Tsu-Yang Wu

An efficient user authentication and key exchange protocol for mobile client-server environment

Considering the low-power computing capability of mobile devices, the security scheme design is a nontrivial challenge. The identity (ID)-based public-key system with bilinear pairings defined on elliptic curves offers a flexible approach to achieve simplifying the certificate management. In the past, many user authentication schemes with bilinear pairings have been proposed. In 2009, Goriparthi et al. also proposed a new user authentication scheme for mobile client-server environment. However, these schemes do not provide mutual authentication and key exchange between the client and the server that are necessary for mobile wireless networks. In this paper, we present a new user authentication and key exchange protocol using bilinear pairings for mobile client-server environment. As compared with the recently proposed pairing-based user authentication schemes, our protocol provides both mutual authentication and key exchange. Performance analysis is made to show that our presented protocol is well suited for mobile client-server environment. Security analysis is given to demonstrate that our proposed protocol is provably secure against previous attacks.

An ID-Based Mutual Authentication and Key Exchange Protocol for Low-Power Mobile Devices

The identity (ID)-based public-key system using bilinear pairings defined on elliptic curves offers a flexible approach to simplify the certificate management. In 2006, the IEEE P1363.3 committee has defined the ID-based public-key system with bilinear pairings as one of public-key cryptography standards. In this, an authenticated key agreement (AKA) protocol is one important issue that provides mutual authentication and key exchange between two parties. Owing to the fast growth of mobile networks, the computational cost on the client side with low-power computing devices is a critical factor in designing an AKA protocol suited for mobile networks. In this paper, we present an efficient and secure ID-based mutual authentication and key exchange protocol using bilinear pairings. Performance analysis and experimental data are given to demonstrate that our proposed protocol is well suited for a client–server environment with low-power mobile devices. In comparison with the recently proposed ID-based protocols, our protocol has the best performance on the client side.

Provably secure revocable ID‐based signature in the standard model

A signature scheme is one of the important primitives in modern cryptography, which may offer functionalities of user identification, non-repudiation, and message authentication. With the advent of identity (ID)-based public key systems with bilinear pairings defined on elliptic curves, many ID-based signature schemes have been proposed. Like certificate-based public key systems, any ID-based public key system must provide a revocation method to revoke misbehaving users. There was little work on studying the revocation problem of ID-based public key systems, and no ID-based signature scheme deals with how to revoke the signing ability of misbehaving users. Quite recently, Tseng and Tsai presented a practical revocation mechanism using a public channel for ID-based public key systems. In this paper, we adopt Tseng and Tsais revocation concept to define the new framework and security notions of revocable ID-based signature (RIBS) scheme and propose the first RIBS scheme in the standard model. Under the computational Diffie–Hellman assumption, we demonstrate that the proposed RIBS scheme is provably secure while remaining efficient for signing and verification as compared with previously proposed ID-based signature schemes. Copyright

On the security of a new ultra-lightweight authentication protocol in IoT environment for RFID tags

Recently, Tewari and Gupta proposed a ultra-lightweight mutual authentication protocol in IoT environments for RFID tags. Their protocol aims to provide secure communication with least cost in both storage and computation. Unfortunately, in this paper, we exploit the vulnerability of this protocol. In this attack, an attacker can obtain the key shared between a back-end database server and a tag. We also explore the possibility in patching the system with some modifications.

A pairing-based publicly verifiable secret sharing scheme

A publicly verifiable secret sharing (PVSS) scheme is a verifiable secret sharing scheme with the special property that anyone is able to verify the shares whether they are correctly distributed by a dealer. PVSS plays an important role in many applications such as electronic voting, payment systems with revocable anonymity, and key escrow. Up to now, all PVSS schemes are based on the traditional public-key systems. Recently, the pairing-based cryptography has received much attention from cryptographic researchers. Many pairing-based schemes and protocols have been proposed. However, no PVSS scheme using bilinear pairings is proposed. This paper presents the first pairing-based PVSS scheme. In the random oracle model and under the bilinear Diffie-Hellman assumption, the authors prove that the proposed scheme is a secure PVSS scheme.

A mutual authentication and key exchange scheme from bilinear pairings for low power computing devices

In a client-server network environment, a mutual authentication and key exchange scheme is an important security mechanism to provide two parties with the property that they can authenticate each others identity while they may construct a common session key. With rapid growth of mobile wireless networks, the computational cost on the client side with low power computing devices is a critical factor of the security scheme design. This paper presents a mutual authentication and key exchange scheme using bilinear pairings. Based on the computational Diffie-Hellman assumption and the random oracle model, we show that the proposed scheme is secure against passive attack, forgery attack and ID attack while it provides mutual authentication, implicit key confirmation and partial forward secrecy. A performance analysis demonstrates that our scheme is well suited for smart cards with limited computing capability.

Efficient searchable ID-based encryption with a designated server

Public key encryption with keyword search (PEKS) is a mechanism that allows one to extract e-mails containing a particular keyword by providing a trapdoor corresponding to the keyword. And parties without the trapdoor are unable to learn any information about the extracted e-mails. Meanwhile, a PEKS scheme is also suitable to provide a secure storage system in cloud computing environment. However, in a PEKS scheme, a secure channel must be established to transmit trapdoors. A PEKS scheme with a designated server, termed dPEKS, removes the requirement of the secure channel while retaining the same functionality of PEKS. Up to date, the related studies on dPEKS are all based on the pairing-based public key system. No work focuses on dPEKS based on ID-based systems, termed dIBEKS. In this article, we propose the first dIBEKS scheme that possesses the advantage (removing certificate management) of ID-based systems. Security analysis is given to demonstrate that our scheme is provably secure and can resist off-line keyword guessing attacks. When compared with previously proposed dPEKS schemes, our scheme has better performance in terms of computational time.

Two-round contributory group key exchange protocol for wireless network environments

With the popularity of group-oriented applications, secure group communication has recently received much attention from cryptographic researchers. A group key exchange (GKE) protocol allows that participants cooperatively establish a group key that is used to encrypt and decrypt transmitted messages. Hence, GKE protocols can be used to provide secure group communication over a public network channel. However, most of the previously proposed GKE protocols deployed in wired networks are not fully suitable for wireless network environments with low-power computing devices. Subsequently, several GKE protocols suitable for mobile or wireless networks have been proposed. In this article, we will propose a more efficient group key exchange protocol with dynamic joining and leaving. Under the decision Diffie-Hellman (DDH), the computation Diffie-Hellman (CDH), and the hash function assumptions, we demonstrate that the proposed protocol is secure against passive attack and provides forward/backward secrecy for dynamic member joining/leaving. As compared with the recently proposed GKE protocols, our protocol provides better performance in terms of computational cost, round number, and communication cost.

A Provable Secure Private Data Delegation Scheme for Mountaineering Events in Emergency System

Recently, the sport of mountaineering is a popular leisure activity and many people may injure while mountaineering. In the year of 2014, Chen et al. suggested a cloud-based emergency response and SOS system for mountaineering travelers when they encounter dangers. Chen et al. claimed that their proposed system is secure against various known attacks and the executive performance of the system is reasonable when the protocol is implemented on the traveler’s mobile device. However, in this paper, we discover that Chen et al.’s scheme is unable to protect the privacy of mountaineering travelers and the vulnerability allows a malicious attacker to spy on the electronic medical records of all mountaineering travelers by launching eavesdropping attacks. Moreover, Chen et al.’s scheme is vulnerable to off-line password guessing attack when the mobile device of the mountaineering traveler is lost or stolen by an attacker. In order to repair these shortcomings existing in Chen et al.’s scheme, we suggest an improved version of their scheme, which is provably secure in the random oracle model under the DDH and CDH problems.

Further analysis of pairing-based traitor tracing schemes for broadcast encryption

Pairing-based public key systems have recently received much attention because bilinear property contributes to the designs of many cryptographic schemes. In 2002, Mitsunari et al. proposed the first pairing-based traitor tracing scheme with constant-size ciphertexts and private keys. However, their scheme has been shown to be insecure for providing traitor tracing functionality. Recently, many researches still try to propose efficient pairing-based traitor tracing schemes in terms of ciphertext and private key sizes. In this paper, we present a security claim for the design of pairing-based traitor tracing schemes. For a pairing-based traitor tracing scheme with constant-size ciphertexts and private keys, if the decryption key is obtained by some pairing operations in pairing-based public key systems, the scheme will suffer from a linear attack and cannot provide the traitor tracing functionality. Finally, we apply our security claim to attack a pairing-based traitor tracing scheme proposed by Yang et al. to demonstrate our result. Our security claim can offer a notice and direction for designing pairing-based traitor tracing schemes. Copyright