Sen-Shan Huang

List-Free ID-Based Mutual Authentication and Key Agreement Protocol for Multiserver Architectures

A multiserver architecture consisting of multiple servers provides resources and services for clients by way of open channels. Thus, a cryptographic protocol should be offered to ensure the legitimacy of both clients and servers, and to provide communication confidentiality. In the past, a large number of ID-based mutual authentication and key agreement (ID-MAKA) protocols have been proposed regarding this issue. Several circumstances require a revocation mechanism to revoke misbehaving/compromised clients and servers before their intended expiration dates. To do so, the existing ID-MAKA protocols generally adopt a black/white list to revoke/permit clients for access authorization. So far, no work addresses the revocation problem on servers in the sense that clients should be notified to avoid malicious services or applications provided by revoked servers. In this letter, we propose the first list-free ID-MAKA protocol with an efficient revocation mechanism for multiserver architectures. Compared with previously proposed protocols, our protocol possesses three main merits. First, it provides a simple revocation mechanism to solve the management problem of both compromised clients and servers. Second, neither clients nor servers need to keep any black/white list. Finally, it is well suitable for mobile clients by performance analysis and experimental data.

Strongly Secure Revocable ID-based Signature without Random Oracles

In 2012, Tseng and Tsai presented a novel revocable ID (identity)-based public key setting that provides an efficient revocation mechanism with a public channel to revoke misbehaving or compromised users from public key systems. Subsequently, based on Tseng and Tsai’s revocable ID-based public key setting, Tsai et al. proposed a new revocable ID-based signature (RIBS) scheme in the standard model (without random oracles). However, their RIBS scheme possesses only existential unforgeability under adaptive chosen-message attacks. In the article, we propose the first strongly secure RIBS scheme without random oracles under the computational Diffie-Hellman and collision resistant assumptions. Comparisons with previously proposed schemes are made to demonstrate the advantages of our scheme in terms of revocable functionality and security property. DOI: http://dx.doi.org/10.5755/j01.itc.43.3.5718

A novel ID-Based authentication and key exchange protocol resistant to ephemeral-secret-leakage attacks for mobile devices

With the rapid development in wireless communications and cloud computing technologies, clients (users) often use handheld mobile devices to access remote servers via open network channels. To provide authentication and confidentiality between clients and servers, a large number of ID-based authentication and key exchange (ID-AKE) protocols have been proposed for mobile client-server environments. However, most of the existing ID-AKE protocols adopt the precomputation technique so that they become vulnerable to the ephemeral-secret-leakage (ESL) attacks, in the sense that an adversary could use the ephemeral secrets to reveal the private keys of clients from the corresponding exchange messages. In the paper, we propose a new ESL-secure ID-AKE protocol for mobile client-server environments. We formally prove that the proposed protocol satisfies the security requirements of both mutual authentication and key exchange while resisting the ESL attacks. When compared with previously proposed ID-AKE protocols, our protocol has higher security and retains computational performance, since it requires no bilinear pairing operation for mobile clients. Finally, we mention the possibility of adopting our protocol as an authentication method of the extensible authentication protocol (EAP) for wireless networks.

Revocable ID-Based Signature with Short Size over Lattices

In the past, many ID-based signature (IBS) schemes based on the integer factorization or discrete logarithm problems were proposed. With the progress on the development of quantum technology, IBS schemes mentioned above would become vulnerable. Recently, several IBS schemes over lattices were proposed to be secure against attacks in the quantum era. As conventional public-key settings, ID-based public-key settings have to offer a revocation mechanism to revoke misbehaving or malicious users. However, in the past, little work focuses on the revocation problem in the IBS schemes over lattices. In this article, we propose a new revocable IBS (RIBS) scheme with short size over lattices. Based on the short integer solution (SIS) assumption, we prove that the proposed RIBS scheme provides existential unforgeability against adaptive chosen-message attacks. As compared to the existing IBS schemes over lattices, our RIBS scheme has better performance in terms of signature size, signing key size, and the revocation mechanism with public channels.

Efficient Anonymous Multireceiver Certificateless Encryption

To protect receiver privacy, researchers constructed anonymous multireceiver encryption by implanting anonymity in multireceiver encryption. It allows a sender to produce the identical ciphertext for multiple designated receivers. Every designated receiver can decrypt the ciphertext, but does not know who the other designated receivers are. Recently, several anonymous multireceiver identity (ID)-based encryption (AMIBE) schemes were proposed without the utilization of certificates. However, these AMIBE schemes are not efficient because their decryption cost of each receiver grows linearly with the number of the designated receivers. Moreover, all the ID-based cryptographic schemes suffer from the key escrow problem, which has been resolved by using certificateless public key settings. Very recently, Islam et al. proposed an anonymous multireceiver certificateless encryption (AMCLE) scheme. However, the encryption cost of a sender is quadric with the number of designated receivers, whereas the decryption cost of each receiver is linear with the number. In this paper, we propose an efficient AMCLE scheme with constant decryption cost, namely, the required decryption cost of each receiver is independent of the number of receivers. When compared with previously proposed AMIBE and AMCLE schemes, our scheme solves the key escrow problem and improves the efficiency of encryption/decryption significantly as well.

Leakage-resilient ID-based signature scheme in the generic bilinear group model

Security mechanisms in the traditional cryptography have been modeled under the assumption that secret values keys are completely hidden to an adversary. Indeed, a number of side-channel attacks e.g., timing, power, fault, etc. have been demonstrated to obtain partial information about secret keys. Leakage-resilient cryptography is a countermeasure to withstand side-channel attacks. Recently, a large number of leakage-resilient cryptographic schemes or protocols have been proposed to resist various side-channel attacks. Up to now, no work has been done on leakage-resilient identity-based signature LR-IBS. In this article, we propose the first LR-IBS scheme based on Galindo and Viveks leakage-resilient signature. In the generic bilinear group model, we formally prove that our LR-IBS scheme possesses existential unforgeability against identity and adaptive chosen message attacks under the continual leakage model. Copyright

Efficient revocable certificateless public key encryption with a delegated revocation authority

Quite recently, Shen et al. proposed a revocable certificateless public key encryption RCL-PKE scheme in the standard model, in which the key generation center KGC can efficiently revoke misbehaving or compromised users. However, their scheme was shown to be insecure. Moreover, the work of revoking users is executed only by the KGC, and their scheme requires high computation cost. In this paper, we propose the first secure RCL-PKE scheme with a delegated revocation authority in the standard model. We emphasize that the delegated revocation authority shares the responsibility for user revocation to reduce the load of the KGC and provide the revocation flexibility. When compared with Shen et al.s scheme, our scheme has better performance in terms of each users private key size and computation cost. Under the decisional bilinear Diffie-Hellman and collision-resistant hash function assumptions, we demonstrate that the proposed RCL-PKE scheme is semantically secure in the standard model. Copyright

Enhancement on strongly secure group key agreement

In 2011, Zhao et al. presented a new security model of group key agreement GKA by considering ephemeral secret leakage ESL attacks. Meanwhile, they proposed a strongly secure GKA protocol under the new model. In this paper, two security weaknesses on their protocol are pointed out and remedied, in which, their GKA protocol must rely on a signature scheme with existential unforgeability under adaptive chosen message attacks UF-ACMA to achieve the security goals of authenticated key exchange and mutual authentication in the new model. We argue and illustrate that a UF-ACMA secure signature scheme is insufficient to promise the security goals because the employed signature scheme does not consider the ESL attacks. For providing authentication functionality of some future cryptographic mechanisms e.g., authenticated GKA protocols, authenticated key agreement protocols, and authentication schemes resistant to the ESL attacks, we define a novel security notion for digital signature schemes, termed existential UF-ACM and ephemeral secret leakage attacks. On the basis of Schnorrs signature scheme, we propose the first UF-ACM and ephemeral secret leakage attacks secure signature scheme. We demonstrate that the proposed scheme is provably secure under the hardness of computing discrete logarithms in the random oracle model. Copyright

Secure Certificateless Signature with Revocation in the Standard Model

Certificateless public key cryptography is very attractive in solving the key escrow problem which is inherent in identity- (ID-) based public key cryptography. In the past, a large number of certificateless cryptographic schemes and protocols were presented, but a secure certificateless signature in the standard model (without random oracles) is still not accessible until now. To the best of our knowledge, all the previously proposed certificateless signature schemes were insecure under a considerably strong security model in the sense that they suffered from outsiders’ key replacement attacks or the attacks from the key generation center (KGC). In this paper, we propose a certificateless signature scheme without random oracles. Moreover, our scheme is secure under the strong security model and provides a public revocation mechanism, called revocable certificateless signature (RCLS). Under the standard computational Diffie-Hellman assumption, we formally demonstrate that our scheme possesses existential unforgeability against adaptive chosen-message attacks.

Lattice-Based Revocable Certificateless Signature

Certificateless signatures (CLS) are noticeable because they may resolve the key escrow problem in ID-based signatures and break away the management problem regarding certificate in conventional signatures. However, the security of the mostly previous CLS schemes relies on the difficulty of solving discrete logarithm or large integer factorization problems. These two problems would be solved by quantum computers in the future so that the signature schemes based on them will also become insecure. For post-quantum cryptography, lattice-based cryptography is significant due to its efficiency and security. However, no study on addressing the revocation problem in the existing lattice-based CLS schemes is presented. In this paper, we focus on the revocation issue and present the first revocable CLS (RCLS) scheme over lattices. Based on the short integer solution (SIS) assumption over lattices, the proposed lattice-based RCLS scheme is shown to be existential unforgeability against adaptive chosen message attacks. By performance analysis and comparisons, the proposed lattice-based RCLS scheme is better than the previously proposed lattice-based CLS scheme, in terms of private key size, signature length and the revocation mechanism.