Informatica

User anonymity is very important security technique in distributed computing environments that an illegal entity cannot determine any information concerning the user's identity. In 2006, Kumar–Rajendra proposed a Secure Identification and Key agreement protocol with user Anonymity (SIKA). This paper demonstrates the vulnerability of the SIKA protocol and then presents an improvement to repair the security flaws of the SIKA protocol.

This paper presents an entire chaos-based biometric remote user authentication scheme on tokens without using passwords. The proposed scheme is based on the chaotic hash function and chaotic pseudo-random number generator to provide secure mutual authentication over an insecure channel between the user and remote server. Compared with the related biometric authentication schemes, the proposed scheme does not require the user password to provide convenience to users. It also does not require time synchronization or delay-time limitations between the user and remote server to resolve time synchronization problems.

In a fuzzy identity-based encryption (IBE) scheme, a user with the secret key for an identity ID is able to decrypt a ciphertext encrypted with another identity ID' if and only if ID and ID' are within a certain distance of each other as judged by some metric. Fuzzy IBE also allows to encrypt a document to all users that have a certain set of attributes. In 2005, Sahai and Waters first proposed the notion of fuzzy IBE and proved the security of their scheme under the selective-ID model. Currently, there is no fuzzy IBE scheme available that is fully CCA2 secure in the standard model. In this paper, we propose a new fuzzy IBE scheme which achieves IND-FID-CCA2 security in the standard model with a tight reduction. Moreover, the size of public parameters is independent of the number of attributes associated with an identity.

Many electronic cash systems have been proposed with the proliferation of the Internet and the activation of electronic commerce. E-cash enables the exchange of digital coins with value assured by the bank's signature and with concealed user identity. In an electronic cash system, a user can withdraw coins from the bank and then spends each coin anonymously and unlinkably. In this paper, we design an efficient anonymous mobile payment system based on bilinear pairings, in which the anonymity of coins is revocable by a trustee in case of dispute. The message transfer from the customer to the merchant occurs only once during the payment protocol. Also, the amount of communication between customer and merchant is about 800 bits. Therefore, our mobile payment system can be used in the wireless networks with the limited bandwidth. The security of the new system is under the computational Diffie–Hellman problem in the random oracle model.

Secure communication between set-top boxes (STBs) and smart cards is directly related to the benefit of the service providers and the legal rights of users, while key exchange is the essential part of a secure communication. In 2004, Jiang et al. proposed a key exchange protocol for STBs and smart cards based upon Schnorr's digital signature protocol and a one-way hash function. This paper, however, demonstrates that Jiang et al.'s protocol is vulnerable to an impersonation attack and does not provide perfect forward secrecy. In addition, in order to isolate such problems, we present a new secure key exchange protocol based on a one-way hash function and Diffie–Hellman key exchange algorithm.

One important requirement of electronic cash systems is the anonymity of customers. Unconditional anonymity is also very well suited to support criminals in blackmailing. Maitland and Boyd proposed at ICICS 2001 an offline electronic cash system based on a group signature scheme. Their scheme cannot be used to solve blackmailing and other anonymity problems such as money laundering and illegal purchases. Chen, Zhang and Wang suggested an offline electronic cash scheme to prevent blackmailing by using the group blind signature. In their payment system, they used a group signature scheme of Camenisch and Stadler for large groups which is not secure. In this paper we improve these electronic cash systems to prevent blackmailing, money laundering and illegal purchases by using a secure coalition-resistant group blind signature scheme.

We know the necessity for information security becomes more widespread in these days, especially for hardware-based implementations such as smart cards chips for wireless applications and cryptographic accelerators. Fast modular exponentiation algorithms are often considered of practical significance in public-key cryptosystems. The RSA cryptosystem is one of the most widely used technologies for achieving information security. The main task of the encryption and decryption engine of RSA cryptosystem is to compute M^E mod N. Because the bit-length of the numbers M, E, and N would be about 512 to 1024 bits now, the computations for RSA cryptosystem are time-consuming. In this paper, an efficient technique for parallel computation of the modular exponentiation is proposed and our algorithm can reduce time complexity. We can have the speedup ratio as 1.06 or even 2.75 if the proposed technique is used. In Savas–Tenca–Koc algorithm, they design a multiplier with an insignificant increase in chip area (about 2.8%) and no increase in time delay. Our proposed technique is faster than Savas–Tenca–Koc algorithm in time complexity and improves efficiency for RSA cryptosystem.

This paper introduces a new concept of convertible user designating confirmer partially blind signature, in which only the designated confirmer (designated by the user) and the user can verify and confirm the validity of given signatures and convert given signatures into publicly verifiable ones. We give a formal definition for it and propose a concrete provably secure scheme with a proof of security and a brief analysis of efficiency. Assuming the intractabilities of the Discrete Logarithm Problem and the ROS-Problem, the proposed scheme is unforgeable under adaptive chosen-message attack.

The undeniable signature, introduced by Chaum et al. in 1989, provides a nice property that the signer has an additional control over who will benefit from being convinced by the signature. However, a conspicuous drawback of undeniable signature is that the signer may be unavailable or refuse to cooperate. Chaum in 1994 proposed a designated confirmer signature scheme to protect the recipient's right. There exists a confirmer, who can always help the recipient prove the validity of the signature to others. Unfortunately, Chaum's paper did not consider that a malicious confirmer proves the validity of the signature to any persons as his will or even leaks the sensitive information to the signer's enemies. This paper proposes a new signature scheme called proxy confirmation signature where the proxy confirmer can only acquire a temporary proxy confirmation capability instead of a perpetual one from the signer. That is, the signer not only can delegate the confirmation capability to the proxy confirmer, but also can revoke the proxy confirmer's capability for avoiding the abuse. Moreover, our scheme also provides a technique to properly restrict the proxy confirmer to convincing only some specified verifiers that the signature is valid.

Recently, Tseng et al. proposed an improvement on Peyravian and Zunic's protected password transmission scheme and protected changing scheme to remove some security flaws. However, as we will point out in this paper, any adversary can intercept the request for changing the password sent by a legal user and modify it with a wrong password. Furthermore, we shall also propose an improved version of their protected password changing scheme to help it out of the trouble.