Hiroaki Anada

Identification schemes from key encapsulation mechanisms

We propose a generic way for deriving an identification (ID) scheme secure against concurrent man-in-the-middle attacks from a key encapsulation mechanism (KEM) secure against chosen ciphertext attacks on one-wayness (oneway-CCA). Then we give a concrete one-way-CCA secure KEM based on the Computational Diffie-Hellman (CDH) assumption. In that construction, the Twin Diffie-Hellman technique of Cash, Kiltz and Shoup is essentially employed. We compare efficiency of the ID scheme derived from our KEM with previously known ID schemes and KEMs. It turns out that our KEM-based ID scheme reduces the computation by one exponentiation than the currently most efficient one derived from the Hanaoka-Kurosawa one-way-CCA secure KEM, whose security is based on the same (CDH) assumption.

Cryptanalysis and Improvement of "A Secure Password Authentication Mechanism for Seamless Handover in Proxy Mobile IPv6 Networks"

Proxy Mobile IPv6 is a network-based localized mobility management protocol that supports mobility without mobile nodes’ participation in mobility signaling. The details of user authentication procedure are not specified in this standard, hence, many authentication schemes have been proposed for this standard. In 2013, Chuang et al., proposed an authentication method for PMIPv6, called SPAM. However, Chuang et al.’s Scheme protects the network against some security attacks, but it is still vulnerable to impersonation and password guessing attacks. In addition, we discuss other security drawbacks such as lack of revocation procedure in case of loss or stolen device, and anonymity issues of the Chuang et al.’s scheme. We further propose an enhanced authentication method to mitigate the security issues of SPAM method and evaluate our scheme using BAN logic.

Attribute-based signatures without pairings via the fiat-shamir paradigm

We propose the first practical attribute-based signature (ABS) scheme with attribute privacy without pairings in the random oracle model. Our strategy is in the Fiat-Shamir paradigm; we first provide a generic construction of a boolean proof system of Sgm-protocol type. Our boolean proof system is a generalization of the well-known OR-proof system; that is, it can treat any boolean formula instead of a single OR-gate. Then, by combining our boolean proof system with a credential bundle scheme of the Fiat-Shamir signature, we obtain a generic attribute-based identification (ABID) scheme of proof of knowledge. Finally, we apply the Fiat-Shamir transform to our ABID scheme to obtain a generic ABS scheme which possesses attribute privacy and can be proved to be secure in the random oracle model. Our ABS scheme can be constructed without pairings.

Identification schemes of proofs of ability secure against concurrent man-in-the-middle attacks

We give a series of three identification schemes. All of them are basically 2-round interactive proofs of ability to complete Diffie-Hellman tuples. Despite their simple protocols, the second and the third schemes are proven secure against concurrent man-in-the-middle attacks based on tight reduction to the Gap Computational Diffie-Hellman Assumption without the random oracle. In addition, they are more efficient than challenge-and-response 2-round identification schemes from previously known EUF-CMA signature schemes in the standard model. Our first scheme is similar to half the operation of Diffie-Hellman Key-Exchange. The first scheme is secure only against two-phase attacks based on strong assumptions. Applying the tag framework, and employing a strong one-time signature for the third scheme, we get the preferable schemes above.

Reset-Secure Identity-Based Identification Schemes Without Pairings

Identity-based identification IBI schemes are generally insecure against reset attacks since they are commonly constructed from three-move

Short CCA-Secure Attribute-Based Encryption

\varSigma

Short CCA-Secure Ciphertext-Policy Attribute-Based Encryption

-protocols similar those of traditional public-key identification schemes. In 2009, Thorncharoensri et al. proposed the first IBI scheme secure against impersonators who are able to perform concurrent-reset attacks and is the only scheme that satisfies this notion of security in literature to date. However, their scheme suffers from correctness issues and is also constructed using pairings, which are known to be costly operationally. In this paper, we utilize one of Bellare et als methods to reinforce the Schnorr-IBI scheme and also its more-secure variant: the Twin-Schnorr-IBI scheme against reset attacks, therefore achieving reset-secure IBI schemes without pairings.

Cross-group secret sharing scheme for secure usage of cloud storage over different providers and regions

Public-key encryption with keyword search (PEKS) enables us to search over encrypted data, and is expected to be used between a cloud server and users’ devices such as laptops or smartphones. However, those devices might be lost accidentally or be stolen. In this paper, we deal with such a key-exposure problem on PEKS, and introduce a concept of PEKS with key-updating functionality, which we call key-updatable PEKS (KU-PEKS). Specifically, we propose two models of KU-PEKS: The key-evolution model and the key-insulation model. In the key-evolution model, a pair of public and secret keys can be updated if needed (e.g., the secret key is exposed). In the key-insulation model, a public key remains fixed while a secret key can be updated if needed. The former model makes a construction simple and more efficient than the latter model. On the other hand, the latter model is preferable for practical use since a user never updates his/her public key. We show constructions of a KU-PEKS scheme in each model in a black-box manner. We also give an experimental result for the most efficient instantiation, and show our proposal is practical.