DOCSLIB.ORG

(12) United States Patent (10) Patent No.: US 8,429.408 B2 Vanstone (45) Date of Patent: Apr

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
(12) United States Patent (10) Patent No.: US 8,429.408 B2 Vanstone (45) Date of Patent: Apr USOO8429408B2 (12) United States Patent (10) Patent No.: US 8,429.408 B2 Vanstone (45) Date of Patent: Apr. 23, 2013 (54) MASKING THE OUTPUT OF RANDOM 2009/0086968 A1* 4/2009 Vanstone ........................ 380, 44 NUMBER GENERATORS IN KEY 2009.0161876 A1* 6, 2009 Sherkin .............. ... 380,278 GENERATION PROTOCOLS 2011/0087883 A1* 4/2011 Campagna et al. ........... T13,156 OTHER PUBLICATIONS (75) Inventor: Scott Alexander Vanstone, Campbellville (CA) Yoon, Eun-Jun et al., “An Optimizing Authenticated Key Exchange Protocol for Self-organizing Sensor Networks'; Jan. 1, 2006; pp. 537 (73) Assignee: Certicom Corp., Mississauga, Ontario to 546;Ubiquitous Computing systems; LNCS; ISBN: 978-3-540 (CA) 46287-3. Huang, Qiang et al-Association for Computing Machinery; “Fast (*) Notice: Subject to any disclaimer, the term of this Authenticated Key Establishment Protocols for Self-Organizing Sen patent is extended or adjusted under 35 sor Networks”: ACM WSNA 2003; Proceedings of the 2' ACM U.S.C. 154(b) by 343 days. International Workshop on Wireless Sensor Networks & Applica tions; New York; Jan. 1, 2003; pp. 141-150; ISBN: 978-58113-764-4. (21) Appl. No.: 12/814,210 Brown, D.R.L. et al.; “Provably Secure Implicit Certificate Schemes'; Financial Cryptography; Jan. 1, 2002: pp. 156 to 165; vol. (22) Filed: Jun. 11, 2010 2339; ISBN: 978-3-540-24128-7. Manet, Pascal; Search Report from European Application No. (65) Prior Publication Data 10165765.8; search completed Oct. 29, 2010. US 2011/0307698 A1 Dec. 15, 2011 * cited by examiner (51) triboo (2006.01) Primary Examiner — Beemnet Dada Y - (52) U.S. Cl AssistantSSIS OF EEXOFife — Sayed Beheshti Shirazi USfc. 713/171,713/156.713/168; 3.8028 (74) Attorney, Agent, or Firm — Etienne de Villiers: Dimock 380/30, 380/44; 380/278 Stratton LLP (58) Field of Classification Search .................. 713/171, 713/156, 168; 380/28, 30, 44, 278 (57) ABSTRACT See application file for complete search history. To mitigate the effects of a weak random number generator (RNG) in a public key cryptosystem, a public key obtained (56) References Cited from the RNG is encrypted using a deterministic crypto graphic scheme before being made publicly available. A U.S. PATENT DOCUMENTS trusted party receiving the encrypted public key can recover 2002/0057796 A1* 5, 2002 Lambert et al. ................. 380/28 the public key and combine it with other information so it is 2004/02498.17 A1* 12/2004 Liu et al. ........................... 707/9 not subject to direct scrutiny. In one embodiment, the trusted 29395 A 299 Quell- T13,156 party incorporates the public key in a certificate. Such as an 38. SE A. ck 1939. $this . 3. implicit certificate, for use by the correspondents in other 2007, 0100762 A1* 5, 2007 Luo et al. ..... 705/59 COmmun1cat1OnS. 2009/0041238 A1* 2/2009 Quet al. .. ... 380/44 2009/0046852 A1 2/2009 Vanstone ........................ 380.30 9 Claims, 5 Drawing Sheets U.S. Patent Apr. 23, 2013 Sheet 1 of 5 US 8,429.408 B2 FIG. 2 U.S. Patent Apr. 23, 2013 Sheet 2 of 5 US 8.429.408 B2 112 generate .RN 1 decryptXA to get XA obtain private key xA from RN 4-1 114 validate XA & IDA Compute public key - 116 generate Session keys XCA, XcA encrypt XA with RSA - 1181 Compute BA= Send XA and IDA XCA XA 120 parse cert. ICA 4-1 to get BA IDA format cert. ICA = BAIDA 130 validate 122 BA&IDA obtain private key Contribution 132 data S generate shared key R 1 124 compute shared 134 key R & encrypts decrypts to get private key Contribution data S 126 send cert. ICA 1366 N. and encrypted construct private private key Contribution key KA data S' FIG. 3 U.S. Patent Apr. 23, 2013 Sheet 3 of 5 US 8,429.408 B2 XA XA EnC (X) RSA, : (X) DA IDA, XA DeC (X") Rs.4 obtain BA iDA XC A XC A from ICA X verify IDA BA C A + XA verify BA is point ICA = BA | IDA e = hash (ICA ) e = hash (ICA) RFXA QCA SF (excA+ka) mod n R c C CA Xa S = Dec(s) k = exa + S (mod n) | s= Encas) wa QAF e BA Q CA FIG. 4 U.S. Patent Apr. 23, 2013 Sheet 4 of 5 US 8,429.408 B2 obtain private value from RNG compute corresponding public key encrypt corresponding public key forward encrypted public key to trusted party receive encrypted private key reconstruction data recover private key reconstruction data compute private key using private key reconstruction data FIG. 5 U.S. Patent Apr. 23, 2013 Sheet 5 of 5 US 8,429.408 B2 302 receive encrypted Na public key 304 decrypt public key utilize public key to compute private 306 A key reconstruction data 308 encrypt private key Na reconstruction data forward encrypted 310 private key reconstruction data to device FIG. 6 US 8,429,408 B2 1. 2 MLASKING THE OUTPUT OF RANDOM by the correspondent. A corresponding public key is com NUMBER GENERATORS IN KEY puted as C. and distributed publically to other correspon GENERATION PROTOCOLS dents. The public and private keys are used according to well known protocols to encrypt and decrypt messages sent TECHNICAL FIELD between parties, to authenticate a message signed by one party using a private key, or to establish a common key The following relates generally to the field of cryptogra between the parties by combining the public key of one party phy. with the private key of another. These protocols can be implemented practically in any BACKGROUND 10 group in which both the discrete logarithm problem is hard and the group operation is efficient. One example of Such a As communications have progressed into the electronic group is the elliptic curve cyclic group defined over the finite domain, information has become easy to copy and dissemi field F composed of integers from 0 to p-1, where p is a nate. The prevalence of electronic communication has made prime number. The group elements are points lying on a for many productivity advances, and an increase in knowl 15 defined elliptic curve and having coordinates that are ele edge and information sharing. However, due to the ease of ments of the underlying field. An elliptic curve group typi dissemination, there is an ever increasing need for privacy and cally utilises an additive notation, rather than the multiplica authentication in electronic communications. tive notation used above, so that a k-fold group operation of a To retain privacy, the method of encrypting data using a key point P requires the point P to be added k times and is written is very well known. In asymmetric key cryptographic proto kP. A cryptographic system implemented using an elliptic cols, computing devices, commonly referred to as correspon curve group is known as an elliptic curve cryptographic sys dents, share a common secret key. This key must be agreed tem, or ECC. Other groups commonly used are multiplicative upon by the correspondents, and its secrecy maintained groups, such as the non-zero integers F and the correspond throughout the data communication. ing k-fold group operation is denoted of, where C. is a gen Public key cryptographic protocols were first proposed in 25 erator of the group. 1976 by Diffie-Hellman. A public-private key pair is created Although the discrete log problem is considered intrac for each correspondent, with the public key made available to table, the Security of the cryptographic system depends on the other parties, and the private key information maintained cryptographic strength of the random number X. A random secret by the correspondent who will be the recipient of number generator (RNG) is designed to provide crypto messages. Any message encrypted using the public key of a 30 graphically strong random numbers, but, due to malfunction, recipient can only be decrypted using the private key of that poor selection of a seed, or malicious tampering, the RNG same recipient. The private key cannot be derived from the may output relatively weak random numbers. This is a par knowledge of the plaintext, ciphertext and public-key. ticular problem in constrained devices, such as cell phones Cryptographic systems utilise protocols that are based on and Smart cards, where low cost implementations may not so called “hard' problems. These problems can beformulated 35 have sufficient entropy to provide a robust random number quickly, but do not have efficient solution algorithms. Prob generator. As a result, publication of the public key may lems such as integer factorization and the discrete logarithm inadvertently disclose the corresponding private key, and, problem fall into this category. depending on the protocol implemented, may in turn yield Integer factorisation is the basis of a set of protocols known information pertaining to other private keys used in the pro as RSA which uses, as a modulus n, the product of two large 40 tocol. primes, p, q. A second modulus d is computed as (p-1)(cq-1). A random integere is selected so that 1<e-dband gcd(e.1)=1. BRIEF DESCRIPTION A value d is selected so that 1 <d<db and ed=1 mod db. A correspondent’s public key is then (n,e) and the correspond The following shows an embodiment of a key establish ing private key is d. 45 ment protocol by way of example only with reference to the To send a message to a correspondent, the recipient’s pub appended drawings wherein: lic key (n,e) is obtained and the message represented as an FIG. 1 is a schematic representation of a data communica integer m in the interval 0..n-1.
Load more

Recommended publications
  • Implicit and Explicit Certificates-Based Encryption Scheme Tomasz Hyla, Witold Maćków, Jerzy Pejaś
    Implicit and Explicit Certificates-Based Encryption Scheme Tomasz Hyla, Witold Maćków, Jerzy Pejaś To cite this version: Tomasz Hyla, Witold Maćków, Jerzy Pejaś. Implicit and Explicit Certificates-Based Encryption Scheme. 13th IFIP International Conference on Computer Information Systems and Industrial Man- agement (CISIM), Nov 2014, Ho Chi Minh City, Vietnam. pp.651-666, 10.1007/978-3-662-45237- 0_59. hal-01405660 HAL Id: hal-01405660 https://hal.inria.fr/hal-01405660 Submitted on 30 Nov 2016 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Distributed under a Creative Commons Attribution| 4.0 International License Implicit and Explicit Certificates-based Encryption Scheme Tomasz Hyla1, Witold Maćków1, Jerzy Pejaś1, 1 West Pomeranian University of Technology, Szczecin Faculty of Computer Science and Information Technology, Poland {thyla, wmackow, jpejas}@zut.edu.pl Abstract. Certificate-based encryption (CBE) combines traditional public-key encryption and certificateless encryption. However, it does suffer to the Denial of Decryption (DoD) attack called by Liu and Au. To capture this attack, they introduced a new paradigm called self-generated-certificate public key cryptog- raphy. In this paper we show that the problem of DoD attack can be solved with a new implicit and explicit certificates-based public key cryptography paradigm.
    [Show full text]
  • Towards a Hybrid Public Key Infrastructure (PKI): a Review
    Towards a Hybrid Public Key Infrastructure (PKI): A Review Priyadarshi Singh, Abdul Basit, N Chaitanya Kumar, and V. Ch. Venkaiah School of Computer and Information Sciences, University of Hyderabad, Hyderabad-500046, India Abstract. Traditional Certificate- based public key infrastructure (PKI) suffers from the problem of certificate overhead like its storage, verification, revocation etc. To overcome these problems, idea of certificate less identity-based public key cryptography (ID-PKC) was proposed by Shamir. This is suitable for closed trusted group only. Also, this concept has some inherent problems like key escrow problem, secure key channel problem, identity management overhead etc. Later on, there had been several works which tried to combine both the cryptographic techniques such that the resulting hybrid PKI framework is built upon the best features of both the cryptographic techniques. It had been shown that this approach solves many problems associated with an individual cryptosystem. In this paper, we have reviewed and compared such hybrid schemes which tried to combine both the certificate based PKC and ID-based PKC. Also, the summary of the comparison, based on various features, is presented in a table. Keywords: Certificate-based PKI; Identity-based public key cryptography (ID-PKC); Hybrid PKI 1 INTRODUCTION Public key infrastructure (PKI) and public key cryptography (PKC) [12] plays a vital role with four major components of digital security: authentication, integrity, confidentiality and non-repudiation. Infact, PKI enables the use of PKC through key management. The ”efficient and secure management of the key pairs during their whole life cycle" is the purpose of PKI, which involves key generation, key distribution, key renewal, key revocation etc [11].
    [Show full text]
  • PUF Based Authentication Protocol for Iot
    S S symmetry Article PUF Based Authentication Protocol for IoT An Braeken Vrije Universiteit Brussel, Pleinlaan 2, 1050 Brussel, Belgium; [email protected]; Tel.: +32-468-104-767 Received: 11 July 2018; Accepted: 11 August 2018; Published: 20 August 2018 Abstract: Key agreement between two constrained Internet of Things (IoT) devices that have not met each other is an essential feature to provide in order to establish trust among its users. Physical Unclonable Functions (PUFs) on a device represent a low cost primitive exploiting the unique random patterns in the device and have been already applied in a multitude of applications for secure key generation and key agreement in order to avoid an attacker to take over the identity of a tampered device, whose key material has been extracted. This paper shows that the key agreement scheme of a recently proposed PUF based protocol, presented by Chatterjee et al., for Internet of Things (IoT) is vulnerable for man-in-the-middle, impersonation, and replay attacks in the Yao–Dolev security model. We propose an alternative scheme, which is able to solve these issues and can provide in addition a more efficient key agreement and subsequently a communication phase between two IoT devices connected to the same authentication server. The scheme also offers identity based authentication and repudiation, when only using elliptic curve multiplications and additions, instead of the compute intensive pairing operations. Keywords: physical unclonable function; authentication; elliptic curve cryptography; internet of things 1. Introduction Internet of Things (IoT) is experiencing worldwide growth. Not only classical computing and communication devices are connected, but also a whole range of other gadgets that are used in our daily life, such as thermostats, light switches, door locks, refrigerators, etc.
    [Show full text]
  • Re-Authentication and Tracing the Node Movement
    박 ¬ Y 위 | 8 Doctoral Thesis 센서 $¸워l@ t동 통신망D 위\ 보H 0 연l Advanced Security Schemes in Sensor Networks and Mobile Networks \ 규석 (韓 -m Han, Kyusuk) 정보통신õY과 Department of Information and Communication Engineering \ m 과 Y 0 Ð Korea Advanced Institute of Science and Technology 2010 센서 $¸워l@ t동 통신망D 위\ 보H 0 연l Advanced Security Schemes in Sensor Networks and Mobile Networks Advanced Security Schemes in Sensor Networks and Mobile Networks Advisor : Professor Kwangjo Kim by Han, Kyusuk Department of Information and Communication Engineering Korea Advanced Institute of Science and Technology A thesis submitted to the faculty of the Korea Advanced Institute of Science and Technology in partial fulfillment of the requirements for the degree of Doctor of Philosophy in the Department of Information and Communication Engineering Daejeon, Korea 2010. 5. 24. Approved by Professor Kwangjo Kim Advisor 센서 $¸워l@ t동 통신망D 위\ 보H 0 연l \ 규석 위 |8@ \m과Y0 Ð 박¬Y위|8<\ Y위|8심¬ 위Ð회Ð서 심¬ 통과X였L. 2010D 5월 24| 심¬위Ð¥ @ 광 p (x) 심¬위Ð @ 대 영 (x) 심¬위Ð t 병 천 (x) 심¬위Ð \ P 8 (x) 심¬위Ð \ 영 ¨ (x) DICE \ 규석. Han, Kyusuk. Advanced Security Schemes in Sensor Networks and Mobile Networks. 센서 $¸워l@ t동 통신망D 위\ 보H 0 연l. 20055186 Department of Information and Communication Engineering . 2010. 113p. Ad- visor Prof. Kwangjo Kim. Text in English. Abstract Recent advance of wireless sensor network and mobile communication network tech- nologies bring several new issues such as the mobility of sensor nodes, the deployment of PKI. Moreover, the convergence of such different networks are one of rising issues.
    [Show full text]
  • Schnorr-Based Implicit Certification
    Schnorr-based implicit certification: improving the security and efficiency of V2X communications Paulo S. L. M. Barreto1, Marcos A. Simplicio Jr.2, Jefferson E. Ricardini2,3 and Harsh Kupwade Patil3 1 University of Washington Tacoma, USA, [email protected], 2 Escola Politécnica, Universidade de São Paulo, Brazil, {mjunior,joliveira}@larc.usp.br 3 LG Electronics, USA, [email protected] Abstract. In the implicit certification model, the process of verifying the validity of the signer’s public key is combined with the verification of the signature itself. When compared to traditional, explicit certificates, the main advantage of the im- plicit approach lies in the shorter public key validation data. This property is particularly important in resource-constrained scenarios where public key valida- tion is performed very often, which is common in vehicular communications (V2X) that employ pseudonym certificates. In this article, we show that an alternative, Schnorr-based implicit certification procedure can improve the efficiency of a popular V2X-oriented pseudonym certificate provisioning approach, the (unified) butterfly key expansion. As an additional contribution, we show that butterfly keys are vulnerable to existential forgery attacks under certain conditions, and also discuss how this issue can be fixed in an effective and efficient manner. Keywords: Vehicular communications (V2X) · implicit certificates · butterfly key expansion · security 1 Introduction Public key authentication is the cornerstone for any security system that relies on pub- lic/private key pairs for digital signature, key exchange and/or asymmetric encryption. Traditionally, this is accomplished by means of explicit certificates, digital documents that enclose the subject’s public key and are signed by a trusted Certificate Authority (CA).
    [Show full text]
  • A Security Credential Management System for V2X Communications
    1 A Security Credential Management System for V2X Communications Benedikt Brecht¶, Dean Therriaultk, Andr´eWeimerskirch†, William Whyte∗, Virendra Kumar∗, Thorsten Hehn‡, Roy Goudy§ ¶[email protected] [email protected][email protected] ∗{wwhyte, vkumar}@onboardsecurity.com ‡[email protected] §[email protected] Abstract—The US Department of Transportation (US- of Basic Safety Messages (BSMs) has the potential DOT) issued a proposed rule on January 12th, 2017 to to reduce unimpaired vehicle crashes by 80% through mandate vehicle-to-vehicle (V2V) safety communications active safety applications [1]. Following a series of field in light vehicles in the US. Cybersecurity and privacy operational tests, the US Department of Transportation are major challenges for such a deployment. The au- (USDOT) issued a proposed rule on January 12th, 2017 thors present a Security Credential Management System (SCMS) for vehicle-to-everything (V2X) communications to mandate the inclusion of V2V technology in light ve- in this paper, which has been developed by the Crash hicles in the US [2]. Vehicles will broadcast BSMs up to Avoidance Metrics Partners LLC (CAMP) under a Coop- ten times per second to support V2V safety applications. erative Agreement with the USDOT. This system design is BSMs include the senders’ time, position, speed, path currently transitioning from research to Proof-of-Concept, history and other relevant information, and are digitally and is a leading candidate to support the establishment of signed. The receiver evaluates each message, verifies the a nationwide Public Key Infrastructure (PKI) for V2X se- signature, and then decides whether a warning needs to curity.
    [Show full text]
  • SEC 4: Elliptic Curve Qu-Vanstone Implicit Certificate Scheme (ECQV)
    Standards for Efficient Cryptography SEC 4: Elliptic Curve Qu-Vanstone Implicit Certificate Scheme (ECQV) Certicom Research Contact: Matthew Campagna ([email protected]) January 24, 2013 Version 1.0 c 2013 Certicom Corp. License to copy this document is granted provided it is identified as “Standards for Efficient Cryptography 4 (SEC4)”, in all material mentioning or referencing it. SEC 4 Ver. 1.0 Contents 1 Introduction 1 1.1 Overview . 1 1.2 Aim . 1 1.3 Compliance . 1 1.4 Document Evolution . 1 1.5 Intellectual Property . 1 2 Cryptographic Components 3 2.1 Security Levels . 3 2.2 Hash Functions . 3 2.3 Hashing to Integers Modulo n .............................. 4 2.4 Random Number Generation . 4 2.5 Elliptic Curve Domain Parameter Generation and Validation . 5 3 ECQV Implicit Certificate Scheme 5 3.1 Overview . 5 3.2 Prerequisites: ECQV Setup . 7 3.2.1 Certificate Encoding Methods . 7 3.3 Certificate Request: Cert Request ............................ 8 3.4 Certificate Generation Process: Cert Generate ..................... 8 3.5 Certificate Public Key Extraction Process: Cert PK Extraction ............ 10 3.6 Processing the Response to a Cert Request: Cert Reception .............. 10 3.7 ECQV Self-Signed Certificate Generation Scheme . 11 3.8 ECQV Self-Signed Implicit Certificate Public Key Extraction . 12 A Glossary 14 A.1 Terms . 14 A.2 Acronyms . 14 A.3 Notation . 15 B Commentary 16 C Representation of ECQV Certificate Structures 20 Contents Page i of iii SEC 4 Ver. 1.0 C.1 Fixed-Length Fields . 20 C.2 ASN.1 Encodings: Minimal and X.509-Compliant . 21 D References 28 Page ii of iii Contents SEC 4 Ver.
    [Show full text]
  • Security of ECQV-Certified ECDSA Against Passive Adversaries
    Security of ECQV-Certified ECDSA Against Passive Adversaries Daniel R. L. Brown,∗ Matthew J. Campagna∗ and Scott A. Vanstone∗ March 9, 2011 Abstract We show that the elliptic curve Qu-Vanstone implicit certificate scheme (ECQV), when composed with the Elliptic Curve Digital Signature Algorithm (ECDSA), is secure against passive adversaries under the combined assumption of the random oracle model and the generic group model,—if the ECQV certificate itself is excluded from the signable message space, because of an attack of Kravitz. In contrast, we detail an attack on the composition of another implicit certificate scheme, proposed by Pintsov and Vanstone for Optimal Mail Certificates (OMC), and ECDSA. This composition attack forges an implicitly certified ECDSA signature, and is passive in the sense of needing no interaction with the signer or the certification authority. (Pintsov and Vanstone did not propose combining OMC with ECDSA.) 1 Introduction A certification authority (CA) plays a central role in a secure public-key infrastructure as the root of trust. A CA binds an entity’s identity to its public-key by the creation of certificates. These certificates are typically comprised of a data portion, containing an identity element and a public key, and a signature on that data produced by the CA. Assurances on the validity of the certificate is provided by verifying the signature on the data portion using the CA’s public key. A valid signature on a certificate bears witness that the certificate has not been modified and the entity provided evidence to the CA that it had possession of the associated private key, such as by means of a signed certificate request, and is the identified entity according to the CA’s enrollment policies.
    [Show full text]
  • Arxiv:1907.05527V1 [Cs.CR] 12 Jul 2019 Impacting Our Society
    A Federated Lightweight Authentication Protocol for the Internet of Things Maria L. B. A. Santosa, Jéssica C. Carneiroa, Antônio M. R. Francoa, Fernando A. Teixeirab, Marco A. Henriquesc, Leonardo B. Oliveirad,a,∗ aUFMG, Belo Horizonte, Brazil bUFSJ, Ouro Branco, Brazil cUnicamp, Campinas, Brazil dVisiting professor at Stanford University, Stanford, USA Abstract Considering the world’s IoT development and market, it is necessary to guarantee the se- curity of the developed IoT applications as well as the privacy of their end users. In this sense, Federated Identity Management (FIdM) systems can be of great help as they improve user authentication and privacy. In this paper, we claim that traditional FIdM are mostly cumbersome and then ill-suited for IoT. As a solution to this problem, we come up with a federated identity authentication protocol exclusively tailored to IoT. Federated Lightweight Authentication of Things (FLAT), our solution, replaces weighty protocols and asymmetric cryptographic primitives used in traditional FIdM by lighter ones. For instance, FLAT syner- gistically combines symmetric cryptosystems and Implicit Certificates. The results show that FLAT can reduce the data exchange overhead by around 31% when compared to a baseline solution. FLAT’s Client is also more efficient than the baseline solution in terms of data trans- mitted, data received, total data exchange, and computation time. Our results indicate that FLAT runs efficiently even on top of resource-constrained devices like Arduino. Keywords: Internet of Things, authentication, federated identity management 1. Introduction The development of the Internet of Things (IoT) Atzori et al. (2010); Gubbi et al. (2013); Borgia (2014) is a national priority in several countries around the world and is significantly arXiv:1907.05527v1 [cs.CR] 12 Jul 2019 impacting our society.
    [Show full text]
  • Certificateless Public Key Signature Schemes from Standard Algorithms
    Certificateless Public Key Signature Schemes from Standard Algorithms (Expanded Version) Zhaohui Cheng1 and Liqun Chen2 1 Olym Info. Sec. Tech. Ltd. [email protected] 2 Surrey University [email protected] Abstract Certificateless public key cryptography (CL-PKC) is designed to have suc- cinct public key management without using certificates at the same time avoid the key-escrow attribute in the identity-based cryptography. However, it ap- pears difficult to construct CL-PKC schemes from standard algorithms. Secu- rity mechanisms employing self-certified key (also known as implicit certificate) can achieve same goals. But there still lacks rigorous security definitions for implicit-certificate-based mechanisms and such type of schemes were not ana- lyzed formally and often found vulnerable to attacks later. In this work, we first unify the security notions of these two types of mech- anisms within an extended CL-PKC formulation. We then present a general key-pair generation algorithm for CL-PKC schemes and use it with the key prefixing technique to construct certificateless public key signature (CL-PKS) schemes from standard algorithms. The security of the schemes is analyzed within the new model, and it shows that the applied technique helps defeat known-attacks against existing constructions. The resulting schemes could be quickly deployed based on the existing stan- dard algorithm implementations. They are particularly useful in the Internet of Things (IoT) to provide security services such as entity authentication, data integrity and non-repudiation because of their low computation cost, bandwidth consumption and storage requirement. 1 Contents 1 Introduction 3 1.1 Related Work .
    [Show full text]
  • A Closer Look at PKI: Security and Efficiency
    A Closer Look at PKI: Security and Efficiency Alexandra Boldyreva1 and Marc Fischlin2 and Adriana Palacio3 and Bogdan Warinschi4 1Georgia Institute of Technology, USA. [email protected] 2Darmstadt University of Technology, Germany. [email protected] 3Bowdoin College, USA. [email protected] 4University of Bristol, UK. [email protected] April 13, 2007 Abstract In this paper we take a closer look at the security and efficiency of public-key encryption and sig- nature schemes in public-key infrastructures (PKI). Unlike traditional analyses which assume an “ideal” implementation of the PKI, we focus on the security of joint constructions that consider the certification authority (CA) and the users, and include a key-registration protocol and the algorithms of an encryption or a signature scheme. We therefore consider significantly broader adversarial capabilities. Our analysis clarifies and validates several crucial aspects such as the amount of trust put in the CA, the necessity and specifics of proofs of possession of secret keys, and the security of the basic primitives in this more complex setting. We also provide constructions for encryption and signature schemes that provably satisfy our strong security definitions and are more efficient than the corresponding traditional constructions that assume a digital certificate issued by the CA must be verified whenever a public key is used. Our results address some important aspects for the design and standardization of PKIs, as targeted for example in the standards project ANSI X9.109. 1 Introduction Public key cryptography implicitly relies on the existence of a public-key infrastructure (PKI), where each user has a pair of public and secret keys for the cryptosystem, and that this association is publicly available.
    [Show full text]
  • Energy/Security Scalable Mobile Cryptosystem
    The 14’” IEEE 2003 International Symposium on PersonalJndoor and Mobile Radio Communication Proceedings Energy/Security Scalable Mobile Cryptosystem Qiang Huang, Hisashi Kobayashi and Bede Liu Daqing Gu and Jinyun Zhang Department of Electrical Engineering Mitsubishi Electric Research Laboratories Princeton University 201 Broadway Princeton, NJ 08544, USA Cambridge, MA 02139, USA Abstract-Time-sensitive nobile commerce is vulnerable to security requirements, or when the node is in low power message authentication delays. Significant power consumption status. For critical commercial and military applications we incurred by cryptography is another limiting factor of most propose a secure routing protocol with faulty link detection mobile devices. In this paper, we present a scalable mobile based on an efficient authentication scheme combing the use cryptosystem, which installs a group key and an elliptic curve privatelpublic key pair in each device to enable both symmetric of elliptic curve cryptography (ECC) and hash functions. key and public key cryptography. Scalable key establishment Section 4 summarizes this paper. protocols and secure routing protocols with scalable authentication are proposed to make tradeoffs between security 11. SCALABLE KEY ESTABLISHMENT and energy, according to different mobile applications. In this section, we propose three different key establishment protocols for mobile networks according to different application scenarios, the first one based on pure 1. INTRODUCTION symmetric key cryptography and suitable for toysfgames home Secure and fast transmission of sensitive digital networking, the second based on a hybrid of symmetric key information ovcr wireless channels has become increasingly and public key cryptography and designed for residential or important. The use of public key cryptography consumes a small commercial wireless network deployment, and the last significant portion of the overall system resource.
    [Show full text]