• Title/Summary/Keyword: Identity based cryptography

Search Result 35, Processing Time 0.18 seconds

Securing Mobile Ad Hoc Networks Using Enhanced Identity-Based Cryptography

  • Mehr, Kamal Adli;Niya, Javad Musevi
    • ETRI Journal
    • /
    • v.37 no.3
    • /
    • pp.512-522
    • /
    • 2015
  • Recent developments in identity-based cryptography (IBC) have provided new solutions to problems related to the security of mobile ad hoc networks (MANETs). Although many proposals to solve problems related to the security of MANETs are suggested by the research community, there is no one solution that fits all. The interdependency cycle between secure routing and security services makes the use of IBC in MANETs very challenging. In this paper, two novel methods are proposed to eliminate the need for this cycle. One of these methods utilizes a key pool to secure routes for the distribution of cryptographic materials, while the other adopts a pairing-based key agreement method. Furthermore, our proposed methods utilize threshold cryptography for shared secret and private key generation to eliminate the "single point of failure" and distribute cryptographic services among network nodes. These characteristics guarantee high levels of availability and scalability for the proposed methods. To illustrate the effectiveness and capabilities of the proposed methods, they are simulated and compared against the performance of existing methods.

A Fuzzy Identity-Based Signcryption Scheme from Lattices

  • Lu, Xiuhua;Wen, Qiaoyan;Li, Wenmin;Wang, Licheng;Zhang, Hua
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.8 no.11
    • /
    • pp.4203-4225
    • /
    • 2014
  • Fuzzy identity-based cryptography introduces the threshold structure into identity-based cryptography, changes the receiver of a ciphertext from exact one to dynamic many, makes a cryptographic scheme more efficient and flexible. In this paper, we propose the first fuzzy identity-based signcryption scheme in lattice-based cryptography. Firstly, we give a fuzzy identity-based signcryption scheme that is indistinguishable against chosen plaintext attack under selective identity model. Then we apply Fujisaki-Okamoto method to obtain a fuzzy identity-based signcryption scheme that is indistinguishable against adaptive chosen ciphertext attack under selective identity model. Thirdly, we prove our scheme is existentially unforgeable against chosen message attack under selective identity model. As far as we know, our scheme is the first fuzzy identity-based signcryption scheme that is secure even in the quantum environment.

A Secure Switch Migration for SDN with Role-based IBC

  • Lam, JunHuy;Lee, Sang-Gon;Andrianto, Vincentius Christian
    • Journal of the Korea Society of Computer and Information
    • /
    • v.22 no.9
    • /
    • pp.49-55
    • /
    • 2017
  • Despite the Openflow's switch migration occurs after the channel was established in secure manner (optional), the current cryptography protocol cannot prevent the insider attack as the attacker possesses a valid public/private key pair. There are methods such as the certificate revocation list (CRL) or the online certificate status protocol (OCSP) that tries to revoke the compromised certificate. However, these methods require a management system or server that introduce additional overhead for the communication. Furthermore, these methods are not able to mitigate power abuse of an insider. In this paper, we propose a role-based identity-based cryptography (RB-IBC) that integrate the identity of the node along with its role so the nodes within the network can easily mitigate any role abuse of the nodes. Besides that, by combining with IBC, it will eliminate the need of exchanging certificates and hence improve the performance in a secure channel.

Enhanced Certificate-Based Encryption Scheme without Bilinear Pairings

  • Lu, Yang;Zhang, Quanling
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.10 no.2
    • /
    • pp.881-896
    • /
    • 2016
  • Certificate-based cryptography is a useful public key cryptographic primitive that combines the merits of traditional public key cryptography and identity-based cryptography. It not only solves the key escrow problem inherent in identity-based cryptography, but also simplifies the cumbersome certificate management problem in traditional public key cryptography. In this paper, by giving a concrete attack, we first show that the certificate-based encryption scheme without bilinear pairings proposed by Yao et al. does not achieve either the chosen-ciphertext security or the weaker chosen-plaintext security. To overcome the security weakness in Yao et al.'s scheme, we propose an enhanced certificate-based encryption scheme that does not use the bilinear pairings. In the random oracle model, we formally prove it to be chosen-ciphertext secure under the computational Diffie-Hellman assumption. The experimental results show that the proposed scheme enjoys obvious advantage in the computation efficiency compared with the previous certificate-based encryption schemes. Without costly pairing operations, it is suitable to be employed on the computation-limited or power-constrained devices.

Provably Secure Certificate-Based Signcryption Scheme without Pairings

  • Lu, Yang;Li, Jiguo
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.8 no.7
    • /
    • pp.2554-2571
    • /
    • 2014
  • Certificate-based cryptography is a new cryptographic paradigm that provides an interesting balance between identity-based cryptography and traditional public key cryptography. It not only simplifies the complicated certificate management problem in traditional public key cryptography, but also eliminates the key escrow problem in identity-based cryptography. As an extension of the signcryption in certificate-based cryptography, certificate-based signcryption provides the functionalities of certificate-based encryption and certificate-based signature simultaneously. However, to the best of our knowledge, all constructions of certificate-based signcryption in the literature so far have to be based on the costly bilinear pairings. In this paper, we propose a certificate-based signcryption scheme that does not depend on the bilinear pairings. The proposed scheme is provably secure in the random oracle model. Due to avoiding the computationally-heavy paring operations, the proposed scheme significantly reduces the cost of computation and outperforms the previous certificate-based signcryption schemes.

Session Key Distribution Scheme in V2I of VANET using Identity-Based Cryptography (VANET의 V2I 환경에서 IBC를 이용한 세션키 분배 기법)

  • Roh, Hyo-Sun;Jung, Sou-Hwan
    • Journal of the Institute of Electronics Engineers of Korea TC
    • /
    • v.46 no.1
    • /
    • pp.112-120
    • /
    • 2009
  • This paper proposes a session key distribution scheme on non-interactive key distribution algorithm of Identity-based cryptography in V2I of VANET. In the current VANET, IEEE 802.11i is used to provide secure data communication between the vehicle and infrastructure. However, since the 4-way handshake procedure reply when the vehicle handover to another RSU/AP, IEEE 802.11i increases the communication overhead and latency. The proposed scheme using non-interactive key distribution algorithm of Identity-based cryptography provided session key generation and exchange without message exchange and reduced communication overhead and latency than the IEEE 802.11i.

TinyIBAK: Design and Prototype Implementation of An Identity-based Authenticated Key Agreement Scheme for Large Scale Sensor Networks

  • Yang, Lijun;Ding, Chao;Wu, Meng
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.7 no.11
    • /
    • pp.2769-2792
    • /
    • 2013
  • In this paper, we propose an authenticated key agreement scheme, TinyIBAK, based on the identity-based cryptography and bilinear paring, for large scale sensor networks. We prove the security of our proposal in the random oracle model. According to the formal security validation using AVISPA, the proposed scheme is strongly secure against the passive and active attacks, such as replay, man-in-the middle and node compromise attacks, etc. We implemented our proposal for TinyOS-2.1, analyzed the memory occupation, and evaluated the time and energy performance on the MICAz motes using the Avrora toolkits. Moreover, we deployed our proposal within the TOSSIM simulation framework, and investigated the effect of node density on the performance of our scheme. Experimental results indicate that our proposal consumes an acceptable amount of resources, and is feasible for infrequent key distribution and rekeying in large scale sensor networks. Compared with other ID-based key agreement approaches, TinyIBAK is much more efficient or comparable in performance but provides rekeying. Compared with the traditional key pre-distribution schemes, TinyIBAK achieves significant improvements in terms of security strength, key connectivity, scalability, communication and storage overhead, and enables efficient secure rekeying.

New Construction of Short Certificate-Based Signature against Existential Forgery Attacks

  • Lu, Yang;Wang, Gang;Li, Jiguo;Shen, Jian
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.11 no.7
    • /
    • pp.3629-3647
    • /
    • 2017
  • Certificate-based cryptography is a useful public key cryptographic primitive that combines the merits of traditional public key cryptography and identity-based cryptography. It not only solves the key escrow problem inherent in identity-based cryptography, but also simplifies the cumbersome certificate management problem in traditional public key cryptography. So far, four short certificate-based signature schemes have been proposed. However, three of them fail in achieving the existential unforgeability under adaptive chosen-message attacks and the remaining one was not constructed in the normal framework of certificate-based signature. In this paper, we put forward a new short certificate-based signature scheme. The proposed scheme is devised in the normal framework of certificate-based signature and overcomes the security weaknesses in the previous short certificate-based signature schemes. In the random oracle model, we formally prove that it achieves the existential unforgeability against adaptive chosen-message attacks. Performance comparison shows that it is efficient and practical.

An IBC and Certificate Based Hybrid Approach to WiMAX Security

  • Rodoper, Mete;Trappe, Wade;Jung, Edward Tae-Chul
    • Journal of Communications and Networks
    • /
    • v.11 no.6
    • /
    • pp.615-625
    • /
    • 2009
  • Worldwide inter-operability for microwave access (WiMAX) is a promising technology that provides high data throughput with low delays for various user types and modes of operation. While much research had been conducted on physical and MAC layers, little attention has been paid to a comprehensive and efficient security solution for WiMAX. We propose a hybrid security solution combining identity-based cryptography (IBC) and certificate based approaches. We provide detailed message exchange steps in order to achieve a complete security that addresses the various kind of threats identified in previous research. While attaining this goal, efficient fusion of both techniques resulted in a 53% bandwidth improvement compared to the standard's approach, PKMv2. Also, in this hybrid approach, we have clarified the key revocation procedures and key lifetimes. Consequently, to the best of knowledge our approach is the first work that unites the advantages of both techniques for improved security while maintaining the low overhead forWiMAX.

A Highly Secure Identity-Based Authenticated Key-Exchange Protocol for Satellite Communication

  • Yantao, Zhong;Jianfeng, Ma
    • Journal of Communications and Networks
    • /
    • v.12 no.6
    • /
    • pp.592-599
    • /
    • 2010
  • In recent years, significant improvements have been made to the techniques used for analyzing satellite communication and attacking satellite systems. In 2003, a research team at Los Alamos National Laboratory, USA, demonstrated the ease with which civilian global positioning system (GPS) spoofing attacks can be implemented. They fed fake signals to the GPS receiver so that it operates as though it were located at a position different from its actual location. Moreover, Galileo in-orbit validation element A and Compass-M1 civilian codes in all available frequency bands were decoded in 2007 and 2009. These events indicate that cryptography should be used in addition to the coding technique for secure and authenticated satellite communication. In this study, we address this issue by using an authenticated key-exchange protocol to build a secure and authenticated communication channel for satellite communication. Our protocol uses identity-based cryptography. We also prove the security of our protocol in the extended Canetti-Krawczyk model, which is the strongest security model for authenticated key-exchange protocols, under the random oracle assumption and computational Diffie-Hellman assumption. In addition, our protocol helps achieve high efficiency in both communication and computation and thus improve security in satellite communication.