• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.4 no.3
• /
• pp.380-399
• /
• 2010

In this paper, we present a new class of attacks against an anonymous communication protocol, originally presented in ACNS 2008. The protocol itself was proposed as an improved version of ModOnions, which exploits universal re-encryption in order to avoid replay attacks. However, ModOnions allowed the detour attack, introduced by Danezis to re-route ModOnions to attackers in such a way that the entire path is revealed. The ACNS 2008 proposal addressed this by using a more complicated key management scheme. The revised protocol is immune to detour attacks. We show, however, that the ModOnion construction is highly malleable and this property can be exploited in order to redirect ModOnions. Our attacks require detailed probing and are less efficient than the detour attack, but they can nevertheless recover the full onion path while avoiding detection and investigation. Motivated by this, we present modifications to the ModOnion protocol that dramatically reduce the malleability of the encryption primitive. It addresses the class of attacks we present and it makes other attacks difficult to formulate.

• Proceedings of the Korea Society of Information Technology Applications Conference
• /
• 2005.11a
• /
• pp.247-250
• /
• 2005

Recently, a concept of bid-rigging is issued in electronic auction. To prevent this attack, Abe-Suzuki proposed firstly receipt-free scheme based on bidding-booth. Chen-Lee-Kim pointed out that Abe-Suzuki's scheme only provides receipt-freeness for losing bidders. Also, they introduced a new receipt-free sealed bid auction scheme using the homomorphic encryption technique. The main participants of their scheme are Auctioneer, Auction Issuer, Bidder and Seller. Bid-rigging can happen by a seller in their scheme. We propose receipt-free sealed-bid auction scheme using a universal re-encryption mixnet. For our receipt-free sealed-bid auction, we use Pseudo ID of a bidder and universal re-encryption technique of Golle et al. Also, our scheme satisfies privacy, correctness, public verifiability, non-reputation, and receipt-freeness.

• Journal of Communications and Networks
• /
• v.11 no.6
• /
• pp.607-614
• /
• 2009

Recently, Lu et al. proposed an efficient conditional privacy preservation protocol, named ECPP, based on group signature scheme for generating anonymous certificates from roadside units (RSUs). However, ECPP does not provide unlinkability and traceability when multiple RSUs are compromised. In this paper, we make up for the limitations and propose a robust and efficient anonymous authentication protocol without loss of efficiency as compared with ECPP. Furthermore, in the proposed protocol, RSUs can issue multiple anonymous certificates to an OBU to alleviate system overheads for mutual authentication between OBUs and RSUs. In order to achieve these goals, we consider a universal re-encryption scheme and identity-based key establishment scheme as our building blocks. Several simulations are conducted to verify the efficiency and effectiveness of the proposed protocol by comparing with those of the existing ECPP.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.1
• /
• pp.33-42
• /
• 2009

Recently, there have been many researches about anonymous credential systems for supporting the user anonymity. However, these systems only hold a high security level, even though they must be able to be applied to various application that might require access control, conditional traceability, etc. As new challenges to these systems, some researches that several entities store the link information that associates identities and pseudonyms each other have been performed. In this paper, based on the oblivious transfer, we suggest a new pseudonym protocol that solves the pseudonym exhaustion problem which the original pseudonym retrieval protocol suffers from. By using the universal re-encryption and one-way function, we can also archive other requirements like the pseudonym unlinkability from the outside.