• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.8
• /
• pp.1972-1988
• /
• 2013

In order to deal with key exposure problem, we introduce forward secure technique into certificateless proxy signature scheme, and propose the formal definition and security model of the forward secure certificateless proxy signature. Our security model takes into account the super adversary in certificateless signature. Furthermore, we present a construction of forward secure certificateless proxy signature scheme with bilinear maps. Based on the difficulty of computational Diffie-Hellman problem, we prove the scheme is secure against chosen message attack in the random oracle model. Finally, we analyze efficiency of the proposed scheme.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.5
• /
• pp.2792-2810
• /
• 2017

Forward-secure signature is a specific type of signature, which can mitigate the damage caused by the signing key exposure. Most of the existing forward-secure (identity-based) signature schemes can update users' secret keys at each time period, achieve the existential unforgeability, and resist against classical computer attacks. In this paper, we first revisit the framework of forward-secure identity-based signatures, and aim at supporting flexible key update at multi time period. Then we propose a post-quantum forward-secure identity-based signature scheme from lattices and use the basis delegation technique to provide flexible key update. Finally, we prove that the proposed scheme is strongly unforgeable under the short integer solution (SIS) hardness assumption in the random oracle model.

• ETRI Journal
• /
• v.37 no.3
• /
• pp.573-583
• /
• 2015

We introduce the idea of a forward-secure undetachable digital signature (FS-UDS) in this paper, which enables mobile agents to generate undetachable digital signatures with forward security of the original signer's signing key. The definition and security notion of an FS-UDS scheme are given. Then, the construction of a concrete FS-UDS scheme is proposed; and the proof of security for the proposed scheme is also provided. In the proposed scheme, mobile agents need not carry the signing key when they generate digital signatures on behalf of the original signer, so the signing key will not be compromised. At the same time, the encrypted function is combined with the original signer's requirement; therefore, misuse of the signing algorithm can be prevented. Furthermore, in the case where a hacker has accessed the signing key of the original signer, he/she is not able to forge a signature for any time period prior to when the key was obtained.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.3
• /
• pp.1502-1522
• /
• 2019

Leakage of secret keys may be the most devastating problem in public key cryptosystems because it means that all security guarantees are missing. The forward security mechanism allows users to update secret keys frequently without updating public keys. Meanwhile, it ensures that an attacker is unable to derive a user's secret keys for any past time, even if it compromises the user's current secret key. Therefore, it offers an effective cryptographic approach to address the private key leakage problem. As an extension of the forward security mechanism in certificate-based public key cryptography, forward-secure certificate-based signature (FS-CBS) has many appealing merits, such as no key escrow, no secure channel and implicit authentication. Until now, there is only one FS-CBS scheme that does not employ the random oracles. Unfortunately, our cryptanalysis indicates that the scheme is subject to the security vulnerability due to the existential forgery attack from the malicious CA. Our attack demonstrates that a CA can destroy its existential unforgeability by implanting trapdoors in system parameters without knowing the target user's secret key. Therefore, it is fair to say that to design a FS-CBS scheme secure against malicious CAs without lying random oracles is still an unsolved issue. To address this problem, we put forward an enhanced FS-CBS scheme without random oracles. Our FS-CBS scheme not only fixes the security weakness in the original scheme, but also significantly optimizes the scheme efficiency. In the standard model, we formally prove its security under the complexity assumption of the square computational Diffie-Hellman problem. In addition, the comparison with the original FS-CBS scheme shows that our scheme offers stronger security guarantee and enjoys better performance.

• ETRI Journal
• /
• v.39 no.5
• /
• pp.729-736
• /
• 2017

This work investigates secure cluster-aided multi-hop randomize-and-forward networks. We present a hop-by-hop multi-hop transmission scheme with relay selection, which evaluates for each cluster the relays that can securely receive the message. We propose an analytical model to derive the secure connectivity probability (SCP) of the hop-by-hop transmission scheme. For comparison, we also analyze SCPs of traditional end-to-end transmission schemes with two relay-selection policies. We perform simulations, and our analytical results verify that the proposed hop-by-hop scheme is superior to end-to-end schemes, especially with a large number of hops or high eavesdropper channel quality. Numerical results also show that the proposed hop-by-hop scheme achieves near-optimal performance in terms of the SCP.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.5
• /
• pp.147-157
• /
• 2003

We often use cryptographic systems on small devices such as mobile phones, smart cards and so on. But such devices are delicate against the tlreat of key exposure of secret keys. To reduce the damage caused by exposure of secret keys stored on such devices, the concept of forward security is introduced. In this Paper, we present a new forward secure signature scheme based on Gap Diffie-Hellman groups. Our scheme achieves security against chosen-message attacks under the computational Diffie-Hellman assumption in the random oracle model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.5
• /
• pp.27-38
• /
• 2007

One of the most important security issues of e-mail service is user privacy. Currently, various security protocols, like PGP(pretty Good Privacy), S/MIME(Secure/Multipurpose Internet Mail Extension), have been proposed. These protocols, however, do not provide forward secrecy. Recently, some security protocols that provide forward secrecy were proposed. But all of them require changes to the current e-mail infrastructure. Moreover, contrary to authors' intention, some of them do not actually provide perfect forward secrecy. In this paper, we propose a new practical e-mail security protocol. The proposed protocol provides perfect forward secrecy and uses a practical e-mail model that dose not require any changes to existing e-mail servers. It encrypts and authenticates messages efficiently using elliptic curve based signcryption scheme. In addition, we provide a way to send secure group e-mails.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.4
• /
• pp.1553-1571
• /
• 2018

Currently, many of schemes for smart grid data aggregation are based on a one-level gateway (GW) topology. Since the data aggregation granularity in this topology is too single, the control center (CC) is unable to obtain more fine-grained data aggregation results for better monitoring smart grid. To improve this issue, Shen et al. propose an efficient privacy-preserving cube-data aggregation scheme in which the system model consists of two-level GW. However, a risk exists in their scheme that attacker could forge the signature by using leaked signing keys. In this paper, we propose a secure and fine-grained electricity consumption aggregation scheme for smart grid, which employs the homomorphic encryption to implement privacy-preserving aggregation of users' electricity consumption in the two-level GW smart grid. In our scheme, CC can achieve a flexible electricity regulation by obtaining data aggregation results of various granularities. In addition, our scheme uses the forward-secure signature with backward-secure detection (FSBD) technique to ensure the forward-backward secrecy of the signing keys. Security analysis and experimental results demonstrate that the proposed scheme can achieve forward-backward security of user's electricity consumption signature. Compared with related schemes, our scheme is more secure and efficient.

• The KIPS Transactions:PartC
• /
• v.14C no.2
• /
• pp.123-128
• /
• 2007

Many service systems use Public Key Infrastructure (PKI) to protect the service. But there arc problems with the use of PKI. One of the problems is that some services would require a function instantaneously to check public kel certificate, but PKI does not satisfy such request. To solve the problem, Bouch et al. first proposed the concept of mediated RSA (mRSA). Then Gene Tsudik proposed 'weak' forward secure mRSA. In this paper, we analyze the weakness of these schemes and find the source of the vulnerabilitv. And we propose a new mRSA that is strong forward secure.

• Journal of information and communication convergence engineering
• /
• v.7 no.4
• /
• pp.521-524
• /
• 2009

Park proposed a forward & backward Secure key management scheme in wireless sensor networks for Process Control Systems (PCSs) or Supervisory Control and Data Acquisition (SCADA) systems [7]. The scheme, however, is still vulnerable to an attack called "sandwich attack": two nodes captured at times $t_1$ and $t_2$, respectively, surrenders all the group keys used between times $t_1$ and $t_2$. In this paper, we propose a fix to the scheme, which can limit the vulnerable time duration to an arbitrarily chosen time span while keeping the forward and backward secrecy of the scheme untouched.