Provable secure identity‐based multi‐proxy signature scheme

Multi‐proxy signature is one of the useful primitives of the proxy signature. Till now, only a few schemes of identity‐based multi‐proxy signature (IBMPS) have been proposed using bilinear pairings, but most of the schemes are insecure or lack a formal security proof. Because of the important application of IBMPS scheme in distributed systems, grid computing, and so on, construction of an efficient and provable‐secure IBMPS scheme is desired. In 2005, Li & Chen proposed an IBMPS scheme from bilinear pairings, but their paper lacks a formal model and proof of the security. Further, in 2009, Cao & Cao presented an IBMPS scheme with the first formal security model for it. Unfortunately, their scheme is not secure against the Xiong et al's attack. In this paper, first, we present an IBMPS scheme, then we formalize a security model for the IBMPS schemes and prove that the presented scheme is existential unforgeable against adaptive chosen message and identity attack in the random oracle model under the computational Diffie–Hellman assumption. Also, our scheme is not vulnerable for the Xiong et al's attack. The presented scheme is more efficient in the sense of computation and operation time than the existing IBMPS schemes. Copyright © 2013 John Wiley & Sons, Ltd.     

Cryptanalysis of an identity‐based authenticated key exchange protocol

Authenticated key exchange protocols represent an important cryptographic mechanism that enables several parties to communicate securely over an open network. Elashry, Mu, and Susilo proposed an identity‐based authenticated key exchange (IBAKE) protocol where different parties establish secure communication by means of their public identities.The authors also introduced a new security notion for IBAKE protocols called resiliency, that is, if the secret shared key is compromised, the entities can generate another shared secret key without establishing a new session between them. They then claimed that their IBAKE protocol satisfies this security notion. We analyze the security of their protocol and prove that it has a major security flaw, which renders it insecure against an impersonation attack. We also disprove the resiliency property of their scheme by proposing an attack where an adversary can compute any shared secret key if just one secret bit is leaked.     

An efficient identity‐based protocol for private matching

An important application of the Internet is that people can find partners satisfying their requirements from the huge number of users. In this paper, we present a cryptographic protocol for private matching, in which a user finds her desired partners without revealing her requirements, and the potential partners do not need to reveal their profiles. An additional advantage of our protocol is that it is identity‐based, which means the involved parties do not need to have a priori knowledge of each other's public keys; as long as they know each other's identities, the protocol can be executed. Copyright © 2010 John Wiley & Sons, Ltd.     

An enhanced anonymous identity‐based key agreement protocol for smart grid advanced metering infrastructure

Sprouting populace mass within the urban areas furnishes critical challenges of providing uninterruptible community services to fulfill the primitive needs of inhabitants in smart cities. Smart cities facilitate and uplift the living standards of inhabitants through various smart systems or infrastructures, and smart grid is one of them. Secure transmission is a key requirement in the advanced metering infrastructure (AMI) of most smart grids, and key establishment cryptographic protocols can be used to achieve such a requirement. Designing efficient and secure key establishment protocols for AMI remains challenging. For example, in this paper, we reveal several weaknesses in the identity‐based key establishment protocol of Mohammadali et al (published in IEEE Trans Smart Grid, 2017), which is based on elliptic curves. We then improve their protocol and prove its security in the random oracle model. We also demonstrate that the improved protocol achieves both anonymity and untraceability, before presenting a comparative summary of the security and computational overheads of the proposed protocol and several other existing protocols.     

A short ID‐based proxy signature scheme

The notion of identity‐based proxy signature with message recovery feature has been proposed to shorten identity‐based proxy signatures and improve their communication overhead because signed messages are not transmitted with these kinds of signatures. There are a few schemes for this notion: the schemes of Singh and Verma and Yoon et al. Unfortunately, Tian et al., by presenting two forgery attacks, show that Singh and Verma scheme is not secure, and also, the scheme of Yoon et al. does not support provable security. The contributions of this paper are twofold. First, we review the scheme by Yoon et al. and discuss why it does not have message recovery property, and consequently, it is not short. Second, we propose a short identity‐based proxy signature scheme with the help of message recovery property and show that it is secure under computational Diffie–Hellman assumption in the random oracle model. Furthermore, our scheme is more efficient than (as efficient as) previous identity‐based proxy signatures. Copyright © 2014 John Wiley & Sons, Ltd.     

A secure and efficient identity‐based mutual authentication scheme with smart card using elliptic curve cryptography

The e‐commerce has got great development in the past decades and brings great convenience to people. Users can obtain all kinds of services through e‐commerce platform with mobile device from anywhere and at anytime. To make it work well, e‐commerce platform must be secure and provide privacy preserving. To achieve this goal, Islam et al. proposed a dynamic identity‐based remote user mutual authentication scheme with smart card using Elliptic Curve Cryptography(ECC). Islam et al claimed that the security of their scheme was good enough to resist various attacks. However, we demonstrate that their scheme is vulnerable to insider attack and suffers from off‐line password guessing attack if smart card is compromised. To overcome the deficiencies, we present an improved scheme over Islam's scheme. The security proof and analysis shows that our scheme can also provide user anonymity and mutual authentication, and the security is enough to against relay attack, impersonation attack, and other common secure attackers. The performance analysis shows that the proposed scheme is more efficient than Islam et al's scheme.     

A pairing‐free identity‐based handover AKE protocol with anonymity in the heterogeneous wireless networks

Nowadays, seamless roaming service in heterogeneous wireless networks attracts more and more attention. When a mobile user roams into a foreign domain, the process of secure handover authentication and key exchange (AKE) plays an important role to verify the authenticity and establish a secure communication between the user and the access point. Meanwhile, to prevent the user's current location and moving history information from being tracked, privacy preservation should be also considered. However, existing handover AKE schemes have more or less defects in security aspects or efficiency. In this paper, a secure pairing‐free identity‐based handover AKE protocol with privacy preservation is proposed. In our scheme, users' temporary identities will be used to conceal their real identities during the handover process, and the foreign server can verify the legitimacy of the user with the home server's assistance. Besides, to resist ephemeral private key leakage attack, the session key is generated from the static private keys and the ephemeral private keys together. Security analysis shows that our protocol is provably secure in extended Canetti‐Krawczyk (eCK) model under the computational Diffie‐Hellman (CDH) assumption and can capture desirable security properties including key‐compromise impersonation resistance, ephemeral secrets reveal resistance, strong anonymity, etc. Furthermore, the efficiency of our identity‐based protocol is improved by removing pairings, which not only simplifies the complex management of public key infrastructure (PKI) but also reduces the computation overhead of ID‐based cryptosystem with pairings. It is shown that our proposed handover AKE protocol provides better security assurance and higher computational efficiency for roaming authentication in heterogeneous wireless networks.     

Cryptanalysis of a dynamic identity‐based remote user authentication scheme with verifiable password update

In the authentication scheme, it is important to ensure that the user's identity changed dynamically with the different sessions, which can protect the user's privacy information from being tracked. Recently, Chang et al. proposed an untraceable dynamic identity‐based remote user authentication scheme with verifiable password update. However, our analysis show that the property of untraceability can easily be broken by the legal user of the system. Besides, we find the scheme of Chang et al. vulnerable to offline password guessing attack, impersonation attack, stolen smart card attack, and insider attack. Copyright © 2013 John Wiley & Sons, Ltd.     

An anonymous biometric‐based remote user‐authenticated key agreement scheme for multimedia systems

We analyze the security of the Li et al . authentication scheme and show its vulnerability to off‐line password‐guessing and replay attacks. We design a new anonymous authentication scheme. The proposed scheme not only removes the drawback of the scheme of the Li et al . scheme but also protects user's anonymity. Moreover, we show validity of our proposed scheme using Burrows, Abadi, and Needham logic. Our scheme is comparable in terms of the communication and computational overhead with related schemes. Copyright © 2015 John Wiley & Sons, Ltd.     

A robust and efficient dynamic identity‐based multi‐server authentication scheme using smart cards

In single‐server architecture, one service is maintained by one server. If a user wants to employ multiple services from different servers, he/she needs to register with these servers and to memorize numerous pairs of identities and passwords corresponding to each server. In order to improve user convenience, many authentication schemes have been provided for multi‐server environment with the property of single registration. In 2013, Li et al. provided an efficient multi‐server authentication scheme, which they contended that it could resist several attacks. Nevertheless, we find that their scheme is sensitive to the forgery attack and has a design flaw. This paper presents a more secure dynamic identity‐based multi‐server authentication scheme in order to solve the problem in the scheme by Li et al. Analyses show that the proposed scheme can preclude several attacks and support the revocation of anonymity to handle the malicious behavior of a legal user. Furthermore, our proposed scheme has a lower computation and communication costs, which make it is more suitable for practical applications. Copyright © 2014 John Wiley & Sons, Ltd.     

On the security of a dynamic identity‐based remote user authentication scheme with verifiable password update

Recently, Chang et al. [Chang Y, Tai W, Chang H. Untraceable dynamic identity‐based remote user authentication scheme with verifiable password update. International Journal of Communication Systems 2013; doi:10.1002/dac.2552] proposed a dynamic identity‐based remote user authentication scheme with verifiable password update. They also proved that their scheme could withstand various attacks. Unfortunately, by proposing concrete attacks, we show that their scheme is vulnerable to three kinds of attacks. We also point out that their scheme cannot provide untraceability. The analysis shows that the scheme of Chang et al. is not suitable for practical applications. Copyright © 2013 John Wiley & Sons, Ltd.     

Efficient revocable ID‐based encryption with cloud revocation server

The capability to efficiently revoke compromised/misbehaving users is important in identity‐based encryption (IBE) applications, as it is not a matter of if but of when that one or more users are compromised. Existing solutions generally require a trusted third party to update the private keys of nonrevoked users periodically, which impact on scalability and result in high computation and communication overheads at the key generation center. Li et al proposed a revocable IBE scheme, which outsources most of the computation and communication overheads to a Key Update Cloud Service Provider (KU‐CSP). However, their scheme is lack of scalability since the KU‐CSP must maintain a secret value for each user. Tseng et al proposed another revocable IBE scheme with a cloud revocation authority, seeking to provide scalability and improve both performance and security level. In this paper, we present a new revocable IBE scheme with a cloud revocation server (CRS). The CRS holds only one secret time update key for all users, which provides the capability to scale our scheme. We demonstrate that our scheme is secure against adaptive‐ID and chosen ciphertext attacks under the k‐CAA assumption and outperforms both schemes mentioned above, in terms of having lower computation and communication overheads.     

Efficient three‐party password‐based key exchange scheme

In three‐party password‐based key exchange protocol, a client is allowed to share a human‐memorable password with a trusted server such that two clients can negotiate a session key to communicate with each other secretly. Recently, many three‐party password‐based key exchange protocols have been developed. However, these proposed schemes cannot simultaneously achieve security and efficiency. Based on elliptic curve cryptography (ECC), this paper will propose a new simple three‐party password‐based authenticated key exchange scheme. The proposed method not only reduces computation cost for remote users and a trusted server but also is more efficient than previously proposed schemes. It is better suited for resource constrained devices, such as smart cards or mobile units. Copyright © 2010 John Wiley & Sons, Ltd.     

An improved anonymous multi‐receiver identity‐based encryption scheme

Anonymous receiver encryption is an important cryptographic primitive. It allows a sender to use the public identities of multiple receivers to encrypt messages so that only the authorized receivers or a privileged set of users can decrypt the messages, and the identities of the receivers are not revealed. Recently, Zhang et al. proposed a novel anonymous multi‐receiver encryption scheme and claimed that their scheme could realize the receiver's identity privacy. Unfortunately, in this paper, we pointed out that the scheme by Zhang et al. did not achieve the anonymity of the receiver identity after analyzing the security of the scheme. At the same time, we give the corresponding attack. After analyzing the reason to produce such attacks, a novel anonymous multi‐receiver encryption scheme is given to achieve the anonymity of the receiver's identities. And we formally prove that the proposed scheme is semantically secure for confidentiality and receiver identities’ anonymity. The security of the scheme is based on decisional bilinear Diffie‐Hellman problem. Compared with the scheme by Zhang et al., Fan et al., Wang et al., and Chien et al., our scheme is shown to be better performance and robust security. To the best of our knowledge, our scheme is most efficient in terms of computational cost and communication overhead. Copyright © 2013 John Wiley & Sons, Ltd.     

Hierarchical Identity‐Based Encryption with Constant‐Size Private Keys

The main challenge at present in constructing hierarchical identity‐based encryption (HIBE) is to solve the trade‐off between private‐key size and ciphertext size. At least one private‐key size or ciphertext size in the existing schemes must rely on the hierarchy depth. In this letter, a new hierarchical computing technique is introduced to HIBE. Unlike others, the proposed scheme, which consists of only two group elements, achieves constant‐size private keys. In addition, the ciphertext consists of just three group elements, regardless of the hierarchy depth. To the best of our knowledge, it is the first efficient scheme where both ciphertexts and private keys achieve O(1)‐size, which is the best trade‐off between private‐key size and ciphertext size at present. We also give the security proof in the selective‐identity model.     

A provably secure code‐based short signature scheme and its nontransferable variant

Signatures with partially message recovery in which some parts of messages are not transmitted with signatures to make them shorter are helpful where bandwidth is one of the critical concern. This primitive is especially used for signing short messages in applications such as time stamping, certified email services, and identity‐based cryptosystems. In this paper, to have quantum‐attack‐resistant short signatures, the first signature scheme with partially message recovery based on coding theory is presented. Next, it is shown that the proposal is secure under Goppa Parametrized Bounded Decoding and the Goppa Code Distinguishing assumptions in the random oracle model. Relying on the partially message recovery property, the proposal is shorter than Dallot signature scheme, the only provably secure and practical code‐based signature scheme, while it preserves Dallot signature efficiency. We should highlight that our scheme can be used as a building block to construct short code‐based signature schemes with special properties. To show this, we present a provably secure short designated verifier signature scheme, a nontransferable form of short signatures, which is used in electronic voting and deniable authentication protocols.     

Forgery attacks of an identity‐based multi‐proxy signature scheme

Multi‐proxy signature is used to delegate a permission of an owner to at least two proxies in the digital world. Recently, Sahu and Padhye gave a new construction of identity‐based multi‐proxy signature. Their scheme's security was supported by a reduction proof against a hard mathematical problem. Even supported by such security proofs, we present some forgery attacks against Sahu and Padhye's scheme. We demonstrate that any dishonest insider or any malicious outsider can break the security of Sahu and Padhye's scheme by forging either a permission or a multi‐proxy signature. In fact, our forgery attacks exploit the security weakness in their underlying identity‐based signature scheme, which is the fundamental constructing component of their proposed scheme. Copyright © 2014 John Wiley & Sons, Ltd.