Yoon and Yoo recently proposed a robust authenticated encryption scheme and claimed their scheme has the properties of forward secrecy and confidentiality. The current paper, however, points out that Yoon-Yoo's schem...Yoon and Yoo recently proposed a robust authenticated encryption scheme and claimed their scheme has the properties of forward secrecy and confidentiality. The current paper, however, points out that Yoon-Yoo's scheme also can not provide forward secrecy and confidentiality such that any adversary can easily recover the transferred message. Based on intractability of reversing the one-way hash function and discrete logarithm problem, an improved authenticated encryption scheme with messages linkage is proposed. The above security faults get solved perfectly. The new scheme is proven to satisfy all the basic security requirements of the authenticated encryption scheme. And by the concrete comparison, it has the similar efficiency of the original scheme.展开更多
Traditional email systems can only achieve one-way communication,which means only the receiver is allowed to search for emails on the email server.In this paper,we propose a blockchain-based certificateless bidirectio...Traditional email systems can only achieve one-way communication,which means only the receiver is allowed to search for emails on the email server.In this paper,we propose a blockchain-based certificateless bidirectional authenticated searchable encryption model for a cloud email system named certificateless authenticated bidirectional searchable encryption(CL-BSE)by combining the storage function of cloud server with the communication function of email server.In the new model,not only can the data receiver search for the relevant content by generating its own trapdoor,but the data owner also can retrieve the content in the same way.Meanwhile,there are dual authentication functions in our model.First,during encryption,the data owner uses the private key to authenticate their identity,ensuring that only legal owner can generate the keyword ciphertext.Second,the blockchain verifies the data owner’s identity by the received ciphertext,allowing only authorized members to store their data in the server and avoiding unnecessary storage space consumption.We obtain a formal definition of CL-BSE and formulate a specific scheme from the new system model.Then the security of the scheme is analyzed based on the formalized security model.The results demonstrate that the scheme achieves multikeyword ciphertext indistinguishability andmulti-keyword trapdoor privacy against any adversary simultaneously.In addition,performance evaluation shows that the new scheme has higher computational and communication efficiency by comparing it with some existing ones.展开更多
Cloud Computing expands its usability to various fields that utilize data and store it in a common space that is required for computing and the purpose of analysis as like the IoT devices.These devices utilize the clo...Cloud Computing expands its usability to various fields that utilize data and store it in a common space that is required for computing and the purpose of analysis as like the IoT devices.These devices utilize the cloud for storing and retrieving data since the devices are not capable of storing processing data on its own.Cloud Computing provides various services to the users like the IaaS,PaaS and SaaS.The major drawback that is faced by cloud computing include the Utilization of Cloud services for the storage of data that could be accessed by all the users related to cloud.The use of Public Key Encryptions with keyword search(PEKS)provides security against the untrustworthy third-party search capability on publicly encryption keys without revealing the data’s contents.But the Security concerns of PEKs arise when Inside Keywords Guessing attacks(IKGA),is identified in the system due to the untrusted server presume the keyword in trapdoor.This issue could be solved by using various algorithms like the Certificateless Hashed Public Key Authenticated Encryption with Keyword Search(CL-HPAEKS)which utilizes the Modified Elliptic Curve Cryptography(MECC)along with the Mutation Centred flower pollinations algorithm(CM-FPA)that is used in enhancing the performance of the algorithm using the Optimization in keys.The additional use of Message Digests 5(MD5)hash function in the system enhances the security Level that is associated with the system.The system that is proposed achieves the security level performance of 96 percent and the effort consumed by the algorithm is less compared to the other encryption techniques.展开更多
Authentication per frame is an implicit necessity for security in wireless local area networks(WLANs). We propose a novel per frame secure authentication scheme which provides authentication to data frames in WLANs....Authentication per frame is an implicit necessity for security in wireless local area networks(WLANs). We propose a novel per frame secure authentication scheme which provides authentication to data frames in WLANs. The scheme involves no cryptographic overheads for authentication of frames.It utilizes the sequence number of the frame along with the authentication stream generators for authentication.Hence, it requires no extra bits or messages for the authentication purpose and also no change in the existing frame format is required. The scheme provides authentication by modifying the sequence number of the frame at the sender, and that the modification is verified at the receiver. The modified sequence number is protected by using the XOR operation with a random number selected from the random stream. The authentication is lightweight due to the fact that it requires only trivial arithmetic operations like the subtraction and XOR operation.展开更多
With the development of network techniques, the problem of network securityis also arising as we enjoy its open convenience. There are many developed methods to overcome thisproblem. Identity authentication is one of ...With the development of network techniques, the problem of network securityis also arising as we enjoy its open convenience. There are many developed methods to overcome thisproblem. Identity authentication is one of these important measures. The authentication methods oftraditional symmetric cryptogram systems and asymmetric cryptogram systems have both advantages anddefects. This paper brings forward a Mixed Encryption Model for Authentication ( MEMA), which hasobvious advantages compared to the two traditional methods. MEMA model can be used widely in openingnetwork environment such as mobile agent systems, multi-agents security safeguard systems and othersituations in which identity authentication of users are needed. At last, the paper also presentsthe MEMA model's structure and implementation of an experimental system.展开更多
The construction of the tweakable Even-Mansour cipher is in fact the designs of permutations,mask operations,and masking functions.For information-theoretic security,permutations are usually taken as random permutatio...The construction of the tweakable Even-Mansour cipher is in fact the designs of permutations,mask operations,and masking functions.For information-theoretic security,permutations are usually taken as random permutations.This paper focuses on the mask operations and masking functions to construct a universal tweakable Even-Mansour cipher.Firstly,we describe a formal definition of a universal masking function and provide a universal tweakable Even-Mansour cipher UTEM.In the random permutation model,we prove that UTEM is multi-key secure by H-coefficients technique.Then we show some efficient instantiations of the universal masking function to concertize UTEM.Finally,we apply UTEM to an encryption mode TIE(tweak incrementation encryption)and an authenticated encryption mode IAPM(integrity aware parallelizable mode),present two new schemes TIE-plus and IAPM-plus,and prove their security.UTEM enriches tweakable blockciphers,brings more research topics,and plays an important role in modes of operation,which will be of great significance.展开更多
A highly practical parallel signcrypUon scheme named PLSC from trapdoor permutations (TDPs for short) was built to perform long messages directly. The new scheme follows the Idea "scramble all, and encrypt small",...A highly practical parallel signcrypUon scheme named PLSC from trapdoor permutations (TDPs for short) was built to perform long messages directly. The new scheme follows the Idea "scramble all, and encrypt small", using some scrambling operation on message m along with the user's Identities, and then passing, In paraliel, small parts of the scrambling result through corresponding TOPs. This design enables the scheme to flexibly perform long messages of arbitrary length while avoid repeatedly invoking TDP operations such as the CBC mode, or verbosely black-box composing symmetric encryption and slgncryption, resulting in noticeable practical sevlngs in both message bandwidth and efficiency. Concretely, the signcryptlon scheme requires exactly one computation of the "receiver's TDP" (for "encryptlon") and one Inverse computation of the "sender's TDP" (for "authentication"), which Is of great practical significance in directly performing long messages, since the major bottleneck for many public encryptlon schemes is the excessive computational overhead of performing TDP operations. Cutting out the verbosely repeated padding, the newly proposed scheme Is more efficient than a black-box hybrid scheme. Most importantly, the proposed scheme has been proven to be tightly semanUcaiiy secure under adaptive chosen clphertext attacks (iND-CCA2) and to provide integrity of clphertext (INT-CTXT) as well as non-repudiation in the random oracle model. All of these security guarantees are provided in the full multi-user, insider-security setting. Moreover, though the scheme is designed to perform long messages, it may also be appropriate for settings where It is Impractical to perform large block of messages (i.e. extremely low memory environments such as smart cards).展开更多
In the IEEE S&P 2017,Ronen et al.exploited side-channel power analysis(SCPA)and approximately 5000 power traces to recover the global AES-CCM key that Philip Hue lamps use to decrypt and authenticate new firmware....In the IEEE S&P 2017,Ronen et al.exploited side-channel power analysis(SCPA)and approximately 5000 power traces to recover the global AES-CCM key that Philip Hue lamps use to decrypt and authenticate new firmware.Based on the recovered key,the attacker could create a malicious firmware update and load it to Philip Hue lamps to cause Internet of Things(IoT)security issues.Inspired by the work of Ronen et al.,we propose an AES-CCM-based firmware update scheme against SCPA and denial of service(DoS)attacks.The proposed scheme applied in IoT terminal devices includes two aspects of design(i.e.,bootloader and application layer).Firstly,in the bootloader,the number of updates per unit time is limited to prevent the attacker from acquiring a sufficient number of useful traces in a short time,which can effectively counter an SCPA attack.Secondly,in the application layer,using the proposed handshake protocol,the IoT device can access the IoT server to regain update permission,which can defend against DoS attacks.Moreover,on the STM32F405+M25P40 hardware platform,we implement Philips'and the proposed modified schemes.Experimental results show that compared with the firmware update scheme of Philips Hue smart lamps,the proposed scheme additionally requires only 2.35 KB of Flash memory and a maximum of 0.32 s update time to effectively enhance the security of the AES-CCM-based firmware update process.展开更多
Many previous broadcast encryption schemes can only guarantee confidentiality but cannot verify integrity and authenticity for broadcast messages. In this paper, a broadcast signcryption protocol for ad hoc networks i...Many previous broadcast encryption schemes can only guarantee confidentiality but cannot verify integrity and authenticity for broadcast messages. In this paper, a broadcast signcryption protocol for ad hoc networks is proposed based on cluster-based structure. The proposed protocol not only guarantees confidentiality but also verifies integrity and authenticity for broadcast messages. More importantly, the proposed scheme enables the cluster head to robustly add or remove any cluster member without changing secret key of other cluster members. Moreover, the proposed protocol avoids massive message exchange for key setup among cluster members. The analysis of security and performance shows that the proposed protocol is secure, efficient, and more practical protocol for ad hoc networks.展开更多
Within the framework of UC (universally composable) security, a general method is presented to construct a secure channel protocol with using IND-CVA (indistinguishability of encryption scheme under ciphertext veri...Within the framework of UC (universally composable) security, a general method is presented to construct a secure channel protocol with using IND-CVA (indistinguishability of encryption scheme under ciphertext verification attacks). A channel protocol with using the method first invokes an ideal keyexchange protocol to get a session key, and then computes the messages with an authenticated encryption scheme. The paper shows that a channel protocol is UC secure if and only if the underlying authenticated encryption scheme is both IND-CVA secure and INT-PTXT secure. The condition about secure channel protocol in this paper is much weaker than IND-CCA secure and INT-CTXT secure. The IND-CVA can be presented for describing the privacy requirements of secure channels in detail. Moreover, the method for designing secure channel protocol in the paper reduces the UC security of secure channels, which are measured by action-simulation in the UC security framework, to the security of authenticated encryption schemes, which are measured semantically.展开更多
基金Supported by the National Natural Science Foun-dation of China (60473072)
文摘Yoon and Yoo recently proposed a robust authenticated encryption scheme and claimed their scheme has the properties of forward secrecy and confidentiality. The current paper, however, points out that Yoon-Yoo's scheme also can not provide forward secrecy and confidentiality such that any adversary can easily recover the transferred message. Based on intractability of reversing the one-way hash function and discrete logarithm problem, an improved authenticated encryption scheme with messages linkage is proposed. The above security faults get solved perfectly. The new scheme is proven to satisfy all the basic security requirements of the authenticated encryption scheme. And by the concrete comparison, it has the similar efficiency of the original scheme.
基金supported by the National Natural Science Foundation of China(Nos.62172337,62241207)Key Project of GansuNatural Science Foundation(No.23JRRA685).
文摘Traditional email systems can only achieve one-way communication,which means only the receiver is allowed to search for emails on the email server.In this paper,we propose a blockchain-based certificateless bidirectional authenticated searchable encryption model for a cloud email system named certificateless authenticated bidirectional searchable encryption(CL-BSE)by combining the storage function of cloud server with the communication function of email server.In the new model,not only can the data receiver search for the relevant content by generating its own trapdoor,but the data owner also can retrieve the content in the same way.Meanwhile,there are dual authentication functions in our model.First,during encryption,the data owner uses the private key to authenticate their identity,ensuring that only legal owner can generate the keyword ciphertext.Second,the blockchain verifies the data owner’s identity by the received ciphertext,allowing only authorized members to store their data in the server and avoiding unnecessary storage space consumption.We obtain a formal definition of CL-BSE and formulate a specific scheme from the new system model.Then the security of the scheme is analyzed based on the formalized security model.The results demonstrate that the scheme achieves multikeyword ciphertext indistinguishability andmulti-keyword trapdoor privacy against any adversary simultaneously.In addition,performance evaluation shows that the new scheme has higher computational and communication efficiency by comparing it with some existing ones.
文摘Cloud Computing expands its usability to various fields that utilize data and store it in a common space that is required for computing and the purpose of analysis as like the IoT devices.These devices utilize the cloud for storing and retrieving data since the devices are not capable of storing processing data on its own.Cloud Computing provides various services to the users like the IaaS,PaaS and SaaS.The major drawback that is faced by cloud computing include the Utilization of Cloud services for the storage of data that could be accessed by all the users related to cloud.The use of Public Key Encryptions with keyword search(PEKS)provides security against the untrustworthy third-party search capability on publicly encryption keys without revealing the data’s contents.But the Security concerns of PEKs arise when Inside Keywords Guessing attacks(IKGA),is identified in the system due to the untrusted server presume the keyword in trapdoor.This issue could be solved by using various algorithms like the Certificateless Hashed Public Key Authenticated Encryption with Keyword Search(CL-HPAEKS)which utilizes the Modified Elliptic Curve Cryptography(MECC)along with the Mutation Centred flower pollinations algorithm(CM-FPA)that is used in enhancing the performance of the algorithm using the Optimization in keys.The additional use of Message Digests 5(MD5)hash function in the system enhances the security Level that is associated with the system.The system that is proposed achieves the security level performance of 96 percent and the effort consumed by the algorithm is less compared to the other encryption techniques.
文摘Authentication per frame is an implicit necessity for security in wireless local area networks(WLANs). We propose a novel per frame secure authentication scheme which provides authentication to data frames in WLANs. The scheme involves no cryptographic overheads for authentication of frames.It utilizes the sequence number of the frame along with the authentication stream generators for authentication.Hence, it requires no extra bits or messages for the authentication purpose and also no change in the existing frame format is required. The scheme provides authentication by modifying the sequence number of the frame at the sender, and that the modification is verified at the receiver. The modified sequence number is protected by using the XOR operation with a random number selected from the random stream. The authentication is lightweight due to the fact that it requires only trivial arithmetic operations like the subtraction and XOR operation.
文摘With the development of network techniques, the problem of network securityis also arising as we enjoy its open convenience. There are many developed methods to overcome thisproblem. Identity authentication is one of these important measures. The authentication methods oftraditional symmetric cryptogram systems and asymmetric cryptogram systems have both advantages anddefects. This paper brings forward a Mixed Encryption Model for Authentication ( MEMA), which hasobvious advantages compared to the two traditional methods. MEMA model can be used widely in openingnetwork environment such as mobile agent systems, multi-agents security safeguard systems and othersituations in which identity authentication of users are needed. At last, the paper also presentsthe MEMA model's structure and implementation of an experimental system.
基金supported by the National Key Research and Development Program of China(2019YFB2101704)National Natural Science Foundation of China(Grant Nos.61902195 and 62102196)NUPTSF(NY219131).
文摘The construction of the tweakable Even-Mansour cipher is in fact the designs of permutations,mask operations,and masking functions.For information-theoretic security,permutations are usually taken as random permutations.This paper focuses on the mask operations and masking functions to construct a universal tweakable Even-Mansour cipher.Firstly,we describe a formal definition of a universal masking function and provide a universal tweakable Even-Mansour cipher UTEM.In the random permutation model,we prove that UTEM is multi-key secure by H-coefficients technique.Then we show some efficient instantiations of the universal masking function to concertize UTEM.Finally,we apply UTEM to an encryption mode TIE(tweak incrementation encryption)and an authenticated encryption mode IAPM(integrity aware parallelizable mode),present two new schemes TIE-plus and IAPM-plus,and prove their security.UTEM enriches tweakable blockciphers,brings more research topics,and plays an important role in modes of operation,which will be of great significance.
基金Supported by the National Basic Research Program (Grant No. 2004CB318004)the National Natural Science Foundation of China (Grant Nos. 60373047 and 90604036)
文摘A highly practical parallel signcrypUon scheme named PLSC from trapdoor permutations (TDPs for short) was built to perform long messages directly. The new scheme follows the Idea "scramble all, and encrypt small", using some scrambling operation on message m along with the user's Identities, and then passing, In paraliel, small parts of the scrambling result through corresponding TOPs. This design enables the scheme to flexibly perform long messages of arbitrary length while avoid repeatedly invoking TDP operations such as the CBC mode, or verbosely black-box composing symmetric encryption and slgncryption, resulting in noticeable practical sevlngs in both message bandwidth and efficiency. Concretely, the signcryptlon scheme requires exactly one computation of the "receiver's TDP" (for "encryptlon") and one Inverse computation of the "sender's TDP" (for "authentication"), which Is of great practical significance in directly performing long messages, since the major bottleneck for many public encryptlon schemes is the excessive computational overhead of performing TDP operations. Cutting out the verbosely repeated padding, the newly proposed scheme Is more efficient than a black-box hybrid scheme. Most importantly, the proposed scheme has been proven to be tightly semanUcaiiy secure under adaptive chosen clphertext attacks (iND-CCA2) and to provide integrity of clphertext (INT-CTXT) as well as non-repudiation in the random oracle model. All of these security guarantees are provided in the full multi-user, insider-security setting. Moreover, though the scheme is designed to perform long messages, it may also be appropriate for settings where It is Impractical to perform large block of messages (i.e. extremely low memory environments such as smart cards).
基金This work was supported by the National Natural Science Foundation of China under Grant Nos.61572293,61502276 and 61692276the National Cryptography Development Foundation of China under Grant No.MMJJ20170102+1 种基金the Major Scientific and Technological Innovation Projects of Shandong Province of China under Grant No.2017CXGC0704the Natural Science Foundation of Shandong Province of China under Grant No.ZR2016FM22.
文摘In the IEEE S&P 2017,Ronen et al.exploited side-channel power analysis(SCPA)and approximately 5000 power traces to recover the global AES-CCM key that Philip Hue lamps use to decrypt and authenticate new firmware.Based on the recovered key,the attacker could create a malicious firmware update and load it to Philip Hue lamps to cause Internet of Things(IoT)security issues.Inspired by the work of Ronen et al.,we propose an AES-CCM-based firmware update scheme against SCPA and denial of service(DoS)attacks.The proposed scheme applied in IoT terminal devices includes two aspects of design(i.e.,bootloader and application layer).Firstly,in the bootloader,the number of updates per unit time is limited to prevent the attacker from acquiring a sufficient number of useful traces in a short time,which can effectively counter an SCPA attack.Secondly,in the application layer,using the proposed handshake protocol,the IoT device can access the IoT server to regain update permission,which can defend against DoS attacks.Moreover,on the STM32F405+M25P40 hardware platform,we implement Philips'and the proposed modified schemes.Experimental results show that compared with the firmware update scheme of Philips Hue smart lamps,the proposed scheme additionally requires only 2.35 KB of Flash memory and a maximum of 0.32 s update time to effectively enhance the security of the AES-CCM-based firmware update process.
基金Supported by the National Natural Science Foundation of China (61070164)the Natural Science Foundation of Guangdong Province (81510632010000022)the Science and Technology Planning Project of Guangdong Province (2010B010600025)
文摘Many previous broadcast encryption schemes can only guarantee confidentiality but cannot verify integrity and authenticity for broadcast messages. In this paper, a broadcast signcryption protocol for ad hoc networks is proposed based on cluster-based structure. The proposed protocol not only guarantees confidentiality but also verifies integrity and authenticity for broadcast messages. More importantly, the proposed scheme enables the cluster head to robustly add or remove any cluster member without changing secret key of other cluster members. Moreover, the proposed protocol avoids massive message exchange for key setup among cluster members. The analysis of security and performance shows that the proposed protocol is secure, efficient, and more practical protocol for ad hoc networks.
基金Supported by the National Basic Research Program of China (Grant No. G2002cb312205)
文摘Within the framework of UC (universally composable) security, a general method is presented to construct a secure channel protocol with using IND-CVA (indistinguishability of encryption scheme under ciphertext verification attacks). A channel protocol with using the method first invokes an ideal keyexchange protocol to get a session key, and then computes the messages with an authenticated encryption scheme. The paper shows that a channel protocol is UC secure if and only if the underlying authenticated encryption scheme is both IND-CVA secure and INT-PTXT secure. The condition about secure channel protocol in this paper is much weaker than IND-CCA secure and INT-CTXT secure. The IND-CVA can be presented for describing the privacy requirements of secure channels in detail. Moreover, the method for designing secure channel protocol in the paper reduces the UC security of secure channels, which are measured by action-simulation in the UC security framework, to the security of authenticated encryption schemes, which are measured semantically.
