• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.4
• /
• pp.910-922
• /
• 2013

In 2008, Chin et al. proposed an efficient and provable secure identity-based identification scheme in the standard model. However, we discovered a subtle flaw in the security proof which renders the proof of security useless. While no weakness has been found in the scheme itself, a scheme that is desired would be one with an accompanying proof of security. In this paper, we provide a fix to the scheme to overcome the problem without affecting the efficiency as well as a new proof of security. In particular, we show that only one extra pre-computable pairing operation should be added into the commitment phase of the identification protocol to fix the proof of security under the same hard problems.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.9
• /
• pp.4576-4598
• /
• 2018

In big data age, flexible and affordable cloud storage service greatly enhances productivity for enterprises and individuals, but spontaneously has their outsourced data susceptible to integrity breaches. Provable Data Possession (PDP) as a critical technology, could enable data owners to efficiently verify cloud data integrity, without downloading entire copy. To address challenging integrity problem on multiple clouds for multiple owners, an identity-based batch PDP scheme was presented in ProvSec 2016, which attempted to eliminate public key certificate management issue and reduce computation overheads in a secure and batch method. In this paper, we firstly demonstrate this scheme is insecure so that any clouds who have outsourced data deleted or modified, could efficiently pass integrity verification, simply by utilizing two arbitrary block-tag pairs of one data owner. Specifically, malicious clouds are able to fabricate integrity proofs by 1) universally forging valid tags and 2) recovering data owners' private keys. Secondly, to enhance the security, we propose an improved scheme to withstand these attacks, and prove its security with CDH assumption under random oracle model. Finally, based on simulations and overheads analysis, our batch scheme demonstrates better efficiency compared to an identity based multi-cloud PDP with single owner effort.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.8 no.6
• /
• pp.15-20
• /
• 2008

Provable security has widely been used to prove a cryptosystem's security formally in crpytography. In this paper, we analyze the Cramer-Shoup public key cryptosystem that has been known to be provable secure against adaptive chosen ciphertext attack and argue that its security proof is not complete in the generic sense of adaptive chosen ciphertext attack. Future research should be directed toward two directions: one is to make the security proof complete even against generic sense of adaptive chosen ciphertext attack, and another is to try finding counterexamples of successful adaptive chosen ciphertext attack on the Cramer-Shoup cryptosystem.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.9
• /
• pp.3322-3347
• /
• 2021

Cloud Storage is the primary component of many businesses on cloud. Majority of the enterprises today are adopting a multicloud strategy to keep away from vendor lock-in and to optimize cost. Auditing schemes are used to ascertain the integrity of cloud data. Of these schemes, only the Provable Data Possession schemes (PDP) are resilient to key-exposure. These PDP schemes are devised using Public Key Infrastructure (PKI-) based cryptography, Identity-based cryptography, etc. PKI-based systems suffer from certificate-related communication/computational complexities. The Identity-based schemes deal with the exposure of only the auditing secret key (audit key). But with the exposure of both the audit key and the secret key used to update the audit key, the auditing process itself becomes a complete failure. So, an Identity-based PDP scheme with Parallel Key-Insulation is proposed for multiple cloud storage. It reduces the risk of exposure of both the audit key and the secret key used to update the audit key. It preserves the data privacy from the Third Party Auditor, secure against malicious Cloud Service Providers and facilitates batch auditing. The resilience to key-exposure is proved using the CDH assumption. Compared to the existing Identity-based multicloud schemes, it is efficient in integrity verification.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.7
• /
• pp.2532-2553
• /
• 2014

In Asiacrypt 2003, Al-Riyami and Paterson proposed the notion of certificateless cryptography, a technique to remove key escrow from traditional identity-based cryptography as well as circumvent the certificate management problem of traditional public key cryptography. Subsequently much research has been done in the realm of certificateless encryption and signature schemes, but little to no work has been done for the identification primitive until 2013 when Chin et al. rigorously defined certificateless identification and proposed a concrete scheme. However Chin et al.'s scheme was proven in the random oracle model and Canetti et al. has shown that certain schemes provable secure in the random oracle model can be insecure when random oracles are replaced with actual hash functions. Therefore while having a proof in the random oracle model is better than having no proof at all, a scheme to be proven in the standard model would provide stronger security guarantees. In this paper, we propose the first certificateless identification scheme that is both efficient and show our proof of security in the standard model, that is without having to assume random oracles exist.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.5 no.3
• /
• pp.607-625
• /
• 2011

Two-party key exchange protocol is a mechanism in which two parties communicate with each other over an insecure channel and output the same session key. A key exchange protocol that is secure against an active adversary who can control and modify the exchanged messages is called authenticated key exchange (AKE) protocol. LaMacchia, Lauter and Mityagin presented a strong security definition for public key infrastructure (PKI) based two-pass protocol, which we call the extended Canetti-Krawczyk (eCK) security model, and some researchers have provided eCK-secure AKE protocols in recent years. However, almost all protocols are provably secure in the random oracle model or rely on a special implementation technique so-called the NAXOS trick. In this paper, we present a PKI-based two-pass AKE protocol that is secure in the eCK security model. The security of the proposed protocol is proven without random oracles (under three assumptions), and does not rely on implementation techniques such as the NAXOS trick.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.12
• /
• pp.3261-3273
• /
• 2013

In the paper, we propose a novel adaptively secure hierarchical identity-based signature scheme from lattices. The size of signatures in our scheme is shortest among the existing hierarchical identity-based signature schemes from lattices. Our scheme is motivated by Gentry et al.'s signature scheme and Agrawal et al.'s hierarchical identity-based encryption scheme.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.3
• /
• pp.547-557
• /
• 2015

The security of all cryptographic algorithms and protocols is based on the confidentiality of secret keys. Key management mechanism is an indispensable part of the cryptographic system and this deals with the generation, exchange, storage, use, and replacement of keys. Within the key management mechanism there are key derivation functions (KDFs) which derive one or more keys from a master key. NIST specifies three families of PRF-based KDFs in SP 800-108. In this paper, we examine the difference of security models between the KDFs and the encryption modes of operations. Moreover we focus on the provable security of PRF-based KDFs according to input types of counters, and show that the counter and feedback modes of KDFs using XOR of counters are insecure, while these modes using concatenation of counters are secure.

• The KIPS Transactions:PartC
• /
• v.9C no.4
• /
• pp.573-580
• /
• 2002

Within the security architecture of the 3GPP system there is a standardised integrity algorithm f9. The integrity algorithm f9 computes a MAC to authenticate the data integrity and data origin of signalling data over a radio access link of W-CDMA IMT-2000. f9 is a variant of the standard CBC MAC based on the block cipher KASUMI. In this paper we provide the provable security of f9 We prove that f9 is secure by giving concrete bound on an adversary's inability to forge in terms of her inability to distinguish the underlying block cipher from a pseudorandom permutation.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.8
• /
• pp.2930-2947
• /
• 2014

With the rapid growth of the communication technology, intelligent terminals (i.e. PDAs and smartphones) are widely used in many mobile applications. To provide secure communication in mobile environment, in recent years, many user authentication schemes have been proposed. However, most of these authentication schemes suffer from various attacks and cannot provide provable security. In this paper, we propose a novel remote user mutual authentication scheme for multi-server environments using elliptic curve cryptography (ECC). Unlike other ECC-based schemes, the proposed scheme uses ECC in combination with a secure hash function to protect the secure communication among the users, the servers and the registration center (RC). Through this method, the proposed scheme requires less ECC-based operations than the related schemes, and makes it possible to significantly reduce the computational cost. Security and performance analyses demonstrate that the proposed scheme can solve various types of security problems and can meet the requirements of computational complexity for low-power mobile devices.