Informatica

Certificateless public-key systems (CL-PKS) were introduced to simultaneously solve two critical problems in public-key systems. One is the key escrow problem in ID-based public-key systems and the other is to eliminate the presence of certificates in conventional public-key systems. In the last decade, several certificateless signature (CLS) schemes have been proposed in the random oracle model. These CLS schemes possess existential unforgeability against adaptive chosen-message attacks, and only few of them possess strong unforgeability. A CLS scheme with strong unforgeability plays an important role in the construction of certificateless cryptographic schemes. Unfortunately, all the existing CLS schemes in the standard model (without random oracles) have been shown insecure to provide existential unforgeability under a generally adopted security model. In the article, we propose a strongly secure CLS scheme in the standard model under the generally adopted security model. Our scheme possesses not only existential unforgeability but also strong unforgeability, and turns out to be the first strongly secure CLS scheme in the standard model. Under the collision resistant hash (CRH) and computational Diffie–Hellman (CDH) assumptions, we prove that our CLS scheme possesses strong unforgeability against both Type I (outsiders) and Type II (key generation center) adversaries.

Up to date, a large number of ID-based signature (IBS) schemes based on bilinear pairings have been proposed. Most of these IBS schemes possess existential unforgeability under adaptive chosen-message attacks, among which some offer strong unforgeability. An IBS scheme is said to be strongly unforgeable if it possesses existential unforgeability and an adversary who is given signatures of the IBS scheme on some message m is unable to generate a new signature on m. Strong unforgeable IBS schemes can be used to construct many important ID-based cryptographic schemes. However, the existing strongly unforgeable IBS schemes lack efficiency for the signature size and the computation cost of verification phase. In this paper, we propose an efficient strongly unforgeable IBS scheme without random oracles. Under the computational Diffie–Hellman and collision resistant hash assumptions, we demonstrate that the proposed IBS scheme possesses strong unforgeability against adaptive chosen-message attacks. When compared with previously proposed strongly unforgeable IBS schemes, our scheme has better performance in terms of signature size and computation cost.

Up to now, there was very little work on studying the revocation problem in existing hierarchical ID-based encryption (HIBE) systems. Certainly, all existing HIBE systems may inherit the revocation method suggested by Boneh and Franklin to revoke illegal or expired users, in which non-revoked users must periodically update their private keys using secure channels by contacting their ancestors in hierarchical structures. In this paper, we propose the first HIBE scheme with public revocation mechanism, called revocable HIBE (RHIBE), which is extended from Lewko and Waters's unbounded HIBE scheme presented in Eurocrypt 2011. We demonstrate that the proposed RHIBE scheme is fully secure while removing the requirement of secure channels for private key updating in Boneh and Franklin's revocation method. The public revocation mechanism is an exciting alternative to the existing revocation methods. Finally, we discuss the transformation technique from a HIBE scheme to a RHIBE scheme and employ it to another well-known HIBE scheme.

Revocation problem is a critical issue for key management of public key systems. Any certificate-based or identity (ID)-based public key systems must provide a revocation method to revoke misbehaving/compromised users from the public key systems. In the past, there was little work on studying the revocation problem of ID-based public key systems. Most recently, Tseng and Tsai presented a novel ID-based public key system with efficient revocation using a public channel, and proposed a practical revocable ID-based encryption (called RIBE). They proved that the proposed RIBE is semantically secure in the random oracle model. Although the ID-based encryption schemes based on the random oracle model can offer better performance, the resulting schemes could be insecure when random oracles are instantiated with concrete hash functions. In this paper, we employ Tseng and Tsai's revocable concept to propose a new RIBE without random oracles to provide full security. We demonstrate that the proposed RIBE is semantically secure against adaptive-ID attacks in the standard model.

An authenticated group key exchange (AGKE) protocol allows participants to construct a common key and provide secure group communications in cooperative and distributed applications. Recently, Choi et al. proposed an identity (ID)-based authenticated group key exchange (IDAGKE) protocol from bilinear pairings. However, their protocol suffered from an insider colluding attack because it didn't realize the security issue of withstanding insider attacks. Withstanding insider attacks mean that it can detect whether malicious participants exist in the group key exchange protocol. Nevertheless, an AGKE protocol resistant to insider attacks is still unable to find “who are malicious participants”. In this paper, we propose an ID-based AGKE protocol with identifying malicious participants. In our protocol, we use a confirmed computation property to achieve identifying malicious participants. Certainly, it is also secure against insider attacks. In the random oracle model and under related mathematical hard problems, we prove that the proposed protocol a secure AGKE protocol with identifying malicious participants.

In 2008, based on the two-party Diffie–Hellman technique, Biswas proposed a contributory group key exchange protocol called the Group-DH protocol. This contributory property is an important one of group key agreement. Unfortunately, in this paper we show that the proposed Group-DH protocol is not a contributory group key exchange protocol. Therefore, we propose an improved group key exchange protocol with verifiably contributory property based on the same Diffie–Hellman technique. When an identical group key is constructed, each participant can confirm that his/her contribution is actually included in the group key. We show that the improved protocol is provably secure against passive attacks under the decisional Diffie–Hellman assumption. As compared to the previously proposed group key exchange protocols, our protocol provides contributiveness and the required computational cost is suitable for low-power participants in a network environment.

With rapid growth of mobile wireless networks, handheld devices are popularly used by people and many mobile applications have been rapidly developed. Considering the limited computing capability of smart cards or mobile devices, the security scheme design suitable for these mobile devices is a nontrivial challenge. A user authentication scheme is a mechanism to authenticate a remote user over an open network. In 2006, Das et al. proposed an identity (ID)-based remote user authentication scheme with smart cards using bilinear pairings. Unfortunately, their scheme is insecure against forgery attack. Recently, Giri and Srivastava proposed an improved scheme to overcome the forgery attack. The computational cost required by the Giri–Srivastava scheme is expensive, especially for smart cards with limited computing capability. In addition, the Giri–Srivastava scheme is unable to be used for a multi-server environment. This paper presents an efficient and secure ID-based remote user authentication scheme using bilinear pairings. Based on the computational Diffie–Hellman assumption, we show that the proposed scheme is secure against existential forgery on adaptively chosen-message and ID attack in the random oracle model. As compared with the recently proposed pairing-based authentication schemes, our scheme has better performance in term of the computational cost and it is suitable for a multi-server environment in distributed networks. Performance analysis and experimental data of related pairing operations on smartcards are given to demonstrate that our scheme is well suited for mobile devices with limited computing capability.

A key exchange (or agreement) protocol is designed to allow two entities establishing a session key to encrypt the communication data over an open network. In 1990, Gunther proposed an identity-based key exchange protocol based on the difficulty of computing a discrete logarithm problem. Afterwards, several improved protocols were proposed to reduce the number of communication steps and the communicational cost required by Gunther's protocol. This paper presents an efficient identity-based key exchange protocol based on the difficulty of computing a discrete logarithm problem. As compared with the previously proposed protocols, it has better performance in terms of the computational cost and the communication steps. The proposed key exchange protocol provides implicit key authentication as well as the desired security attributes of an authenticated key exchange protocol.

Recently, Park and Lim (1998) proposed two key distribution systems for secure VSAT satellite communications. One provides indirect authentication, and another scheme enables that two parties can directly authenticate each other. However, this article will show that the proposed schemes are insecure enough by presenting two impersonation attacks on them. Besides, an improved scheme will be proposed, which is secure against the impersonation attack and provides direct mutual authentication between two parties.

Peyravian and Zunic (2000) proposed a password transmission scheme and a password change scheme over an insecure network. Their proposed solutions do not require the use of any symmetric-key or public-key cryptosystems. However, this article points out that their schemes have several security flaws for practical applications. A slight improvement on their schemes is proposed in this paper to remove the security flaws.