Privacy-Enhancing Decentralized Anonymous Credential in Smart Grids

Decentralized Anonymous Credential (DAC) has posed enormous potential in smart grids for protecting user privacy (e.g. preventing user’s daily life from being sketched out). However, the existing DAC protocols still compromise user privacy for a full list of attributes are disclosed during showing credentials. In this paper, to construct a privacy-enhancing decentralized anonymous credential (PEDAC) protocol, we first design a more efficient range proof to hide user’s attributes. Specifically, we are inspired by Camenisch et al. (ASIACRYPT 2008), but replace their adopted Boneh-Boyen signature scheme with the Chinese standard SM2 signature scheme (incorporated in the ISO/IEC 14888-3) to propose pairing-free set membership and range proof protocols. These protocols can be executed non-interactively upon the Fiat-Shamir heuristic (INDOCRYPT 2012), and then be used to construct our PEDAC protocol. By compared with the protocols of Camenisch et al. (ASIACRYPT 2008) and Poelstra et al. (FC 2018), our proposed range proofs are with less communication and computation costs and hence more practical for constructing PEDAC protocols in smart grids.     

ePASS: An expressive attribute-based signature scheme with privacy and an unforgeability guarantee for the Internet of Things

The Internet of Things (IoT) provides anywhere, anything, anytime connections, for which user privacy is vulnerable and authentication methods that favor policy over attributes are essential. Thus, a signature scheme that considers user privacy and implements an attributes policy is required. Emerging attribute-based signature (ABS) schemes allow a requester of a resource to generate a signature with attributes satisfying the policy without leaking more information. However, few existing approaches simultaneously achieve an expressive policy and security under the standard Diffie–Hellman assumption. Here we describe ePASS, a novel ABS scheme that uses an attribute tree and expresses any policy consisting of AND, OR threshold gates under the computational Diffie–Hellman problem. Users cannot forge signatures with attributes they do not possess, and the signature provides assurance that only a user with appropriate attributes satisfying the policy can endorse the message, resulting in unforgeability. However, legitimate signers remain anonymous and are indistinguishable among all users whose attributes satisfy the policy, which provides attribute privacy for the signer. Compared to existing schemes, our approach delivers enhanced performance by reducing the computational cost and signature size.     

New constructions of OSBE schemes and their applications in oblivious access control

Oblivious signature-based envelope (OSBE) schemes have demonstrated their potential applications in the protection of users privacy and rights. In an OSBE protocol, an encrypted message can only be decrypted by the receiver who holds a valid signature on a public message, while the sender (encrypter) does not know whether the receiver has the signature or not. Our major contributions in this work lie in the following aspects. We improve the notion of OSBE so that a valid credential holder cannot share his/her credential with other users (i.e., all-or-nothing non-transferability). We clarify the relationship between one-round OSBE and identity-based encryption (IBE) and show that one-round OSBE and semantically secure IBE against the adaptively chosen identity attack (IND-ID-CPA) are equivalent, if the signature in the OSBE scheme is existentially unforgeable against adaptively chosen message attacks. We propose an oblivious access control scheme to protect user privacy without the aid of any zero-knowledge proof. Finally, we also highlight some other novel applications of OSBE, such as attributed-based encryption.     

Vulnerabilities in Anonymous Credential Systems

We show the following:

(i) In existing anonymous credential revocation systems, the revocation authority can link the transactions of any user in a subset T of users in O(log|T|) fake failed sessions.

(ii) A concern about the DLREP-I anonymous credentials system described in [Stefan Brands: Rethinking public key infrastructure and Digital Certificates; The MIT Press, Cambridge Massachusetts, London England. ISBN 0-262-02491-8] and [Stefan Brands: A Technical Overview of Digital Credentials; February 2002 (was a white paper in credentica.com)].

Handling Multiple Credentials in a Heterogeneous SOA Environment

With all the diverse technology in a typical corporate IT environment, it's no surprise that multiple types and formats of security credentials exist, each one designed to protect its respective software system. We can address the problem of handling multiple credential types and formats in a heterogeneous SOA environment by using a data structure designed not only to store and propagate user credential information but also to accurately reflect trust relationships between credential instances. Modeling credentials in this manner leads to improved assurance for applications that need to enforce security policies, either based on business rules established at the corporate level or by compliance to the relevant security specifications.     

支持属性选择性披露的ATN证书描述方案

为了在自动信任协商(ATN)中实现属性选择性披露,借鉴内容抽取签名的思想,以W3C的XML加密和签名推荐标准为技术支撑,提出一种支持属性选择性披露的ATN证书描述方案,使接收方在收到经过属性加密或移除处理的证书时仍能对其完整性和数字签名进行验证。与SDSA方案相比,该方案具有简单、灵活、计算量小等优点。     

面向云服务的轻量级匿名订阅系统

针对已有匿名订阅系统订阅方式不灵活、用户端运算量大以及用户访问次数不受限制等缺陷,在Canard等人系统的基础上,提出一个面向云服务的轻量级匿名订阅系统。新系统的构造过程使用了关于掌握Au-Susilo-Mu签名的知识证明、改进的集合成员证明以及双线性对运算的性能优化技术。与已有系统相比,新系统同时满足以下性质：允许用户一次性订阅多种服务类型;对用户的访问次数作出限制;不允许用户与他人共享使用电子钱包;为用户提供了较强的隐私保护等级。该系统可证能安全地实现匿名订阅系统的功能。仿真实验表明,当被证明的秘密值在50~1 050内变化时,用户在access协议中的运行效率较同类系统提高了79.5%~83.2%。     

Hidden attribute-based signatures without anonymity revocation

We propose a new notion called hidden attribute-based signature, which is inspired by the recent developments in attribute-based cryptosystem. With this technique, users are able to sign messages with any subset of their attributes issued from an attribute center. In this notion, a signature attests not to the identity of the individual who endorsed a message, but instead to a claim regarding the attributes the underlying signer possesses. Users cannot forge signature with attributes which they have not been issued. Furthermore, signer remains anonymous without the fear of revocation, among all users with the attributes purported in the signature.After formalizing the security model, we propose two constructions of hidden attribute-based signature from pairings. The first construction supports a large universe of attributes and its security proof relies on the random oracle assumption, which can be removed in the second construction. Both constructions have proven to be secure under the standard computational Diffie-Hellman assumption.     

Hardware-assisted credential management scheme for preventing private data analysis from cloning attacks

The majority of mobile apps use credentials to provide an automatic login function. Credentials are security tokens based on a user’s ID and password information. They are created for initial authentication, and this credential authentication then replaces user verification. However, because the credential management of most Android apps is currently very insecure, the duplication and use of another user’s credentials would allow an attacker to view personal information stored on the server. Therefore, in this paper, we analyze the vulnerability of some major mobile SNS apps to credential duplication that would enable access to personal information. To address the identified weaknesses, we propose a secure credential management scheme. The proposed scheme first differentiates the credential from the smart device using an external device. Using a security mechanism, the credential is then linked with the smart device. This ensures that the credential will be verified by the special smart device. Furthermore, based on experimental results using a prototype security mechanism, the proposed scheme is shown to be a very useful solution because of its minimal additional overhead.     

Securing Information Transfer in Distributed Computing Environments

The problem of migrating sensitive information between systems in dynamic environments is increasingly important as distributed computing expands. A proposed policy-based approach provides controlled and secure transfer of user credentials and data across platforms. We propose a policy-driven data-protection system to address the inadequacies of current technological solutions in preserving the confidentiality and privacy of data while it migrates between platforms. More specifically, we describe our solution for securing credential migration that we're developing for productization.     

Denial of service attacks and defenses in decentralized trust management

Trust management is an approach to scalable and flexible access control in decentralized systems. In trust management, a server often needs to evaluate a chain of credentials submitted by a client; this requires the server to perform multiple expensive digital signature verifications. In this paper, we study low-bandwidth Denial-of-Service (DoS) attacks that exploit the existence of trust management systems to deplete server resources. Although the threat of DoS attacks has been studied for some application-level protocols such as authentication protocols, we show that it is especially destructive for trust management systems. Exploiting the delegation feature in trust management languages, an attacker can forge a long credential chain to force a server to consume a large amount of computing resource. Using game theory as an analytic tool, we demonstrate that unprotected trust management servers will easily fall prey to a witty attacker who moves smartly. We report our empirical study of existing trust management systems, which manifests the gravity of this threat. We also propose a defense technique using credential caching, and show that it is effective in the presence of intelligent attackers. A preliminary version of this paper was presented at the Second IEEE International Conference on Security and Privacy in Communication Networks, Baltimore, MD, USA, August 2006.     

ad hoc网络具有撤销机制的密钥管理方案

分析了现有ad hoc网络基于身份的密钥管理方案,针对用户密钥泄漏,异常等情况,提出了一种具有密钥撤销机制的密钥管理方案,并在此基础上给出了用户签名方案。在文本中,用户可以通过注销泄漏密钥,防止攻击者用窃取的密钥伪造用户签名,即使攻击者成功伪造了用户签名,用户还可以通过系统签名注销消息来证明伪造的签名无效。方案在门限密码学的基础上以完全分布化方式建立系统密钥,具有良好的容错性,能抵御网络的主动和被动攻击。和以往的方案相比具有更高的安全性。     

Blockchain-based Privacy-Preserving Group Data Auditing with Secure User Revocation

Progress in cloud computing makes group data sharing in outsourced storage a reality. People join in group and share data with each other, making team work more convenient. This new application scenario also faces data security threats, even more complex. When a user quit its group, remaining data block signatures must be re-signed to ensure security. Some researchers noticed this problem and proposed a few works to relieve computing overhead on user side. However, considering the privacy and security need of group auditing, there still lacks a comprehensive solution to implement secure group user revocation, supporting identity privacy preserving and collusion attack resistance. Aiming at this target, we construct a concrete scheme based on ring signature and smart contracts. We introduce linkable ring signature to build a kind of novel meta data for integrity proof enabling anonymous verification. And the new meta data supports secure revocation. Meanwhile, smart contracts are using for resisting possible collusion attack and malicious re-signing computation. Under the combined effectiveness of both signature method and blockchain smart contracts, our proposal supports reliable user revocation and signature re-signing, without revealing any user identity in the whole process. Security and performance analysis compared with previous works prove that the proposed scheme is feasible and efficient.     

Attribute-based authentication on the cloud for thin clients

We propose two new authentication schemes for the cloud that support private attribute-based authentication services. The basic scheme is non-anonymous attribute-based authentication scheme. The extended scheme of the basic scheme is fully anonymous attribute-based authentication scheme to realize full anonymity and unlinkability services. In the proposed schemes, a user is authenticated by the remote server if the intersection of the set of his/her assigned attributes and the server’s required attributes exceeds a satisfactory predefined level. Unlike existing attribute-based encryption and signature schemes that require the user to perform significant amount of elliptic curve bilinear pairings and modular exponentiations, and require the user to hold a significantly long decryption/signature key, in our schemes the user is not required to perform any bilinear pairings. With a fixed length private key, independent of the number of attributes, the cloud user performs only few exponentiations by which he/she is able to authenticate himself/herself to the remote server and establish a session key with the server with the condition that he/she satisfies a predefined level of the server’s attributes requirement. Therefore, our schemes are suitable for implementation on devices with limited resources. We provide the rigorous security of the proposed schemes and complexity analysis of our schemes. Finally, the security and performance comparisons of our schemes with the existing related schemes show that our schemes outperform other existing schemes.     

广义指定多个验证者有序多重签名方案

广义指定多个验证者签名允许签名持有者指定多个签名验证者,有序多重签名则可满足多个签名者以严格的次序进行签名的要求。根据上述特性,提出一种基于身份的广义指定多个验证者有序多重签名方案,采用类短签名的形式构造签名,并在随机预言模型下证明方案的安全性。分析结果表明,该方案具有较高的效率,可抵抗适应性选择消息和身份攻击。     

普适环境中的隐私保护认证协议设计

针对普适环境中的认证和隐私保护问题,运用哈希链和部分盲签名技术,提出一种新的隐私保护认证协议。该协议运用哈希链构造信任书,保证每个信任书只能使用一次,利用部分盲签名在信任书中嵌入用户访问次数,对用户的访问次数进行控制。在实现用户匿名访问和双向认证的同时,解决服务滥用和非授权访问问题。仿真结果表明,与同类协议相比,该协议具有更好的安全特性和较高的执行效率。     

一种新的基于身份的公平离线电子现金方案

为了设计安全、高效的电子现金方案,基于受限部分盲签名提出了一种新的基于身份的公平离线电子现金方案。该方案使用知识证明签名有效地构造了重复花费检测协议,并实现了货币追踪协议和货币所有者追踪协议,给出了不可伪造性、匿名性、公平性和有效性证明。与已有方案相比,该方案能够有效地防止账户所有者进行重复消费,并且使用了较少的高耗时运算,提款协议和支付协议具有较高的计算效率。     

New and efficient conditional e-payment systems with transferability

Conditional e-payments (or e-cash) allow the user to anonymously cash a bank-issued e-coin at a future time if and only if a certain agreed-upon public condition is satisfied, which are useful in plenty of applications such as prediction markets, anonymous online betting, and securities trading. In this paper, we propose a new and efficient conditional e-payment system based on Chen et al.’s restrictive partially blind signature scheme. Compared to the existing conditional e-payment schemes  [2], [5], [6], our construction requires neither the inefficient cut-and-choose techniques nor the complicated knowledge proof protocols and thus has lower computation and communication complexity. Another significant contribution of this paper is a conditional e-payment system with transferability which allows the coin to be further transferred anonymously by a chain of payees.