Divyan M. Konidala

New ID-Based threshold signature scheme from bilinear pairings

ID-based public key systems allow the user to use his/her identity as the public key, which can simplify key management procedure compared with CA-based public key systems. However, there is an inherent disadvantage in such systems: the problem of private key escrow, i.e., the “trusted” Private Key Generator (PKG) can easily impersonate any user at any time without being detected. Although the problem of escrowing the private key may be reduced by distributing the trust onto multiple centers, it will decrease the efficiency of the systems. Chen et al. first proposed a novel ID-based signature scheme without trusted PKG from bilinear pairings [10], i.e., there is only one PKG who is not assumed to be honest in their scheme. However, the signature scheme cannot be extended to a threshold one. In this paper we propose another ID-based signature scheme without trusted PKG from bilinear pairings. Moreover, we propose an ID-based threshold signature scheme without trusted PKG, which simultaneously overcomes the problem of key escrow and adopts the approach that the private key associated with an identity rather than the master key of PKG is shared.

Security Framework for RFID-based Applications in Smart Home Environment

The concept of Smart-Homes is becoming more and more popular. It is anticipated that Radio Frequency IDentification (RFID) technology will play a major role in such environments. We can find many previously proposed schemes that focus solely on: authentication between the RFID tags and readers, and user privacy protection from malicious readers. There has also been much talk of a very popular RFID application: a refrigerator/bookshelf that can scan and list out the details of its items on its display screen. Realizing such an application is not as straight forward as it seems to be, especially in securely deploying such RFID-based applications in a smart home environment. Therefore this paper describes some of the RFID-based applications that are applicable to smart home environments. We then identify their related privacy and security threats and security requirements and also propose a secure approach, where RFID-tagged consumer items, RFID-reader enabled appliances (e.g., refrigerators), and RFID-based applications would securely interact among one another. At the moment our approach is just a conceptual idea, but it sheds light on very important security issues related to RFID-based applications that are beneficial for consumers.

Open issues in RFID security

RFID security is a relatively new research area. Within less than a decade, a large number of research papers dealing with security issues of RFID technology have appeared. In this paper we attempt to summarize current research works in the field of RFID security and discuss some of their open issues. Firstly, we outline the security threats to RFID, then we summarize some of the current counter-measures and finally, we draw attention to the open issues and challenges in RIFD security.

Resuscitating privacy-preserving mobile payment with customer in complete control

Credit/debit card payment transactions do not protect the privacy of the customer. Once the card is handed over to the merchant for payment processing, customers are “no longer in control” on how their card details and money are handled. This leads to card fraud, identity theft, and customer profiling. Therefore, for those customers who value their privacy and security of their payment transactions, this paper proposes a choice—an alternate mobile payment model called “Pre-Paid Mobile HTTPS-based Payment model”. In our proposed payment model, the customer obtains the merchant’s bank account information and then instructs his/her bank to transfer the money to the merchant’s bank account. We utilize near field communication (NFC) protocol to obtain the merchant’s bank account information into the customer’s NFC-enabled smartphone. We also use partially blind signature scheme to hide the customers’ identity from the bank. As a result, our payment model provides the customer with complete control on his/her payments and privacy protection from both the bank and the merchant. We emulated our proposed mobile payment model using Android SDK 2.1 platform and analyzed its execution time.

A survey on RFID security and provably secure grouping-proof protocols

RFID security is a relatively new research area. Within less than a decade, a large number of research papers dealing with security issues of RFID technology have appeared. In the first part of this paper, we attempt to summarise current research in the field of RFID security and discuss some of their open issues. In the second part of this paper, we address some of the open problems we suggested in the first part. In particular, we deal with scalability problem of existing grouping-proof protocols for RFID tags. In addition, we also present the first security definition for a secure grouping-proof protocol for RFID tags. The definition is then used to analyse the security of our proposed grouping-proof protocol which employs a (n, n)-secret sharing scheme to solve the scalability problem of previous protocols.

A secure and privacy enhanced protocol for location-based services in ubiquitous society

This paper focuses on one of the future applications and services area of mobile communications. Mobile devices like mobile phones and PDAs would very soon allow us to interact with other smart devices around us, thus supporting a ubiquitous society. There would be many competitive service providers selling location-based services to users. To avail such services, a users mobile device may need to handle many service providers. It should also he able to identify and securely communicate with only genuine service providers. But these tasks could create a huge burden on the low-computing and resource-poor mobile device. Our protocol establishes a convincing trust model through which secure key distribution is accomplished. Secure job delegation and use of cost-effective cryptographic techniques help in reducing the communication and computational burden on the mobile device. The protocol also provides user privacy protection, replay protection, entity authentication, and message authentication, integrity and confidentiality.

Mobile RFID applications and security challenges

With mobile RFID technology, handheld portable devices like mobile phones and PDAs, also behave as RFID readers and RFID tags. As RFID readers, mobile phones provide an user-friendly approach to quickly and efficiently scan, access and view information about RFID tagged items. As RFID tags, mobile phones can quickly identify themselves in order to communicate with other tagged devices, which provide essential services. At the outset this paper briefly describes Mobile RFID technology and compare it with conventional RFID technology. We pioneer in categorizing Mobile RFID applications into three distinct zones, namely: Location-based Services (LBS) Zone, Enterprise Zone, and Private Zone. We describe application scenarios related to these zones and highlight various security and privacy threats. Finally, we propose a security architecture for LBS zone and describe our future work.

A capability-based privacy-preserving scheme for pervasive computing environments

In a pervasive computing environment, users interact with many smart devices or service providers (SPs) to obtain some useful services from them. These SPs can be either genuine or malicious. As a result, users privacy is at a greater risk, as they are prone to revealing their location, identity and transactions information to such SPs. On the other hand, user authentication is also required for SPs to provide service access control to only authorized users. In order to protect users privacy, they must be allowed to have anonymous interactions with SPs. But, authenticating and authorizing an anonymous user becomes a challenging task. In this paper, we propose a simple and efficient scheme that allows users to anonymously interact with SPs and the SPs can effectively authenticate and authorize the users based on the anonymous information submitted by the users.