Biblio

Random K-out graphs, denoted \$$\backslash$mathbbH(n;K)\$, are generated by each of the \$n\$ nodes drawing \$K\$ out-edges towards \$K\$ distinct nodes selected uniformly at random, and then ignoring the orientation of the arcs. Recently, random K-out graphs have been used in applications as diverse as random (pairwise) key predistribution in ad-hoc networks, anonymous message routing in crypto-currency networks, and differentially-private federated averaging. In many applications, connectivity of the random K-out graph when some of its nodes are dishonest, have failed, or have been captured is of practical interest. We provide a comprehensive set of results on the connectivity and giant component size of \$$\backslash$mathbbH(n;K\_n,$\backslash$gamma\_n)\$, i.e., random K-out graph when \textsubscriptn of its nodes, selected uniformly at random, are deleted. First, we derive conditions for \textsubscriptn and \$n\$ that ensure, with high probability (whp), the connectivity of the remaining graph when the number of deleted nodes is \$$\backslash$gamma\_n=Ømega(n)\$ and \$$\backslash$gamma\_n=o(n)\$, respectively. Next, we derive conditions for \$$\backslash$mathbbH(n;K\_n, $\backslash$gamma\_n)\$ to have a giant component, i.e., a connected subgraph with \$Ømega(n)\$ nodes, whp. This is also done for different scalings of \textsubscriptn and upper bounds are provided for the number of nodes outside the giant component. Simulation results are presented to validate the usefulness of the results in the finite node regime.

Anonymity is an essential asset for a variety of communication systems, like humans' communication, the internet of things, and sensor networks. Establishing and maintaining such communication systems requires the exchange of information about their participants (called subjects). However, protecting anonymity reduces the availability of subject information, as these can be leveraged to break anonymity. Additionally, established techniques for providing anonymity often reduce the efficiency of communication networks. In this paper, we model four mechanisms to share routing information and discuss them with respect to their influence on anonymity and efficiency. While there is no ``one fits all'' solution, there are suitable trade-offs to establish routing information complying with the technical capabilities of the subjects. Distributed solutions like decentralized lookup tables reduce routing information in messages at the cost of local memory consumption; other mechanisms like multi-layer encrypted path information come with higher communication overhead but reduce memory consumption for each subject.

Anonymous Zether, proposed by Bünz, Agrawal, Zamani, and Boneh (FC'20), is a private payment design whose wallets demand little bandwidth and need not remain online; this unique property makes it a compelling choice for resource-constrained devices. In this work, we describe an efficient construction of Anonymous Zether. Our protocol features proofs which grow only logarithmically in the size of the "anonymity sets" used, improving upon the linear growth attained by prior efforts. It also features competitive transaction sizes in practice (on the order of 3 kilobytes).Our central tool is a new family of extensions to Groth and Kohlweiss's one-out-of-many proofs (Eurocrypt 2015), which efficiently prove statements about many messages among a list of commitments. These extensions prove knowledge of a secret subset of a public list, and assert that the commitments in the subset satisfy certain properties (expressed as linear equations). Remarkably, our communication remains logarithmic; our computation increases only by a logarithmic multiplicative factor. This technique is likely to be of independent interest.We present an open-source, Ethereum-based implementation of our Anonymous Zether construction.

Blockchain technology has gradually replaced traditional centralized data storage methods, and provided people reliable data storage services with its decentralized and non-tamperable features. However, the current blockchain data supervision is insufficient and the data cannot be modified once it is on the blockchain, which will cause the blockchain system to face various problems such as illegal information cannot be deleted and breach of smart contract cannot be fixed in time. To address these issues, we propose an anonymous editable blockchain scheme based on the reconstruction of the blockchain structure of the SpaceMint combining with the certificateless aggregate signature algorithm. Users register with their real identities and use pseudonyms in the system to achieve their anonymity. If the number of users who agree to edit meets the threshold, the data on the blockchain can be modified or deleted, and our scheme has the function of accountability for malicious behavior. The security analysis show that the proposed certificateless aggregate signature algorithm enjoys the unforgeability under the adaptive selected message attack. Moreover, the method of setting the threshold of related users is adopted to guarantee the effectiveness and security of editing blockchain data. At last, we evaluate the performance of our certificateless aggregate signature algorithm and related schemes in theoretical analysis and experimental simulation, which demonstrates our scheme is feasible and efficient in storage, bandwidth and computational cost.

We consider the anonymous mutual authentication problem, which consists of a certificate authority, single or multiple verifiers, many legitimate users (provers) and any arbitrary number of illegitimate users. The legal verifier and a legitimate user must be mutually authenticated to each other using the user's key, while the identity of the user must stay unrevealed. An attacker (illegitimate prover) as well as an illegal verifier must fail in authentication. A general interactive information theoretic framework in a finite field is proposed, where the normalized total key rate as a metric for reliability is defined. Maximizing this rate has a trade-off with establishing anonymity. The problem is studied in two different scenarios: centralized scenario (one single verifier performs the authentication process) and distributed scenario (authentication is done by N verifiers, distributively). For both scenarios, achievable schemes, which satisfy the completeness, soundness (at both verifier and prover) and anonymity properties, are proposed. Increasing the size of the field, results in the key rate approaching its upper bound.

This paper proposes an anonymity based mechanism for providing privacy in IoT environment. Proposed scheme allows IoT entities to anonymously interacting and authenticating with each other, or even proving that they have trustworthy relationship without disclosing their identities. Authentication is based on an anonymous certificates mechanism where interacting IoT entities could unlinkably prove possession of a valid certificate without revealing any incorporated identity-related information, thereby preserving their privacy and thwarting tracking and profiling attacks. Through a security analysis, we demonstrate the reliability of our solution.

Internet of things as a technology that connect internet and physical world has been implemented in many diverse fields and has been proven very useful and flexible. In every implementation of technology that involve internet, security must be a great concern, including the implementation of IoT technology. A lot of alternatives can be used to achieve security of IoT. Ming et al. has proposed novel signcryption scheme to secure IoT of monitoring health data. In this work, proposed signcryption scheme from Ming et al. has been successfully implemented using Raspberry Pi and ESP32 and has proven work in securing IoT data.

This paper presents a decentralized messaging system based on blockchain technology. This system allows their users to securely send and receive digital messages in the network. Since the messages stored in a conventional blockchain could be easily read by everyone in the network, under the proposed approach these messages are previously encrypted using public-key cryptography, while the sender and recipient remain anonymous. The proposed system incorporates a browser-based user interface that enable their users to interact seamlessly in a peer-to-peer fashion.

We study the problem of randomized Leader Election in synchronous distributed networks with indistinguishable nodes. We consider algorithms that work on networks of arbitrary topology in two settings, depending on whether the size of the network, i.e., the number of nodes \$n\$, is known or not. In the former setting, we present a new Leader Election protocol that improves over previous work by lowering message complexity and making it close to a lower bound by a factor in \$$\backslash$widetildeO($\backslash$sqrtt\_mix$\backslash$sqrt$\backslash$Phi)\$, where $\Phi$ is the conductance and \textsubscriptmix is the mixing time of the network graph. We then show that lacking the network size no Leader Election algorithm can guarantee that the election is final with constant probability, even with unbounded communication. Hence, we further classify the problem as Leader Election (the classic one, requiring knowledge of \$n\$ - as is our first protocol) or Revocable Leader Election, and present a new polynomial time and message complexity Revocable Leader Election algorithm in the setting without knowledge of network size. We analyze time and message complexity of our protocols in the CONGEST model of communication.

Blockchain is being pursued by a growing number of people with its characteristics of openness, transparency, and decentralization. At the same time, how to secure privacy protection in such an open and transparent ledger is an urgent issue to be solved for deep study. Therefore, this paper proposes a protocol based on Secure multi-party computation, which can merge and sign different transaction messages under the anonymous condition by using Pedersen commitment and Schnorr Signature. Through the rationality proof and security analysis, this paper demonstrates the private transaction is safe under the semi-honest model. And its computational cost is less than the equivalent multi-signature model. The research has made some innovative contributions to the privacy computing theory.

Suppose we are given a large number of sequences on a given alphabet, and an adversary is interested in identifying (de-anonymizing) a specific target sequence based on its patterns. Our goal is to thwart such an adversary by obfuscating the target sequences by applying artificial (but small) distortions to its values. A key point here is that we would like to make no assumptions about the statistical model of such sequences. This is in contrast to existing literature where assumptions (e.g., Markov chains) are made regarding such sequences to obtain privacy guarantees. We relate this problem to a set of combinatorial questions on sequence construction based on which we are able to obtain provable guarantees. This problem is relevant to important privacy applications: from fingerprinting webpages visited by users through anonymous communication systems to linking communicating parties on messaging applications to inferring activities of users of IoT devices.

Due to the mobility and openness of wireless body area networks (WBANs), the security of WBAN has been questioned by people. The patient's physiological information in WBAN is sensitive and confidential, which requires full consideration of user anonymity, untraceability, and data privacy protection in key agreement. Aiming at the shortcomings of Li et al.'s protocol in terms of anonymity and session unlinkability, forward/backward confidentiality, etc., a new anonymous mutual authentication and key agreement protocol was proposed on the basis of the protocol. This scheme only uses XOR and the one-way hash operations, which not only reduces communication consumption but also ensures security, and realizes a truly lightweight anonymous mutual authentication and key agreement protocol.

Emerging device-to-device (D2D) communication in 5th generation (5G) mobile communication networks and internet of things (loTs) provides many benefits in improving network capabilities such as energy consumption, communication delay and spectrum efficiency. D2D group communication has the potential for improving group-based services including group games and group discussions. Providing security in D2D group communication is the main challenge to make their wide usage possible. Nevertheless, the issue of security and privacy of D2D group communication has been less addressed in recent research work. In this paper, we propose an authentication and key agreement tree group-based (AKATGB) protocol to realize a secure and anonymous D2D group communication. In our protocol, a group of D2D users are first organized in a tree structure, authenticating each other without disclosing their identities and without any privacy violation. Then, D2D users negotiate to set a common group key for establishing a secure communication among themselves. Security analysis and performance evaluation of the proposed protocol show that it is effective and secure.

Nowadays, Vehicular Ad hoc Networks (VANETs) are popularly known as they can reduce traffic and road accidents. These networks need several security requirements, such as anonymity, data authentication, confidentiality, traceability and cancellation of offending users, unlinkability, integrity, undeniability and access control. Authentication of the data and sender are most important security requirements in these networks. So many authentication schemes have been proposed up to now. One of the well-known techniques to provide users authentication in these networks is the authentication based on the smartcard (ASC). In this paper, we propose an ASC scheme that not only provides necessary security requirements such as anonymity, traceability and unlinkability in the VANETs but also is more efficient than the other schemes in the literatures.

Vehicle-to-vehicle (V2V) communication systems are currently being prepared for real-world deployment, but they face strong opposition over privacy concerns. Position beacon messages are the main culprit, being broadcast in cleartext and pseudonymously signed up to 10 times per second. So far, no practical solutions have been proposed to encrypt or anonymously authenticate V2V messages. We propose two cryptographic innovations that enhance the privacy of V2V communication. As a core contribution, we introduce zone-encryption schemes, where vehicles generate and authentically distribute encryption keys associated to static geographic zones close to their location. Zone encryption provides security against eavesdropping, and, combined with a suitable anonymous authentication scheme, ensures that messages can only be sent by genuine vehicles, while adding only 224 Bytes of cryptographic overhead to each message. Our second contribution is an authentication mechanism fine-tuned to the needs of V2V which allows vehicles to authentically distribute keys, and is called dynamic group signatures with attributes. Our instantiation features unlimited locally generated pseudonyms, negligible credential download-and-storage costs, identity recovery by a trusted authority, and compact signatures of 216 Bytes at a 128-bit security level.

Anonymous communication networks (ACNs) are intended to protect the metadata during communication. As classic ACNs, onion mix-nets are famous for strong anonymity, in which the source defines a static path and wraps the message multi-times with the public keys of nodes on the path, through which the message is relayed to the destination. However, onion mix-nets lacks in resilience when the static on-path mixes fail. Mix failure easily results in message loss, communication failure, and even specific attacks. Therefore, it is desirable to achieve resilient routing in onion mix-nets, providing persistent routing capability even though node failure. The state-of-theart solutions mainly adopt mix groups and thus need to share secret keys among all the group members which may cause single point of failure. To address this problem, in this work we propose a hybrid routing approach, which embeds the onion mix-net with hop-by-hop routing to increase routing resilience. Furthermore, we propose the threshold hybrid routing to achieve better key management and avoid single point of failure. As for experimental evaluations, we conduct quantitative analysis of the resilience and realize a local T-hybrid routing prototype to test performance. The experimental results show that our proposed routing strategy increases routing resilience effectively, at the expense of acceptable latency.

In recent years, cross-domain roaming through Wi-Fi is ubiquitous, and the number of roaming users has increased dramatically. It is essential to authenticate users belonging to different institutes to ensure network privacy and security. Existing systems, such as eduroam, have centralized and hierarchical structure on indorse accounts that create privacy and security issues. We have proposed UniRoam, a blockchain-based cross-domain authentication scheme that provides accountability and anonymity without any trusted authority. Unlike traditional centralized approaches, UniRoam provides access authentication for its servers and users to provide anonymity and accountability without any privacy leakage issues efficiently. By using the sovrin identifier as an anonymous identity, we integrate our system with Hyperledger and Intel SGX to authenticate users that preserves both anonymity and trust when the user connects to the network. Therefore, UniRoam is highly “faulted-tolerant” to deal with different attacks and provides an effective solution that can be deployed easily in different environments.

Authentication is a challenging and emerging issue for Fog-IoT security paradigms. The fog nodes toward large-scale end-users offer various interacted IoT services. The authentication process usually involves expressing users' personal information such as username, email, and password to the Authentication Server (AS). However, users are not intended to express their identities or information over the fog or cloud servers. Hence, we have proposed an Anonymous User Authentication Scheme for Fog-IoT (AUASF) to keep the anonymity existence of the IoT users and detect the intruders. To provide anonymity, the user can send encrypted credentials such as username, email, and mobile number through the Cloud Service Provider (CSP) for registration. IoT user receives the response with a default password and a secret Id from the CSP. After that, the IoT user submits the default password for first-time access to Fog Service Provider (FSP). The FSP assigns a One Time Password (OTP) to each user for further access. The developed scheme is equipped with hash functions, symmetric encryptions, and decryptions for security perceptions across fog that serves better than the existing anonymity schemes.

In vehicular cyber-physical systems, the mounted cameras on the vehicles, together with the fixed roadside cameras, can produce pictorial data for multiple purposes. In this process, ensuring the security and privacy of vehicles while guaranteeing efficient data transmission among vehicles is critical. This motivates us to propose a trusted anonymous authentication scheme for vehicular cyber-physical systems and Internet-of-Things. Our scheme is designed based on a three-tier architecture which contains cloud layer, fog layer, and user layer. It utilizes bilinear-free certificateless signcryption to realize a secure and trusted anonymous authentication efficiently. We verify its effectiveness through theoretical analyses in terms of correctness, security, and efficiency. Furthermore, our simulation results demonstrate that the communication overhead, the computation overhead, and the packet loss rate of the proposed scheme are significantly better than those of the state-of-the-art techniques. Particularly, the proposed scheme can speed up the computation process at least 10× compared to all the state-of-the-art approaches.

In this paper, we propose a conditional privacy-preserving authentication scheme based on pseudonyms and (t,n) threshold secret sharing, named CPPT, for vehicular communications. To achieve conditional privacy preservation, our scheme implements anonymous communications based on pseudonyms generated by hash chains. To prevent bad vehicles from conducting framed attacks on honest ones, CPPT introduces Shamir (t,n) threshold secret sharing technique. In addition, through two one-way hash chains, forward security and backward security are guaranteed, and it also optimize the revocation overhead. The size of certificate revocation list (CRL) is only proportional to the number of revoked vehicles and irrelated to how many pseudonymous certificates are held by the revoked vehicles. Extensive simulations demonstrate that CPPT outperforms ECPP, DCS, Hybrid and EMAP schemes in terms of revocation overhead, certificate updating overhead and authentication overhead.

Social networks are highly preferred to express opinions, share information, and communicate with others on arbitrary topics. However, the downside is that many cybercriminals are leveraging social networks for cyber-crime. Internet Relay Chat (IRC) is the important social networks which can grant the anonymity to users by allowing them to connect channels without sign-up process. Therefore, IRC has been the playground of hackers and anonymous users for various operations such as hacking, cracking, and carding. Hence, it is urgent to study effective methods which can identify the authors behind the IRC messages. In this paper, we design an autonomic IRC monitoring system, performing recursive deep learning for classifying threat levels of messages and develop a novel author verification approach with one-class classification with deep autoencoder neural networks. The experimental results show that our approach can successfully perform effective author verification for IRC users.

We explore how to build a blind certificate authority (CA). Unlike conventional CAs, which learn the exact identity of those registering a public key, a blind CA can simultaneously validate an identity and provide a certificate binding a public key to it, without ever learning the identity. Blind CAs would therefore allow bootstrapping truly anonymous systems in which no party ever learns who participates. In this work we focus on constructing blind CAs that can bind an email address to a public key. To do so, we first introduce secure channel injection (SCI) protocols. These allow one party (in our setting, the blind CA) to insert a private message into another party's encrypted communications. We construct an efficient SCI protocol for communications delivered over TLS, and use it to realize anonymous proofs of account ownership for SMTP servers. Combined with a zero-knowledge certificate signing protocol, we build the first blind CA that allows Alice to obtain a X.509 certificate binding her email address alice@domain.com to a public key of her choosing without ever revealing “alice” to the CA. We show experimentally that our system works with standard email server implementations as well as Gmail.

With the rapid development of micro-electronics and Information and Communication Technology (ICT), users can utilize various service such as Internet of Things(IoT), smart-healthcare and smart-home using wearable devices. However, the sensitive information of user are revealed by attackers because the medical services are provided through open channel. Therefore, secure mutual authentication and key establishment are essential to provide secure services for legitimate users in Wireless Body Area Networks(WBAN). In 2019, Gupta et al. proposed a lightweight anonymous user authentication and key establishment scheme for wearable devices. We demonstrate that their scheme cannot withstand user impersonation, session key disclosure and wearable device stolen attacks. We also propose a secure and lightweight mutual authentication and key establishment scheme using wearable devices to resolve the security shortcomings of Gupta et al.'s scheme. The proposed scheme can be suitable to resource-limited environments.

Cloud-assisted Internet of Vehicles (IoV)which merges the advantages of both cloud computing and Internet of Things that can provide numerous online services, and bring lots of benefits and conveniences to the connected vehicles. However, the security and privacy issues such as confidentiality, access control and driver privacy may prevent it from being widely utilized for message dissemination. Existing attribute-based message encryption schemes still bring high computational cost to the lightweight vehicles. In this paper, we introduce a secure and privacy-preserving dissemination scheme for warning message in cloud-assisted IoV. Firstly, we adopt attribute-based encryption to protect the disseminated warning message, and present a verifiable encryption and decryption outsourcing construction to reduce the computational overhead on vehicles. Secondly, we present a conditional privacy preservation mechanism which utilizes anonymous identity-based signature technique to ensure anonymous vehicle authentication and message integrity checking, and also allows the trusted authority to trace the real identity of malicious vehicle. We further achieve batch verification to improve the authentication efficiency. The analysis indicate that our scheme gains more security properties and reduces the computational overhead on the vehicles.

Vehicular ad hoc networks (VANETs) have been growing rapidly because it can improve traffic safety and efficiency in transportation. In VANETs, messages are broadcast in wireless environment, which is vulnerable to be attacked in many ways. Accordingly, it is essential to authenticate the legitimation of vehicles to guarantee the performance of services. In this paper, we propose an anonymous conditional privacy-preserving authentication scheme based on message authentication code (MAC) for VANETs. With verifiable secret sharing (VSS), vehicles can obtain a group key for message generation and authentication after a mutual authentication phase. Security analysis and performance evaluation show that the proposed scheme satisfies basic security and privacy-preserving requirements and has a better performance compared with some existing schemes in terms of computational cost and communication overhead.