Visible to the public Biblio

Filters: Keyword is identity-based cryptography  [Clear All Filters]
2023-08-25
Li, Bing, Ma, Maode, Zhang, Yonghe, Lai, Feiyu.  2022.  Access Control Supported by Information Service Entity in Named Data Networking. 2022 5th International Conference on Hot Information-Centric Networking (HotICN). :30–35.
Named Data Networking (NDN) has been viewed as a promising future Internet architecture. It requires a new access control scheme to prevent the injection of unauthorized data request. In this paper, an access control supported by information service entity (ACISE) is proposed for NDN networks. A trust entity, named the information service entity (ISE), is deployed in each domain for the registration of the consumer and the edge router. The identity-based cryptography (IBC) is used to generate a private key for the authorized consumer at the ISE and to calculate a signature encapsulated in the Interest packet at the consumer. Therefore, the edge router could support the access control by the signature verification of the Interest packets so that no Interest packet from unauthorized consumer could be forwarded or replied. Moreover, shared keys are negotiated between authorized consumers and their edge routers. The subsequent Interest packets would be verified by the message authentication code (MAC) instead of the signature. The simulation results have shown that the ACISE scheme would achieve a similar response delay to the original NDN scheme when the NDN is under no attacks. However, the ACISE scheme is immune to the cache pollution attacks so that it could maintain a much smaller response delay compared to the other schemes when the NDN network is under the attacks.
ISSN: 2831-4395
2020-11-02
Gupta, D. S., Islam, S. H., Obaidat, M. S..  2019.  A Secure Identity-based Deniable Authentication Protocol for MANETs. 2019 International Conference on Computer, Information and Telecommunication Systems (CITS). :1–5.
A deniable authentication (DA) protocol plays a vital role to provide security and privacy of the mobile nodes in a mobile ad hoc network (MANET). In recent years, a number of similar works have been proposed, but most of them experience heavy computational and communication overhead. Further, most of these protocols are not secure against different attacks. To address these concerns, we devised an identity-based deniable authentication (IBDA) protocol with adequate security and efficiency. The proposed IBDA protocol is mainly designed for MANETs, where the mobile devices are resource-limited. The proposed IBDA protocol used the elliptic curve cryptography (ECC) and identity-based cryptosystem (IBC). The security of our IBDA protocol depends on the elliptic curve discrete logarithm (ECDL) problem and bilinear Diffie-Hellman (BDH) problem.
2020-09-21
Vasile, Mario, Groza, Bogdan.  2019.  DeMetrA - Decentralized Metering with user Anonymity and layered privacy on Blockchain. 2019 23rd International Conference on System Theory, Control and Computing (ICSTCC). :560–565.
Wear and tear are essential in establishing the market value of an asset. From shutter counters on DSLRs to odometers inside cars, specific counters, that encode the degree of wear, exist on most products. But malicious modification of the information that they report was always a concern. Our work explores a solution to this problem by using the blockchain technology, a layered encoding of product attributes and identity-based cryptography. Merging such technologies is essential since blockchains facilitate the construction of a distributed database that is resilient to adversarial modifications, while identity-based signatures set room for a more convenient way to check the correctness of the reported values based on the name of the product and pseudonym of the owner alone. Nonetheless, we reinforce security by using ownership cards deployed around NFC tokens. Since odometer fraud is still a major practical concern, we discuss a practical scenario centered on vehicles, but the framework can be easily extended to many other assets.
2020-03-12
Ao, Weijun, Fu, Shaojing, Zhang, Chao, Huang, Yuzhou, Xia, Fei.  2019.  A Secure Identity Authentication Scheme Based on Blockchain and Identity-Based Cryptography. 2019 IEEE 2nd International Conference on Computer and Communication Engineering Technology (CCET). :90–95.

Most blockchain-based identity authentication systems focus on using blockchain to establish the public key infrastructure (PKI). It can solve the problem of single point of failure and certificate transparency faced by traditional PKI systems, but there are still some problems such as complex certificate management and complex certificate usage process. In this paper, we propose an identity authentication scheme based on blockchain and identity-based cryptography (IBC). The scheme implements a decentralized private key generator (PKG) by deploying the smart contract in Ethereum blockchain, and uses the IBC signature algorithm and challenge-response protocol during the authentication process. Compared with other blockchain-based identity authentication systems, the scheme not only prevents the single point of failure, but also avoids the complex certificate management, has lower system complexity, and resists impersonation attack, man-in-the-middle attack and replay attack.

2019-12-17
Gritti, Clémentine, Molva, Refik, Önen, Melek.  2018.  Lightweight Secure Bootstrap and Message Attestation in the Internet of Things. Proceedings of the 33rd Annual ACM Symposium on Applied Computing. :775-782.

Internet of Things (IoT) offers new opportunities for business, technology and science but it also raises new challenges in terms of security and privacy, mainly because of the inherent characteristics of this environment: IoT devices come from a variety of manufacturers and operators and these devices suffer from constrained resources in terms of computation, communication and storage. In this paper, we address the problem of trust establishment for IoT and propose a security solution that consists of a secure bootstrap mechanism for device identification as well as a message attestation mechanism for aggregate response validation. To achieve both security requirements, we approach the problem in a confined environment, named SubNets of Things (SNoT), where various devices depend on it. In this context, devices are uniquely and securely identified thanks to their environment and their role within it. Additionally, the underlying message authentication technique features signature aggregation and hence, generates one compact response on behalf of all devices in the subnet.

2015-05-06
Huaqun Wang.  2015.  Identity-Based Distributed Provable Data Possession in Multicloud Storage. Services Computing, IEEE Transactions on. 8:328-340.

Remote data integrity checking is of crucial importance in cloud storage. It can make the clients verify whether their outsourced data is kept intact without downloading the whole data. In some application scenarios, the clients have to store their data on multicloud servers. At the same time, the integrity checking protocol must be efficient in order to save the verifier's cost. From the two points, we propose a novel remote data integrity checking model: ID-DPDP (identity-based distributed provable data possession) in multicloud storage. The formal system model and security model are given. Based on the bilinear pairings, a concrete ID-DPDP protocol is designed. The proposed ID-DPDP protocol is provably secure under the hardness assumption of the standard CDH (computational Diffie-Hellman) problem. In addition to the structural advantage of elimination of certificate management, our ID-DPDP protocol is also efficient and flexible. Based on the client's authorization, the proposed ID-DPDP protocol can realize private verification, delegated verification, and public verification.
 

Nicanfar, H., Jokar, P., Beznosov, K., Leung, V.C.M..  2014.  Efficient Authentication and Key Management Mechanisms for Smart Grid Communications. Systems Journal, IEEE. 8:629-640.

A smart grid (SG) consists of many subsystems and networks, all working together as a system of systems, many of which are vulnerable and can be attacked remotely. Therefore, security has been identified as one of the most challenging topics in SG development, and designing a mutual authentication scheme and a key management protocol is the first important step. This paper proposes an efficient scheme that mutually authenticates a smart meter of a home area network and an authentication server in SG by utilizing an initial password, by decreasing the number of steps in the secure remote password protocol from five to three and the number of exchanged packets from four to three. Furthermore, we propose an efficient key management protocol based on our enhanced identity-based cryptography for secure SG communications using the public key infrastructure. Our proposed mechanisms are capable of preventing various attacks while reducing the management overhead. The improved efficiency for key management is realized by periodically refreshing all public/private key pairs as well as any multicast keys in all the nodes using only one newly generated function broadcasted by the key generator entity. Security and performance analyses are presented to demonstrate these desirable attributes.

2015-05-01
Hongzhen Du, Qiaoyan Wen.  2014.  Security analysis of two certificateless short signature schemes. Information Security, IET. 8:230-233.

Certificateless public key cryptography (CL-PKC) combines the advantage of both traditional PKC and identity-based cryptography (IBC) as it eliminates the certificate management problem in traditional PKC and resolves the key escrow problem in IBC. Recently, Choi et al. and Tso et al.proposed two different efficient CL short signature schemes and claimed that the two schemes are secure against super adversaries and satisfy the strongest security. In this study, the authors show that both Choi et al.'s scheme and Tso et al.'s scheme are insecure against the strong adversaries who can replace users' public keys and have access to the signing oracle under the replaced public keys.
 

2015-04-30
Wang, H..  2015.  Identity-Based Distributed Provable Data Possession in Multicloud Storage. Services Computing, IEEE Transactions on. 8:328-340.

Remote data integrity checking is of crucial importance in cloud storage. It can make the clients verify whether their outsourced data is kept intact without downloading the whole data. In some application scenarios, the clients have to store their data on multicloud servers. At the same time, the integrity checking protocol must be efficient in order to save the verifier's cost. From the two points, we propose a novel remote data integrity checking model: ID-DPDP (identity-based distributed provable data possession) in multicloud storage. The formal system model and security model are given. Based on the bilinear pairings, a concrete ID-DPDP protocol is designed. The proposed ID-DPDP protocol is provably secure under the hardness assumption of the standard CDH (computational Diffie-Hellman) problem. In addition to the structural advantage of elimination of certificate management, our ID-DPDP protocol is also efficient and flexible. Based on the client's authorization, the proposed ID-DPDP protocol can realize private verification, delegated verification, and public verification.