Visible to the public Biblio

Filters: Author is Aref, Mohammad Reza  [Clear All Filters]
2021-12-21
Kazempour, Narges, Mirmohseni, Mahtab, Aref, Mohammad Reza.  2021.  Anonymous Mutual Authentication: An Information Theoretic Framework. 2021 Iran Workshop on Communication and Information Theory (IWCIT). :1–6.
We consider the anonymous mutual authentication problem, which consists of a certificate authority, single or multiple verifiers, many legitimate users (provers) and any arbitrary number of illegitimate users. The legal verifier and a legitimate user must be mutually authenticated to each other using the user's key, while the identity of the user must stay unrevealed. An attacker (illegitimate prover) as well as an illegal verifier must fail in authentication. A general interactive information theoretic framework in a finite field is proposed, where the normalized total key rate as a metric for reliability is defined. Maximizing this rate has a trade-off with establishing anonymity. The problem is studied in two different scenarios: centralized scenario (one single verifier performs the authentication process) and distributed scenario (authentication is done by N verifiers, distributively). For both scenarios, achievable schemes, which satisfy the completeness, soundness (at both verifier and prover) and anonymity properties, are proposed. Increasing the size of the field, results in the key rate approaching its upper bound.
2020-07-06
Chegenizadeh, Mostafa, Ali, Mohammad, Mohajeri, Javad, Aref, Mohammad Reza.  2019.  An Anonymous Attribute-based Access Control System Supporting Access Structure Update. 2019 16th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC). :85–91.
It is quite common nowadays for clients to outsource their personal data to a cloud service provider. However, it causes some new challenges in the area of data confidentiality and access control. Attribute-based encryption is a promising solution for providing confidentiality and fine-grained access control in a cloud-based cryptographic system. Moreover, in some cases, to preserve the privacy of clients and data, applying hidden access structures is required. Also, a data owner should be able to update his defined access structure at any time when he is online or not. As in several real-world application scenarios like e-health systems, the anonymity of recipients, and the possibility of updating access structures are two necessary requirements. In this paper, for the first time, we propose an attribute-based access control scheme with hidden access structures enabling the cloud to update access structures on expiry dates defined by a data owner.