESERVING MECHANISM
RIGOROUS PUBLIC AUDITING SUPPORT ON SHARED DATA STORED IN THE CLOUD BY PRIVACY-PRESERVING MECHANISM Dhanashri Bamane Vinayak Pottigar Subhash Pingale Department of Computer Science and Engineering SKN
More informationSAFE: A Social Based Updatable Filtering Protocol with Privacy-preserving in Mobile Social Networks
IEEE ICC 23 - Wireless Networking Symposium SAFE: A Social Based Updatable Filtering Protocol with Privacy-preserving in Mobile Social Networks Kuan Zhang, Xiaohui Liang, Rongxing Lu, and Xuemin (Sherman)
More informationOn the Security of Three Public Auditing Schemes in Cloud Computing
International Journal of Network Security, Vol.17, No.6, PP.795-802, Nov. 2015 795 On the Security of Three Public Auditing Schemes in Cloud Computing Yang Ming 1 and Yumin Wang 2 (Corresponding author:
More informationIMPLEMENTATION OF RESPONSIBLE DATA STORAGE IN CONSISTENT CLOUD ENVIRONMENT
IJRRECS/November 2014/Volume-2/Issue-11/3699-3703 ISSN 2321-5461 INTERNATIONAL JOURNAL OF REVIEWS ON RECENT ELECTRONICS AND COMPUTER SCIENCE IMPLEMENTATION OF RESPONSIBLE DATA STORAGE IN CONSISTENT CLOUD
More informationCertificate Based Signature Schemes without Pairings or Random Oracles
Certificate Based Signature Schemes without Pairings or Random Oracles p. 1/2 Certificate Based Signature Schemes without Pairings or Random Oracles Joseph K. Liu, Joonsang Baek, Willy Susilo and Jianying
More informationCS 758: Cryptography / Network Security
CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html
More informationSecurity Analysis of DRBG Using HMAC in NIST SP 800-90
Security Analysis of DRBG Using MAC in NIST SP 800-90 Shoichi irose Graduate School of Engineering, University of Fukui hrs shch@u-fukui.ac.jp Abstract. MAC DRBG is a deterministic random bit generator
More informationSecure Conjunctive Keyword Search Over Encrypted Data
Secure Conjunctive Keyword Search Over Encrypted Data Philippe Golle 1 and Jessica Staddon 1 and Brent Waters 2 1 Palo Alto Research Center 3333 Coyote Hill Road Palo Alto, CA 94304, USA E-mail: {pgolle,staddon}@parc.com
More informationKey Agreement from Close Secrets over Unsecured Channels Winter 2010
Key Agreement from Close Secrets over Unsecured Channels Winter 2010 Andreas Keller Contens 1. Motivation 2. Introduction 3. Building Blocks 4. Protocol Extractor Secure Sketches (MAC) message authentication
More informationSecure Index Management Scheme on Cloud Storage Environment
Secure Index Management Scheme on Cloud Storage Environment Sun-Ho Lee and Im-Yeong Lee 1 Dept. of Computer Software Engineering, Soonchunhyang University, Korea 1 Dept. of Computer Software Engineering,
More informationGroup Security Model in Wireless Sensor Network using Identity Based Cryptographic Scheme
Group Security Model in Wireless Sensor Network using Identity Based Cryptographic Scheme Asha A 1, Hussana Johar 2, Dr B R Sujatha 3 1 M.Tech Student, Department of ECE, GSSSIETW, Mysuru, Karnataka, India
More informationLecture 9 - Message Authentication Codes
Lecture 9 - Message Authentication Codes Boaz Barak March 1, 2010 Reading: Boneh-Shoup chapter 6, Sections 9.1 9.3. Data integrity Until now we ve only been interested in protecting secrecy of data. However,
More informationAuthentication Protocols Using Hoover-Kausik s Software Token *
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 22, 691-699 (2006) Short Paper Authentication Protocols Using Hoover-Kausik s Software Token * WEI-CHI KU AND HUI-LUNG LEE + Department of Computer Science
More information3-6 Toward Realizing Privacy-Preserving IP-Traceback
3-6 Toward Realizing Privacy-Preserving IP-Traceback The IP-traceback technology enables us to trace widely spread illegal users on Internet. However, to deploy this attractive technology, some problems
More informationThe Feasibility of SET-IBS and SET-IBOOS Protocols in Cluster-Based Wireless Sensor Network
The Feasibility of SET-IBS and SET-IBOOS Protocols in Cluster-Based Wireless Sensor Network R.Anbarasi 1, S.Gunasekaran 2 P.G. Student, Department of Computer Engineering, V.S.B Engineering College, Karur,
More informationSecurity Strength of RSA and Attribute Based Encryption for Data Security in Cloud Computing
Security Strength of RSA and Attribute Based Encryption for Data Security in Cloud Computing S.Hemalatha, Dr.R.Manickachezian Ph.D Research Scholar, Department of Computer Science, N.G.M College, Pollachi,
More informationNon-Black-Box Techniques In Crytpography. Thesis for the Ph.D degree Boaz Barak
Non-Black-Box Techniques In Crytpography Introduction Thesis for the Ph.D degree Boaz Barak A computer program (or equivalently, an algorithm) is a list of symbols a finite string. When we interpret a
More informationSecure Data Management Scheme using One-Time Trapdoor on Cloud Storage Environment
, pp.257-272 http://dx.doi.org/10.14257/ijsia.2014.8.1.24 Secure Data Management Scheme using One-Time Trapdoor on Cloud Storage Environment Sun-Ho Lee and Im-Yeong Lee 1 Department of Computer Software
More informationKeywords: - Ring Signature, Homomorphic Authenticable Ring Signature (HARS), Privacy Preserving, Public Auditing, Cloud Computing.
Survey on Privacy Preserving Public Auditing Techniques for Shared Data in the Cloud Kedar Jayesh Rasal 1, Dr. S.V.Gumaste 2, Sandip A. Kahate 3 Computer Engineering, Pune University, SPCOE, Otur, Pune,
More informationFormal Modelling of Network Security Properties (Extended Abstract)
Vol.29 (SecTech 2013), pp.25-29 http://dx.doi.org/10.14257/astl.2013.29.05 Formal Modelling of Network Security Properties (Extended Abstract) Gyesik Lee Hankyong National University, Dept. of Computer
More informationA Searchable Encryption Scheme for Outsourcing Cloud Storage
A Searchable Encryption Scheme for Outsourcing Cloud Storage Jyun-Yao Huang Department of Computer Science and Engineering National Chung Hsing University Taichung 402, Taiwan allen501pc@gmail.com I-En
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 20 Public-Key Cryptography and Message Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Public-Key Cryptography
More informationSHARED DATA & INDENTITY PRIVACY PRESERVING IN CLOUD AND PUBLIC AUDITING
SHARED DATA & INDENTITY PRIVACY PRESERVING IN CLOUD AND PUBLIC AUDITING Er. Kavin M 1, Mr.J.Jayavel 2 1 PG Scholar, 2 Teaching Assistant, Department of Information Technology, Anna University Regional
More informationA Secure Index Management Scheme for Providing Data Sharing in Cloud Storage
J Inf Process Syst, Vol.9, No.2, June 2013 pissn 1976-913X eissn 2092-805X http://dx.doi.org/10.3745/jips.2013.9.2.287 A Secure Index Management Scheme for Providing Data Sharing in Cloud Storage Sun-Ho
More informationCryptanalysis and security enhancement on the generation of Mu-Varadharajan electronic voting protocol. Vahid Jahandideh and Amir S.
72 Int. J. Electronic Governance, Vol. 3, No. 1, 2010 Cryptanalysis and security enhancement on the generation of Mu-Varadharajan electronic voting protocol Vahid Jahandideh and Amir S. Mortazavi Department
More informationTHE ADVANTAGES OF ELLIPTIC CURVE CRYPTOGRAPHY FOR WIRELESS SECURITY KRISTIN LAUTER, MICROSOFT CORPORATION
T OPICS IN WIRELESS SECURITY THE ADVANTAGES OF ELLIPTIC CURVE CRYPTOGRAPHY FOR WIRELESS SECURITY KRISTIN LAUTER, MICROSOFT CORPORATION Q 2 = R 1 Q 2 R 1 R 1 As the wireless industry explodes, it faces
More informationNew Directions in RFID Security
New Directions in RFID Security Erik-Oliver Blaß and Refik Molva EURECOM, Sophia Antipolis, France Abstract. Current research in RFID security focuses on basic authentication protocols between a tag and
More informationA framework using IBC achieving non-repudiation and privacy in vehicular network.
A framework using IBC achieving non-repudiation and privacy in vehicular network. Amira Bradai, Afifi Hossam To cite this version: Amira Bradai, Afifi Hossam. A framework using IBC achieving non-repudiation
More informationRandomized Hashing for Digital Signatures
NIST Special Publication 800-106 Randomized Hashing for Digital Signatures Quynh Dang Computer Security Division Information Technology Laboratory C O M P U T E R S E C U R I T Y February 2009 U.S. Department
More informationSheltered Multi-Owner Data distribution For vibrant Groups in the Cloud
Sheltered Multi-Owner Data distribution For vibrant Groups in the Cloud I.sriram murthy 1 N.Jagajeevan 2 II M-Tech student Assistant.Professor Department of computer science & Engineering Department of
More informationData Security & Availability in Multi-Cloud Storage with Cooperative Provable Data Possession
www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume 4 Issue 2 February 2015, Page No. 10375-10379 Data Security & Availability in Multi-Cloud Storage with Cooperative
More informationImplementation and Adaptation of the Pseudonymous PKI for Ubiquitous Computing for Car-2-Car Communication
Implementation and Adaptation of the Pseudonymous PKI for Ubiquitous Computing for Car-2-Car Communication Stefan Kaufmann IT-Designers Gruppe STZ-Softwaretechnik Im Entennest 2 73730 Esslingen stefan.kaufmann@stz-softwaretechnik.de
More informationA Secure Decentralized Access Control Scheme for Data stored in Clouds
A Secure Decentralized Access Control Scheme for Data stored in Clouds Priyanka Palekar 1, Abhijeet Bharate 2, Nisar Anjum 3 1 SKNSITS, University of Pune 2 SKNSITS, University of Pune 3 SKNSITS, University
More informationLecture 15 - Digital Signatures
Lecture 15 - Digital Signatures Boaz Barak March 29, 2010 Reading KL Book Chapter 12. Review Trapdoor permutations - easy to compute, hard to invert, easy to invert with trapdoor. RSA and Rabin signatures.
More informationSingle Sign-On Secure Authentication Password Mechanism
Single Sign-On Secure Authentication Password Mechanism Deepali M. Devkate, N.D.Kale ME Student, Department of CE, PVPIT, Bavdhan, SavitribaiPhule University Pune, Maharashtra,India. Assistant Professor,
More informationPublic Key Cryptography. c Eli Biham - March 30, 2011 258 Public Key Cryptography
Public Key Cryptography c Eli Biham - March 30, 2011 258 Public Key Cryptography Key Exchange All the ciphers mentioned previously require keys known a-priori to all the users, before they can encrypt
More informationA Proposal for Authenticated Key Recovery System 1
A Proposal for Authenticated Key Recovery System 1 Tsuyoshi Nishioka a, Kanta Matsuura a, Yuliang Zheng b,c, and Hideki Imai b a Information & Communication Business Div. ADVANCE Co., Ltd. 5-7 Nihombashi
More information1 Message Authentication
Theoretical Foundations of Cryptography Lecture Georgia Tech, Spring 200 Message Authentication Message Authentication Instructor: Chris Peikert Scribe: Daniel Dadush We start with some simple questions
More informationCryptanalysis of a Partially Blind Signature Scheme or How to make $100 bills with $1 and $2 ones
Cryptanalysis of a Partially Blind Signature Scheme or How to make $100 bills with $1 and $2 ones Gwenaëlle Martinet 1, Guillaume Poupard 1, and Philippe Sola 2 1 DCSSI Crypto Lab, 51 boulevard de La Tour-Maubourg
More informationTime-Based Proxy Re-encryption Scheme for Secure Data Sharing in a Cloud Environment
Time-Based Proxy Re-encryption Scheme for Secure Data Sharing in a Cloud Environment Qin Liu a,b, Guojun Wang a,, Jie Wu b a School of Information Science and Engineering Central South Uversity Changsha,
More informationElliptic Curve Cryptography Methods Debbie Roser Math\CS 4890
Elliptic Curve Cryptography Methods Debbie Roser Math\CS 4890 Why are Elliptic Curves used in Cryptography? The answer to this question is the following: 1) Elliptic Curves provide security equivalent
More informationComments on "public integrity auditing for dynamic data sharing with multi-user modification"
University of Wollongong Research Online Faculty of Engineering and Information Sciences - Papers Faculty of Engineering and Information Sciences 2016 Comments on "public integrity auditing for dynamic
More informationSoftware Tool for Implementing RSA Algorithm
Software Tool for Implementing RSA Algorithm Adriana Borodzhieva, Plamen Manoilov Rousse University Angel Kanchev, Rousse, Bulgaria Abstract: RSA is one of the most-common used algorithms for public-key
More informationOverview of Public-Key Cryptography
CS 361S Overview of Public-Key Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.1-6 slide 2 Public-Key Cryptography public key public key? private key Alice Bob Given: Everybody knows
More informationSurveying Cloud Storage Correctness using TPA with BLS
Surveying Cloud Storage Correctness using TPA with BLS Priyanka Dehariya 1, Prof. Shweta Shrivastava 2, Dr. Vineet Richaraya 3 1 M.Tech Scholar (CSE), LNCT, Bhopal 2 Asst.Professors, (CSE Department),
More information