Protecting Web Application Code and Sensitive Data with Symmetric and Identity-Based Cryptosystems

How to protect the security of web application code and sensitive data has become one of the primary concerns in web services.In this paper,symmetric cryptosystem combined with identity-based public key cryptosystem is proposed to protect web application programs and sensitive data.The key generation center generates the private and public key pairs for the web server and users,which are used to implement identity authentication and data integrity.Whenweb application code and sensitive data are transmitted between the web server and the user’s browser,a random session key is generated for encrypting the web application code and sensitive data.Meanwhile,a digital signature is generated and added to the encrypted program code and sensitive data.The security analysis shows that the proposed security scheme can ensure the confidentiality,integrity and authentication of web application code and sensitive data.

Construction and Implementation of a Privacy-Preserving Identity-Based Encryption Architecture

A recent proposal by Adams integrates the digital credentials (DC) technology of Brands with the identity-based encryption (IBE) technology of Boneh and Franklin to create an IBE scheme that demonstrably enhances privacy for users. We refer to this scheme as a privacy-preserving identity-based encryption (PP-IBE) construction. In this paper, we discuss the concrete implementation considerations for PP-IBE and provide a detailed instantiation (based on q-torsion groups in supersingular elliptic curves) that may be useful both for proof-of-concept purposes and for pedagogical purposes.

Remote sensing image encryption algorithm based on novel hyperchaos and an elliptic curve cryptosystem

Remote sensing images carry crucial ground information,often involving the spatial distribution and spatiotemporal changes of surface elements.To safeguard this sensitive data,image encryption technology is essential.In this paper,a novel Fibonacci sine exponential map is designed,the hyperchaotic performance of which is particularly suitable for image encryption algorithms.An encryption algorithm tailored for handling the multi-band attributes of remote sensing images is proposed.The algorithm combines a three-dimensional synchronized scrambled diffusion operation with chaos to efficiently encrypt multiple images.Moreover,the keys are processed using an elliptic curve cryptosystem,eliminating the need for an additional channel to transmit the keys,thus enhancing security.Experimental results and algorithm analysis demonstrate that the algorithm offers strong security and high efficiency,making it suitable for remote sensing image encryption tasks.

Comparative Study of the Reliability and Complexity of Symmetrical and Asymmetrical Cryptosystems for the Protection of Academic Data in the Democratic Republic of Congo

In the digital age, the data exchanged within a company is a wealth of knowledge. The survival, growth and influence of a company in the short, medium and long term depend on it. Indeed, it is the lifeblood of any modern company. A companys operational and historical data contains strategic and operational knowledge of ever-increasing added value. The emergence of a new paradigm: big data. Today, the value of the data scattered throughout this mother of knowledge is calculated in billions of dollars, depending on its size, scope and area of intervention. With the rise of computer networks and distributed systems, the threats to these sensitive resources have steadily increased, jeopardizing the existence of the company itself by drying up production and losing the interest of customers and suppliers. These threats range from sabotage to bankruptcy. For several decades now, most companies have been using encryption algorithms to protect and secure their information systems against the threats and dangers posed by the inherent vulnerabilities of their infrastructure and the current economic climate. This vulnerability requires companies to make the right choice of algorithms to implement in their management systems. For this reason, the present work aims to carry out a comparative study of the reliability and effectiveness of symmetrical and asymmetrical cryptosystems, in order to identify one or more suitable for securing academic data in the DRC. The analysis of the robustness of commonly used symmetric and asymmetric cryptosystems will be the subject of simulations in this article.

An Identity-Based Strong Designated Verifier Proxy Signature Scheme

In a strong designated verifier proxy signature scheme, a proxy signer can generate proxy signature on behalf of an original signer, but only the designated verifier can verify the validity of the proxy signature. In this paper, we first define the security requirements for strong designated verifier proxy signature schemes. And then we construct an identity-based strong designated verifier proxy signature scheme. We argue that the proposed scheme satisfies all of the security requirements.

Key-Private Identity-Based Proxy Re-Encryption

An identity-based proxy re-encryption scheme(IB-PRE)allows a semi-trusted proxy to convert an encryption under one identity to another without revealing the underlying message.Due to the fact that the proxy was semi-trusted,it should place as little trust as necessary to allow it to perform the translations.In some applications such as distributed file system,it demands the adversary cannot identify the sender and recipient’s identities.However,none of the exiting IB-PRE schemes satisfy this requirement.In this work,we first define the security model of key-private IB-PRE.Finally,we propose the first key-private IB-PRE scheme.Our scheme is chosen plaintext secure(CPA)and collusion resistant in the standard model.

Identity-based authentication protocol for grid

Current grid authentication frameworks are achieved by applying the standard SSL authentication protocol （SAP）. The authentication process is very complicated, and therefore, the grid user is in a heavily loaded point both in computation and in communication. Based on identity-based architecture for grid （IBAG） and corresponding encryption and signature schemes, an identity-based authentication protocol for grid is proposed. Being certificate-free, the authentication protocol aligns well with the demands of grid computing. Through simulation testing, it is seen that the authentication protocol is more lightweight and efficient than SAP, especially the more lightweight user side. This contributes to the larger grid scalability.

An Identity-Based Scheme of Fair Exchange of Digital Signatures

Fair exchange of digital signatures is an important tool for signing digital contracts, e-payment and other electronic commerce actions. An ID-based scheme of fair exchange of digital signature is proposed in this paper. The protocol relies on a trusted third party, but is ＂optimistic＂, in that the third party is only needed in cases where one player attempts to cheat or simply crashes. The proposed scheme has properties of short signature, low computation and verification cost. It can realize exchange of digital signatures fairly and effic, iently. A key feature of our scheme is that it is identity-based, which needs no certificates and has a simple key management. To our best knowledge, this is the first identity based scheme of fair exchange of digital signatures.

Sharing of Encrypted Lock Keys in the Blockchain-Based Renting House System from Time- and Identity-Based Proxy Reencryption

To design an efficient protocol for sharing the encrypted lock keys in the renting house system,we introduce a new notion called time-and identitybased proxy reencryption(TIPRE)and the blockchain platform.Our CPA secure TIPRE scheme is constructed from Green et al.’s identity-based proxy reencryption scheme by adding the time property.In every time period,a time stamp authority generates a public key embedded with the current time stamp for each user.In our protocol for the renting house system,the TIPRE scheme is the primary building block,and the blockchain platform serves instead of a trusted third party,such as a real estate agency between landlords and tenants.The TIPRE scheme allows the landlord to change the lock key at each time period for safety.The blockchain platform allows the landlords and tenants to directly interact,and all of the interactions are recorded in the blockchain database to provide the desired security requirements,such as nonrepudiation and unforgeability.Finally,we provide the secure analysis of our protocol and test its performance by implementing it in the MacBook Pro and the Intel Edison development platforms.

An Improved Identity-Based Society Oriented Signature Scheme with Anonymous Signers

In this paper, we present an improved identity-based society oriented signature scheme with anonymous signers, which satisfies： （1） when members leave or join an organization, the public verification key and the signature verification procedure are unchanged; （2） a user participates in several organizations at the same time, her secret key is only related with her identity. However, no previous schemes have these two properties.

Improvement of Identity-Based Threshold Proxy Signature Scheme with Known Signers

In 2006, Bao et al proposed an identlty-based threshold proxy signature scheme with known signers. In this paper, we show that Bao et al＇s scheme is vulnerable to the forgery attack. An adversary can forge a valid threshold proxy signature for any message with knowing a previously valid threshold proxy signature. In addition, their scheme also suffers from the weakness that the proxy signers might change the threshold value. That is, the proxy signers can arbitrarily modify the threshold strategy without being detected by the original signer or verifiers, which might violate the original signer＇s intent. Furthermore, we propose an improved scheme that remedies the weaknesses of Bao et al＇s scheme. The improved scheme satisfies all secure requirements for threshold proxy signature.

An Identity-Based Secure and Optimal Authentication Scheme for the Cloud Computing Environment

Security is a critical issue in cloud computing(CC)because attackers can fabricate data by creating,copying,or deleting data with no user authorization.Most of the existing techniques make use of password-based authentication for encrypting data.Password-based schemes suffer from several issues and can be easily compromised.This paper presents a new concept of hybrid metaheuristic optimization as an identity-based secure and optimal authentication(HMO-ISOA)scheme for CC environments.The HMOISOA technique makes use of iris and fingerprint biometrics.Initially,the HMO-ISOA technique involves a directional local ternary quantized extrema pattern–based feature extraction process to extract features from the iris and fingerprint.Next,the features are fed into the hybrid social spider using the dragon fly algorithm to determine the optimal solution.This optimal solution acts as a key for an advanced encryption standard to encrypt and decrypt the data.A central benefit of determining the optimal value in this way is that the intruder cannot determine this value.The attacker also cannot work out which specific part of the fingerprint and iris feature values are acted upon as a key for the AES technique.Finally,the encrypted data can be saved in the cloud using a cloud simulator.Experimental analysis was performed on five fingerprint and iris images for a man-in-the-middle attack.The simulation outcome validated that the presented HMO-ISOA model achieved better results compared with other existing methods.

An Efficient Identity-Based Homomorphic Broadcast Encryption

Broadcast encryption (BE) allows a sender to broadcast its message to a set of receivers in a single ciphertext. However, in broadcast encryption scheme, ciphertext length is always related to the size of the receiver set. Thus, how to improve the communication of broadcast encryption is a big issue. In this paper, we proposed an identity-based homomorphic broadcast encryption scheme which supports an external entity to directly calculate ciphertexts and get a new ciphertext which is the corresponding result of the operation on plaintexts without decrypting them. The correctness and security proofs of our scheme were formally proved. Finally, we implemented our scheme in a simulation environment and the experiment results showed that our scheme is efficient for practical applications.

Identity-Based Steganography in Spatial Domain

This paper proposed an identity-based steganographic scheme, where a receiver with certain authority can recover the secret message ready for him, but cannot detect the existence of other secret messages. The proposed scheme created several separate covert communication channels tagged by the Fuzzy Identity-Based Encryption (FIBE) in one grayscale image. Then each channel is used to embed one secret message by using any content-aware steganographic scheme. Receivers with different attributes can extract different messages corresponded. The Experiments illustrated the feasibility of this identity-based secret message extraction. Further, the proposed scheme presents high undetectability against steganalytic attack launched by receivers without corresponded attributes.

Review on Identity-Based Batch Verification Schemes for Security and Privacy in VANETs

The study of vehicular ad-hoc networks(VANETs)has received significant attention among academia;even so,its security and privacy still become a central issue that is wide-open to discuss.The authentication schemes deployed in VANETs have a substantial impact on its security and privacy.Many researchers have proposed a variety of schemes related to the information verification and efficiency improvement in VANETs.In recent years,many papers have proposed identity-based batch verification(IBV)schemes in regard to diminishing overhead in the message verification process in VANETs.This survey begins with providing background information about VANETs and clarifying its security and privacy,as well as performance requirements that must be satisfied.After presenting an outlook of some relevant surveys of VANETs,a brief review of some IBV schemes published in recent years is conferred.The detailed approach of each scheme,with a comprehensive comparison between them,has been provided afterward.Finally,we summarize those recent studies and possible future improvements.

OBLIVIOUS TRANSFER WITH ACCESS CONTROL AND IDENTITY-BASED ENCRYPTION WITH ANONYMOUS KEY ISSUING

In ACM'CCS 2009,Camenisch,et al.proposed the Oblivious Transfer with Access Control(AC-OT) in which each item is associated with an attribute set and can only be available,on request,to the users who have all the attributes in the associated set.Namely,AC-OT achieves access control policy for conjunction of attributes.Essentially,the functionality of AC-OT is equivalent to the sim-plified version that we call AC-OT-SV:for each item,one attribute is associated with it,and it is requested that only the users who possess the associated attribute can obtain the item by queries.On one hand,AC-OT-SV is a special case of AC-OT when there is just one associated attribute with each item.On the other hand,any AC-OT can be realized by an AC-OT-SV.In this paper,we first present a concrete AC-OT-SV protocol which is proved to be secure in the model defined by Camenisch,et al..Then from the protocol,interestingly,a concrete Identity-Based Encryption(IBE) with Anonymous Key Issuing(AKI) is given which is just a direct application to AC-OT-SV.By comparison,we show that the AKI protocol we present is more efficient in communications than that proposed by Chow.

A Speech Cryptosystem Using the New Chaotic System with a Capsule-Shaped Equilibrium Curve

In recent years,there are numerous studies on chaotic systems with special equilibrium curves having various shapes such as circle,butterfly,heart and apple.This paper describes a new 3-D chaotic dynamical system with a capsule-shaped equilibrium curve.The proposed chaotic system has two quadratic,two cubic and two quartic nonlinear terms.It is noted that the proposed chaotic system has a hidden attractor since it has an infinite number of equilibrium points.It is also established that the proposed chaotic system exhibits multi-stability with two coexisting chaotic attractors for the same parameter values but differential initial states.A detailed bifurcation analysis with respect to variations in the system parameters is portrayed for the new chaotic system with capsule equilibrium curve.We have shown MATLAB plots to illustrate the capsule equilibrium curve,phase orbits of the new chaotic system,bifurcation diagrams and multi-stability.As an engineering application,we have proposed a speech cryptosystem with a numerical algorithm,which is based on our novel 3-D chaotic system with a capsule-shaped equilibrium curve.The proposed speech cryptosystem follows its security evolution and implementation on Field Programmable Gate Array(FPGA)platform.Experimental results show that the proposed encryption system utilizes 33%of the FPGA,while the maximum clock frequency is 178.28 MHz.

A Novel Internet of Medical Thing Cryptosystem Based on Jigsaw Transformation and Ikeda Chaotic Map

Image encryption has attracted much interest as a robust security solution for preventing unauthorized access to critical image data.Medical picture encryption is a crucial step in many cloud-based and healthcare applications.In this study,a strong cryptosystem based on a 2D chaotic map and Jigsaw transformation is presented for the encryption of medical photos in private Internet of Medical Things(IoMT)and cloud storage.A disorganized three-dimensional map is the foundation of the proposed cipher.The dispersion of pixel values and the permutation of their places in this map are accomplished using a nonlinear encoding process.The suggested cryptosystem enhances the security of the delivered medical images by performing many operations.To validate the efficiency of the recommended cryptosystem,various medical image kinds are used,each with its unique characteristics.Several measures are used to evaluate the proposed cryptosystem,which all support its robust security.The simulation results confirm the supplied cryptosystem’s secrecy.Furthermore,it provides strong robustness and suggested protection standards for cloud service applications,healthcare,and IoMT.It is seen that the proposed 3D chaotic cryptosystem obtains an average entropy of 7.9998,which is near its most excellent value of 8,and a typical NPCR value of 99.62%,which is also near its extreme value of 99.60%.Moreover,the recommended cryptosystem outperforms conventional security systems across the test assessment criteria.

Security Analysis of a Privacy-Preserving Identity-Based Encryption Architecture

Identity-Based Encryption (IBE) has seen limited adoption, largely due to the absolute trust that must be placed in the private key generator (PKG)—an authority that computes the private keys for all the users in the environment. Several constructions have been proposed to reduce the trust required in the PKG (and thus preserve the privacy of users), but these have generally relied on unrealistic assumptions regarding non-collusion between various entities in the system. Unfortunately, these constructions have not significantly improved IBE adoption rates in real-world environments. In this paper, we present a construction that reduces trust in the PKG without unrealistic non-collusion assumptions. We achieve this by incorporating a novel combination of digital credential technology and bilinear maps, and making use of multiple randomly-chosen entities to complete certain tasks. The main result and primary contribution of this paper are a thorough security analysis of this proposed construction, examining the various entity types, attacker models, and collusion opportunities in this environment. We show that this construction can prevent, or at least mitigate, all considered attacks. We conclude that our construction appears to be effective in preserving user privacy and we hope that this construction and its security analysis will encourage greater use of IBE in real-world environments.

Learning with Errors Public Key Cryptosystem with Its Security

The main purpose of this paper is to introduce the LWE public key cryptosystem with its security. In the first section, we introduce the LWE public key cryptosystem by Regev with its applications and some previous research results. Then we prove the security of LWE public key cryptosystem by Regev in detail. For not only independent identical Gaussian disturbances but also any general independent identical disturbances, we give a more accurate estimation probability of decryption error of general LWE cryptosystem. This guarantees high security and widespread applications of the LWE public key cryptosystem.