A unified hybrid authentication framework was proposed to provide proactive authentication and re-authentication for media independent handover(MIH)-based multi-wireless access. In addition, a specific protocol dist...A unified hybrid authentication framework was proposed to provide proactive authentication and re-authentication for media independent handover(MIH)-based multi-wireless access. In addition, a specific protocol distributing a hierarchi- cal key after the proactive authentication from key holder to base station has been proposed. The proposed hybrid authenti- cation framework not only performs proaetive authentication with credentials based on Chameleon hashing, which removes the authentication procedures that exchanges messages with a authentication server, but also performs re-authentication with EAP re-authentication protocol(ERP) that distributes the hierarchical key on the basis of the root key generated by the pro- active authentication.展开更多
With the popularity of the internet,users hope to better protect their privacy while obtaining network services.However,in the traditional centralized authentication scheme,identity information such as the user's ...With the popularity of the internet,users hope to better protect their privacy while obtaining network services.However,in the traditional centralized authentication scheme,identity information such as the user's private key is generated,stored,and managed by the network operator.Users can't control their identity information,which will lead to a great threat to the privacy of users.Based on redactable blockchain,we propose a fine-grained and fair identity authentication scheme for mobile networks.In our proposed scheme,the user's identity information is generated and controlled by the users.We first propose a notion of score chameleon hash(SCH),which can delete or update the information of illegal users so as to dynamically update the status of users and provide users with more fine-grained and fair services.We propose another notion of self-updating secret sharing(SUSS),which allows users to update the trapdoor and the corresponding hash key after redacting the blockchain without requiring trusted authority to redistribute the trapdoor.Experimental results show that,compared with the immutable blockchain Bitcoin,the redactable blockchain in our identity authentication scheme provides users with fine-grained and fair redacting functions,and can be adopted with a small additional overhead.展开更多
Provable Data Possession(PDP)schemes have long been proposed to solve problem of how to check the integrity of data stored in cloud service without downloading.However,with the emerging of network consisting of low pe...Provable Data Possession(PDP)schemes have long been proposed to solve problem of how to check the integrity of data stored in cloud service without downloading.However,with the emerging of network consisting of low performance devices such as Internet of Things,we find that there are still two obstacles for applying PDP schemes.The first one is the heavy computation overhead in generating tags for data blocks,which is essential for setting up any PDP scheme.The other one is how to resist collusion attacks from third party auditors with any possible entities participating the auditing.In this paper,we propose a novel blockchain-based light-weighted PDP scheme for low performance devices,with an instance deployed on a cloud server.We design a secure outsourced tag generating method for low performance devices,which enables a kind of“hash-sign-switch”two-phase tag computing.With this method,users with low performance devices can employ third party auditors to compute modular exponential operations that accounts for the largest portion of computation overhead in tag generation,without leaking their data content.Chaincodes in blockchain network ensure the correctness of such outsourcing and prevent collusion attacks.The security analysis and performance evaluation prove that our scheme is both secure and efficient.展开更多
Self-Generated-Certificate Public Key Cryptography(SGC-PKC) ,is the enhanced version of Certificateless Public Key Cryptography(CL-PKC) . It preserves all advantages of CL-PKC. Similar to CL-PKC,every user is given a ...Self-Generated-Certificate Public Key Cryptography(SGC-PKC) ,is the enhanced version of Certificateless Public Key Cryptography(CL-PKC) . It preserves all advantages of CL-PKC. Similar to CL-PKC,every user is given a partial private key by the KGC and generates his own private key and corresponding public key. In addition,it can defend against the Denial-of-Decryption(DoD) Attack. In this paper,we propose a new approach to construction SGC-PKE scheme that derived from a new application of chameleon hash and give a concrete scheme. It is the first scheme which has flexible public key and reaches Girault's trusted level 3,the same level as is enjoyed in a traditional PKI.展开更多
A redactable blockchain allows authorized individuals to remove or replace undesirable content,offering the ability to remove illegal or unwanted information.Access control is a mechanism that limits data visibility a...A redactable blockchain allows authorized individuals to remove or replace undesirable content,offering the ability to remove illegal or unwanted information.Access control is a mechanism that limits data visibility and ensures that only authorized users can decrypt and access encrypted information,playing a crucial role in addressing privacy concerns and securing the data stored on a blockchain.Redactability and access control are both essential components when implementing a regulated consortium blockchain in real-world situations to ensure the secure sharing of data while removing undesirable content.We propose a decentralized consortium blockchain system prototype that supports redactability and access control.Through the development of a prototype blockchain system,we investigate the feasibility of combining these approaches and demonstrate that it is possible to implement a redactable blockchain with access control in a consortium blockchain setting.展开更多
Chameleon hash is the main primitive to construct a chameleon signature scheme which provides nonrepudiation and non-transferability simultaneously. However, the initial chameleon hash schemes suffer from the key expo...Chameleon hash is the main primitive to construct a chameleon signature scheme which provides nonrepudiation and non-transferability simultaneously. However, the initial chameleon hash schemes suffer from the key exposure problem: non-transferability is based on an unsound assumption that the designated receiver is willing to abuse his private key regardless of its exposure. Recently, several key-exposure-free chameleon hashes have been constructed based on RSA assumption and SDH (strong Diffie-Hellman) assumption. In this paper, we propose a factoring-based chameleon hash scheme which is proven to enjoy all advantages of the previous schemes. In order to support it, we propose a variant Rabin signature scheme which is proven secure against a new type of attack in the random oracle model.展开更多
In a digital society,the rapid development of computer science and the Internet has greatly facilitated image applications.However,one of the public network also brings risks to both image tampering and privacy exposu...In a digital society,the rapid development of computer science and the Internet has greatly facilitated image applications.However,one of the public network also brings risks to both image tampering and privacy exposure.Image authentication is the most important approaches to verify image integrity and authenticity.However,it has been challenging for image authentication to address both issues of tampering detection and privacy protection.One aspect,image authentication requires image contents not be changed to detect tampering.The other,privacy protection needs to remove sensitive information from images,and as a result,the contents should be changed.In this paper,we propose a practical image authentication scheme constructed from chameleon hashes combined with ordinary digital signatures to make tradeoff between tampering detection and privacy protection.Our scheme allows legitimate users to modify contents of authenticated images with a privacy-aware purpose(for example,cover some sensitive areas with mosaics)according to specific rules and verify the authenticity without interaction with the original authenticator.The security of our scheme is guaranteed by the security of the underlying cryptographic primitives.Experiment results show that our scheme is efficient and practical.We believe that our work will facilitate image applications where both authentication and privacy protection are desirable.展开更多
In a digital society,the rapid development of computer science and the Internet has greatly facilitated image applications.However,one of the public network also brings risks to both image tampering and privacy exposu...In a digital society,the rapid development of computer science and the Internet has greatly facilitated image applications.However,one of the public network also brings risks to both image tampering and privacy exposure.Image authentication is the most important approaches to verify image integrity and authenticity.However,it has been cha卜lenging for image authentication to address both issues of tampering detection and privacy protection.One aspect,image authentication requires image contents not be changed to detect tampering.The other,privacy protection needs to remove sensitive information from images,and as a result,the contents should be changed.In this paper,we propose a practical image authentication scheme constructed from chameleon hashes combined with ordinary digital signatures to make tradeoff between tampering detection and privacy protection.Our scheme allows legitimate users to modify contents of authenticated images with a privacy-aware purpose(for example,cover some sensitive areas with mosaics)according to specific rules and verify the authenticity without interaction with the original authenticator.The security of our scheme is guaranteed by the security of the underlying cryptographic primitives.Experiment results show that our scheme is efficient and practical.We believe that our work will facilitate image applications where both authentication and privacy protection are desirable.展开更多
We study the decentralized identity management mechanism based on blockchain.Finally,we propose an updatable and revocable decentralized identity management scheme DIURS.In the scheme,we construct the DID management t...We study the decentralized identity management mechanism based on blockchain.Finally,we propose an updatable and revocable decentralized identity management scheme DIURS.In the scheme,we construct the DID management tree,which is a dynamic chameleon authentication tree essentially by using the chameleon hash function.We design algorithms in detail from four stages:sys-tem initialization,identity creation,identity update and revocation,and identity verification.We make the DID documents on the blockchain editable successfully and realize the update and revocation of DIDs.Then,we observe that DIURS can meet the structural stability and irreversibility requirements.The time of identity search and update is milliseconds.The length of the identity authentication path is short.There is no need to save the historical version of DID documents.These results indicate that DIURS is not only safe and reliable but also performs well and achieves functional optimization.展开更多
基金The KCC(Korea Communications Commission),Korea,under the R&D program supervised by the KCA(Korea Communi-cations Agency)(KCA-2012-08-911-05-001)
文摘A unified hybrid authentication framework was proposed to provide proactive authentication and re-authentication for media independent handover(MIH)-based multi-wireless access. In addition, a specific protocol distributing a hierarchi- cal key after the proactive authentication from key holder to base station has been proposed. The proposed hybrid authenti- cation framework not only performs proaetive authentication with credentials based on Chameleon hashing, which removes the authentication procedures that exchanges messages with a authentication server, but also performs re-authentication with EAP re-authentication protocol(ERP) that distributes the hierarchical key on the basis of the root key generated by the pro- active authentication.
基金supported by the Natural Science Foundation of Shanghai(20ZR1419700 and 22ZR1481000)Open Foundation of Henan Key Laboratory of Cyberspace Situation Awareness(HNTS2022011)。
文摘With the popularity of the internet,users hope to better protect their privacy while obtaining network services.However,in the traditional centralized authentication scheme,identity information such as the user's private key is generated,stored,and managed by the network operator.Users can't control their identity information,which will lead to a great threat to the privacy of users.Based on redactable blockchain,we propose a fine-grained and fair identity authentication scheme for mobile networks.In our proposed scheme,the user's identity information is generated and controlled by the users.We first propose a notion of score chameleon hash(SCH),which can delete or update the information of illegal users so as to dynamically update the status of users and provide users with more fine-grained and fair services.We propose another notion of self-updating secret sharing(SUSS),which allows users to update the trapdoor and the corresponding hash key after redacting the blockchain without requiring trusted authority to redistribute the trapdoor.Experimental results show that,compared with the immutable blockchain Bitcoin,the redactable blockchain in our identity authentication scheme provides users with fine-grained and fair redacting functions,and can be adopted with a small additional overhead.
基金The work is supported by the National Key Research and Development Program of China(No.2018YFC1604002)the National Natural Science Foundation of China(Nos.U1836204,U1936208,U1936216 and 62002197).
文摘Provable Data Possession(PDP)schemes have long been proposed to solve problem of how to check the integrity of data stored in cloud service without downloading.However,with the emerging of network consisting of low performance devices such as Internet of Things,we find that there are still two obstacles for applying PDP schemes.The first one is the heavy computation overhead in generating tags for data blocks,which is essential for setting up any PDP scheme.The other one is how to resist collusion attacks from third party auditors with any possible entities participating the auditing.In this paper,we propose a novel blockchain-based light-weighted PDP scheme for low performance devices,with an instance deployed on a cloud server.We design a secure outsourced tag generating method for low performance devices,which enables a kind of“hash-sign-switch”two-phase tag computing.With this method,users with low performance devices can employ third party auditors to compute modular exponential operations that accounts for the largest portion of computation overhead in tag generation,without leaking their data content.Chaincodes in blockchain network ensure the correctness of such outsourcing and prevent collusion attacks.The security analysis and performance evaluation prove that our scheme is both secure and efficient.
基金supported by the Natural Science Foundation of China(Grant No.10990011 & No.60763009)
文摘Self-Generated-Certificate Public Key Cryptography(SGC-PKC) ,is the enhanced version of Certificateless Public Key Cryptography(CL-PKC) . It preserves all advantages of CL-PKC. Similar to CL-PKC,every user is given a partial private key by the KGC and generates his own private key and corresponding public key. In addition,it can defend against the Denial-of-Decryption(DoD) Attack. In this paper,we propose a new approach to construction SGC-PKE scheme that derived from a new application of chameleon hash and give a concrete scheme. It is the first scheme which has flexible public key and reaches Girault's trusted level 3,the same level as is enjoyed in a traditional PKI.
基金supported by the National Key Research and Development Program of China(2020YFB1005900)。
文摘A redactable blockchain allows authorized individuals to remove or replace undesirable content,offering the ability to remove illegal or unwanted information.Access control is a mechanism that limits data visibility and ensures that only authorized users can decrypt and access encrypted information,playing a crucial role in addressing privacy concerns and securing the data stored on a blockchain.Redactability and access control are both essential components when implementing a regulated consortium blockchain in real-world situations to ensure the secure sharing of data while removing undesirable content.We propose a decentralized consortium blockchain system prototype that supports redactability and access control.Through the development of a prototype blockchain system,we investigate the feasibility of combining these approaches and demonstrate that it is possible to implement a redactable blockchain with access control in a consortium blockchain setting.
基金This work is partially supported by the National Natural Science Foundation of China under Grants No. 10271042 and No. 60373085.
文摘Chameleon hash is the main primitive to construct a chameleon signature scheme which provides nonrepudiation and non-transferability simultaneously. However, the initial chameleon hash schemes suffer from the key exposure problem: non-transferability is based on an unsound assumption that the designated receiver is willing to abuse his private key regardless of its exposure. Recently, several key-exposure-free chameleon hashes have been constructed based on RSA assumption and SDH (strong Diffie-Hellman) assumption. In this paper, we propose a factoring-based chameleon hash scheme which is proven to enjoy all advantages of the previous schemes. In order to support it, we propose a variant Rabin signature scheme which is proven secure against a new type of attack in the random oracle model.
基金National Natural Science Foundation of China(Grant Nos. 61902070, 61902289).
文摘In a digital society,the rapid development of computer science and the Internet has greatly facilitated image applications.However,one of the public network also brings risks to both image tampering and privacy exposure.Image authentication is the most important approaches to verify image integrity and authenticity.However,it has been challenging for image authentication to address both issues of tampering detection and privacy protection.One aspect,image authentication requires image contents not be changed to detect tampering.The other,privacy protection needs to remove sensitive information from images,and as a result,the contents should be changed.In this paper,we propose a practical image authentication scheme constructed from chameleon hashes combined with ordinary digital signatures to make tradeoff between tampering detection and privacy protection.Our scheme allows legitimate users to modify contents of authenticated images with a privacy-aware purpose(for example,cover some sensitive areas with mosaics)according to specific rules and verify the authenticity without interaction with the original authenticator.The security of our scheme is guaranteed by the security of the underlying cryptographic primitives.Experiment results show that our scheme is efficient and practical.We believe that our work will facilitate image applications where both authentication and privacy protection are desirable.
基金supported by National Natural Science Foundation of China(Grant Nos.61902070,61902289).
文摘In a digital society,the rapid development of computer science and the Internet has greatly facilitated image applications.However,one of the public network also brings risks to both image tampering and privacy exposure.Image authentication is the most important approaches to verify image integrity and authenticity.However,it has been cha卜lenging for image authentication to address both issues of tampering detection and privacy protection.One aspect,image authentication requires image contents not be changed to detect tampering.The other,privacy protection needs to remove sensitive information from images,and as a result,the contents should be changed.In this paper,we propose a practical image authentication scheme constructed from chameleon hashes combined with ordinary digital signatures to make tradeoff between tampering detection and privacy protection.Our scheme allows legitimate users to modify contents of authenticated images with a privacy-aware purpose(for example,cover some sensitive areas with mosaics)according to specific rules and verify the authenticity without interaction with the original authenticator.The security of our scheme is guaranteed by the security of the underlying cryptographic primitives.Experiment results show that our scheme is efficient and practical.We believe that our work will facilitate image applications where both authentication and privacy protection are desirable.
文摘We study the decentralized identity management mechanism based on blockchain.Finally,we propose an updatable and revocable decentralized identity management scheme DIURS.In the scheme,we construct the DID management tree,which is a dynamic chameleon authentication tree essentially by using the chameleon hash function.We design algorithms in detail from four stages:sys-tem initialization,identity creation,identity update and revocation,and identity verification.We make the DID documents on the blockchain editable successfully and realize the update and revocation of DIDs.Then,we observe that DIURS can meet the structural stability and irreversibility requirements.The time of identity search and update is milliseconds.The length of the identity authentication path is short.There is no need to save the historical version of DID documents.These results indicate that DIURS is not only safe and reliable but also performs well and achieves functional optimization.