• Title/Summary/Keyword: Identity-based Encryption

Search Result 80, Processing Time 0.025 seconds

Public Key Encryption with Equality Test for Heterogeneous Systems in Cloud Computing

  • Elhabob, Rashad;Zhao, Yanan;Sella, Iva;Xiong, Hu
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.13 no.9
    • /
    • pp.4742-4770
    • /
    • 2019
  • Cloud computing provides a broad range of services like operating systems, hardware, software and resources. Availability of these services encourages data owners to outsource their intensive computations and massive data to the cloud. However, considering the untrusted nature of cloud server, it is essential to encrypt the data before outsourcing it to the cloud. Unfortunately, this leads to a challenge when it comes to providing search functionality for encrypted data located in the cloud. To address this challenge, this paper presents a public key encryption with equality test for heterogeneous systems (PKE-ET-HS). The PKE-ET-HS scheme simulates certificateless public encryption with equality test (CLE-ET) with the identity-based encryption with equality test (IBE-ET). This scheme provides the authorized cloud server the right to actuate the equivalence of two messages having their encryptions performed under heterogeneous systems. Basing on the random oracle model, we construct the security of our proposed scheme under the bilinear Diffie-Hellman (BDH) assumption. Eventually, we evaluate the size of storage, computation complexities, and properties with other related works and illustrations indicate good performance from our scheme.

Identity-Based Secure Many-to-Many Multicast in Wireless Mesh Networks (무선 메쉬 네트워크에서의 아이디 기반 프록시 암호화를 이용한 안전한 다대다 멀티캐스트 기법)

  • Hur, Jun-Beom;Yoon, Hyun-Soo
    • Journal of KIISE:Information Networking
    • /
    • v.37 no.1
    • /
    • pp.72-83
    • /
    • 2010
  • Group communication in a wireless mesh network is complicated due to dynamic intermediate mesh points, access control for communications between different administrative domains, and the absence of a centralized network controller. Especially, many-to-many multicasting in a dynamic mesh network can be modeled by a decentralized framework where several subgroup managers control their members independently and coordinate the inter-subgroup communication. In this study, we propose a topology-matching decentralized group key management scheme that allows service providers to update and deliver their group keys to valid members even if the members are located in other network domains. The group keys of multicast services are delivered in a distributed manner using the identity-based encryption scheme. Identity-based encryption facilitates the dynamic changes of the intermediate relaying nodes as well as the group members efficiently. The analysis result indicates that the proposed scheme has the advantages of low rekeying cost and storage overhead for a member and a data relaying node in many-to-many multicast environment. The proposed scheme is best suited to the settings of a large-scale dynamic mesh network where there is no central network controller and lots of service providers control the access to their group communications independently.

Direct Chosen Ciphertext Secure Hierarchical ID-Based Encryption Schemes in the Selective-ID Security Model

  • Park, Jong-Hwan;Choi, Kyu-Young;Lee, Dong-Hoon
    • Proceedings of the Korean Society of Broadcast Engineers Conference
    • /
    • 2007.02a
    • /
    • pp.154-157
    • /
    • 2007
  • It has been widely believed that one can obtain $\iota$-Hierarchical Identity Based Encryption (HIBE) scheme secure against chosen ciphetext attacks from ($\iota$+1)-HIBE scheme secure against chosen plaintext attacks. In this paper, however, we show that when applying two concrete HIBE schemes that Boneh et al. [1, 2] proposed, chosen ciphertext secure $\iota$-HIBE schemes are directly derived from chosen plaintext secure $\iota$-HIBE schemes. Our constructions are based on a one-time signature-based transformation that Canetti et at.[3] proposed. The security of our schemes is proved in the selective-ID suity model without using random oracles.

  • PDF

New Constructions of Hierarchical Attribute-Based Encryption for Fine-Grained Access Control in Cloud Computing

  • Zhang, Leyou;Hu, Yupu
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.7 no.5
    • /
    • pp.1343-1356
    • /
    • 2013
  • Cloud computing has emerged as perhaps the hottest development in information technology at present. This new computing technology requires that the users ensure that their infrastructure is safety and that their data and applications are protected. In addition, the customer must ensure that the provider has taken the proper security measures to protect their information. In order to achieve fine-grained and flexible access control for cloud computing, a new construction of hierarchical attribute-based encryption(HABE) with Ciphertext-Policy is proposed in this paper. The proposed scheme inherits flexibility and delegation of hierarchical identity-based cryptography, and achieves scalability due to the hierarchical structure. The new scheme has constant size ciphertexts since it consists of two group elements. In addition, the security of the new construction is achieved in the standard model which avoids the potential defects in the existing works. Under the decision bilinear Diffie-Hellman exponent assumption, the proposed scheme is provable security against Chosen-plaintext Attack(CPA). Furthermore, we also show the proposed scheme can be transferred to a CCA(Chosen-ciphertext Attack) secure scheme.

Iris Ciphertext Authentication System Based on Fully Homomorphic Encryption

  • Song, Xinxia;Chen, Zhigang;Sun, Dechao
    • Journal of Information Processing Systems
    • /
    • v.16 no.3
    • /
    • pp.599-611
    • /
    • 2020
  • With the application and promotion of biometric technology, biometrics has become more and more important to identity authentication. In order to ensure the privacy of the user, the biometrics cannot be stored or manipulated in plaintext. Aiming at this problem, this paper analyzes and summarizes the scheme and performance of the existing biometric authentication system, and proposes an iris-based ciphertext authentication system based on fully homomorphic encryption using the FV scheme. The implementation of the system is partly powered by Microsoft's SEAL (Simple Encrypted Arithmetic Library). The entire system can complete iris authentication without decrypting the iris feature template, and the database stores the homomorphic ciphertext of the iris feature template. Thus, there is no need to worry about the leakage of the iris feature template. At the same time, the system does not require a trusted center for authentication, and the authentication is completed on the server side directly using the one-time MAC authentication method. Tests have shown that when the system adopts an iris algorithm with a low depth of calculation circuit such as the Hamming distance comparison algorithm, it has good performance, which basically meets the requirements of real application scenarios.

An Efficient Selective Encryption of Fingerprint Images for Embedded Processors

  • Moon, Dae-Sung;Chung, Yong-Wha;Pan, Sung-Bum;Moon, Ki-Young;Chung, Kyo-Il
    • ETRI Journal
    • /
    • v.28 no.4
    • /
    • pp.444-452
    • /
    • 2006
  • Biometric-based authentication can provide a strong security guarantee of the identity of users. However, the security of biometric data is particularly important as any compromise of the biometric data will be permanent. In this paper, we propose a secure and efficient protocol to transmit fingerprint images from a fingerprint sensor to a client by exploiting the characteristics of the fingerprint images. Because the fingerprint sensor is computationally limited, a standard encryption algorithm may not be applied to the full fingerprint images in real-time to guarantee the integrity and confidentiality of the fingerprint images transmitted. To reduce the computational workload on the resource-constrained sensor, we apply the encryption algorithm to a nonce for integrity and to a specific bitplane of each pixel of the fingerprint image for confidentiality. Experimental results show that the integrity and confidentiality of the fingerprint images can be guaranteed without any leakage of the fingerprint ridge information and can be completed in real-time on embedded processors.

  • PDF

Open Research Problem for effective IoT Authentication

  • Mihir Mehta;Kajal Patel
    • International Journal of Computer Science & Network Security
    • /
    • v.24 no.8
    • /
    • pp.174-178
    • /
    • 2024
  • IoT is collection of different "things" which are associated with open web. As all the things are connected to the Internet, it offers convenience to end users for accessing the resources from "Any Where, Any Time" throughout the globe. At the same time, open nature of IoT provides a fertile ground to an intruder for launching different security related threats. If we can no apply proper security safeguards to the IoT System, then it will be not useful to society. Authentication, Encryption, Trust Management and Secure Routing are different domains to offer security in IoT system. Among them, Authentication is very much important security service as it validates device identity before granting access to system services/ resources. Existing IoT Authentication algorithms are fail to verify device identity in unambiguous way. They are vulnerable to different security threats such as Key Stolen threat, MITM threat and Location Spoofing threat. So, it is a demand of time to design an efficient and secure Multi-factor IoT algorithm which can offer better security and validate device identity in unambiguous way.

A Robust and Efficient Anonymous Authentication Protocol in VANETs

  • Jung, Chae-Duk;Sur, Chul;Park, Young-Ho;Rhee, Kyung-Hyune
    • Journal of Communications and Networks
    • /
    • v.11 no.6
    • /
    • pp.607-614
    • /
    • 2009
  • Recently, Lu et al. proposed an efficient conditional privacy preservation protocol, named ECPP, based on group signature scheme for generating anonymous certificates from roadside units (RSUs). However, ECPP does not provide unlinkability and traceability when multiple RSUs are compromised. In this paper, we make up for the limitations and propose a robust and efficient anonymous authentication protocol without loss of efficiency as compared with ECPP. Furthermore, in the proposed protocol, RSUs can issue multiple anonymous certificates to an OBU to alleviate system overheads for mutual authentication between OBUs and RSUs. In order to achieve these goals, we consider a universal re-encryption scheme and identity-based key establishment scheme as our building blocks. Several simulations are conducted to verify the efficiency and effectiveness of the proposed protocol by comparing with those of the existing ECPP.

An Efficient Anonymous Authentication Scheme with Secure Communication in Intelligent Vehicular Ad-hoc Networks

  • Zhang, Xiaojun;Mu, Liming;Zhao, Jie;Xu, Chunxiang
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.13 no.6
    • /
    • pp.3280-3298
    • /
    • 2019
  • Vehicular ad-hoc networks (VANETs) have become increasingly significant in intelligent transportation systems, they play a great role in improving traffic safety and efficiency. In the deployment of intelligent VANETs, intelligent vehicles can efficiently exchange important or urgent traffic information and make driving decisions. Meanwhile, secure data communication and vehicle's identity privacy have been highlighted. To cope with these security issues, in this paper, we construct an efficient anonymous authentication scheme with secure communication in intelligent VANETs. Combing the ElGamal encryption technique with a modified Schnorr signature technique, the proposed scheme provides secure anonymous authentication process for encrypted message in the vehicle-to-infrastructure communication model, and achieves identity privacy, forward security, and reply attack resistance simultaneously. Moreover, except the trusted authority (TA), any outside entity cannot trace the real identity of an intelligent vehicle. The proposed scheme is designed on an identity-based system, which can remove the costs of establishing public key infrastructure (PKI) and certificates management. Compared with existing authentication schemes, the proposed scheme is much more practical in intelligent VANETs.

Provably Secure Aggregate Signcryption Scheme

  • Ren, Xun-Yi;Qi, Zheng-Hua;Geng, Yang
    • ETRI Journal
    • /
    • v.34 no.3
    • /
    • pp.421-428
    • /
    • 2012
  • An aggregate signature scheme is a digital signature scheme that allows aggregation of n distinct signatures by n distinct users on n distinct messages. In this paper, we present an aggregate signcryption scheme (ASC) that is useful for reducing the size of certification chains (by aggregating all signatures in the chain) and for reducing message size in secure routing protocols. The new ASC scheme combines identity-based encryption and the aggregation of signatures in a practical way that can simultaneously satisfy the security requirements for confidentiality and authentication. We formally prove the security of the new scheme in a random oracle model with respect to security properties IND-CCA2, AUTH-CMA2, and EUF-CMA.