Dissertations / Theses on the topic 'Identity Based Signatures'

Voz sobre IP (ou VoIP) vem sendo adotada progressivamente não apenas por um grande número de empresas mas também por um número expressivo de pessoas, no Brasil e em outros países. Entretanto, essa crescente adoção de VoIP no mundo traz consigo algumas preocupações tais como ameaças e riscos de segurança, sobretudo no que diz respeito à autenticidade, privacidade e integridade da comunicação. Para proteger a sessão de mídia existem protocolos muito eficientes, como o Secure Real-time Transport Protocol (SRTP). Mas ele depende de uma chave secreta para tornar a comunicação segura de fato. Assim, uma boa estratégia é aproveitar o processo de sinalização que estabelece a sessão de mídia e negociar uma chave secreta de sessão que seja comum às partes comunicantes. Esse processo de sinalização é realizado por tipos específicos de protocolo tais como o Session Initiation Protocol (SIP), um protocolo de sinalização muito importante e que vem sendo usado cada vez mais por softphones para comunicação na Internet. Todavia, os riscos e ameaças mencionados já existem no próprio processo de sinalização e, dentre eles, o ataque do tipo man-in-the-middle é o mais perigoso, devido aos prejuízos que ele pode causar. Depois de fazer uma revisão bibliográfica dos riscos e ameaças inerentes ao SIP, bem como de seus mecanismos de segurança (analisando os pontos fortes e de atenção deles), foi possível originar um novo mecanismo de segurança, o qual é apresentado neste trabalho. O mecanismo proposto usa um protocolo para troca segura de informações o protocolo Massey-Omura o qual, quando combinado com emparelhamentos bilineares, provê ao SIP um melhor nível de segurança em todos os aspectos (autenticidade, privacidade e integridade). Além disso, o novo mecanismo é avaliado através de uma prova de conceito, na qual utilizou-se um softphone SIP funcional. A análise de segurança realizada e os resultados obtidos da prova de conceito fazem do mecanismo de segurança proposto uma alternativa viável para o SIP.<br>Voice over IP (or VoIP) has been progressively adopted not only by a great number of companies but also by an expressive number of people, in Brazil and in other countries. However, this increasing adoption of VoIP in the world brings some concerns such as security risks and threats, mainly on the authenticity, privacy and integrity of the communication. In order to protect the media session, efficient protocols like the Secure Real-time Transport Protocol (SRTP) have been used. However, it depends on a secret key to make the communication secure. Thus, a good strategy is to take advantage of the signaling process to establish the media session, and agree on a common secret session key between the communicating parties. This signaling process is performed by specific types of protocols such as the Session Initiation Protocol (SIP), a very important signaling protocol, which has been used more and more by softphones in the Internet communication. Nevertheless, those risks and threats already exist in the own signaling process and, among them, the man-in-the-middle attack is the worst of all due to its high danger degree. After doing a bibliographical revision of the SIP security risks and threats, as well as its security mechanisms (analyzing their advantages and drawbacks), it was possible to generate a new security mechanism, which is presented in this work. The proposed mechanism uses a protocol for secure information exchange the Massey-Omura protocol which, when combined with bilinear pairings, provides a better security level for SIP in all its aspects (authenticity, privacy and integrity). Besides this, the new mechanism is evaluated by a proof of concept, in the which a functional SIP softphone was used. The security analysis and the results obtained from the proof of concept, make the proposed security mechanism a viable alternative for SIP.

O crescimento acelerado de negócios voltado para Internet aumenta significativamente a necessidade por mecanismos que possam garantir a confidencialidade dos dados, fornecendo ferramentas para autenticidade e irretratabilidade dos usuários em qualquer meio de comunicação, mesmo em equipamentos que possuem recursos computacionais limitados, como um telefone celular, por exemplo. Este trabalho apresenta um esquema de criptografia que utiliza os dados pessoais para geração de chave e cifração, chamado Criptografia Baseada na Identidade, sem necessidade de um certificado digital. São apresentados diversos modelos de cifração, assinatura, acordo de chaves, bem como principais características, diferenças operacionais e respectivos aspectos relevantes de segurança. Algumas aplicabilidades como busca de dados cifrados, por exemplo, são implementadas, para melhor entendimento das operações e fases envolvidas. Os comparativos de custos computacionais das operações envolvidas destacam o esquema de assinatura de Barreto et al. (2005) e esquema de acordo de chave Mc- Cullagh e Barreto (2004b). São descritos também os pré-requisitos de um ambiente criptográfico baseado na identidade, o qual permite realizar as operações de cifração, assinatura e acordo de chaves com menor custo computacional possível.<br>The accelerated growth of Internet-based business increase significantly the need for mechanisms that can guarantee the data confidentiality, providing tools for authenticity and non-repudiation users in any medium of communication, even with computer resources becoming increasingly scarce, eg into a cell phone. This paper describes an encryption scheme that uses personal data for key generation and encryption, called the Identity Based Encryption, without need for a digital certificate. Various encryption schemes, signature, key agreement are shown, and its main characteristics, operational differences and their respective relevant aspects of security. Some aplicabilities such as encrypted data search, for example, are implemented, for better understanding of the operations and stages involved. The comparative computataional costs of operations highlight the Barreto et al. (2005) signature scheme and McCullagh e Barreto (2004b) key agreement scheme. They are also described, the prerequisites of an Identity-based cryptography environment, which allows to perform the operations of encryption, signing and key agreement with lower computational cost possible.

Tendering is a method for entering into a sales contract. Numerous electronic tendering systems have been established with the intent of improving the efficiency of the tendering process. Although providing adequate security services is a desired feature in an e-tendering system, current e-tendering systems are usually designed with little consideration of security and legal compliance. This research focuses on designing secure protocols for e-tendering systems. It involves developing methodologies for establishing security requirements, constructing security protocols and using formal methods in protocol security verification. The implication is that it may prove suitable for developing secure protocols in other electronic business domains. In depth investigations are conducted into a range of issues in relation to establishing generic security requirements for e-tendering systems. The outcomes are presented in a form of basic and advanced security requirements for e-tendering process. This analysis shows that advanced security services are required to secure e-tender negotiation integrity and the submission process. Two generic issues discovered in the course of this research, functional difference and functional limitations, are fundamental in constructing secure protocols for tender negotiation and submission processes. Functional difference identification derives advanced security requirements. Functional limitation assessment defines how the logic of generic security mechanisms should be constructed. These principles form a proactive analysis applied prior to the construction of security protocols. Security protocols have been successfully constructed using generic cryptographic security mechanisms. These protocols are secure e-tender negotiation integrity protocol suite, and secure e-tender submission protocols. Their security has been verified progressively during the design. Verification results show that protocols are secure against common threat scenarios. The primary contribution of this stage are the procedures developed for the complex e-business protocol analysis using formal methods. The research shows that proactive analysis has made this formal security verification possible and practical for complex protocols. These primary outcomes have raised awareness of security issues in e-tendering. The security solutions proposed in the protocol format are the first in e-tendering with verifiable security against common threat scenarios, and which are also practical for implementation. The procedures developed for securing the e-tendering process are generic and can be applied to other business domains. The study has made improvements in: establishing adequate security for a business process; applying proactive analysis prior to secure protocol construction; and verifying security of complex e-business protocols using tool aided formal methods.

Tendering is a method for entering into a sales contract. Numerous electronic tendering systems have been established with the intent of improving the efficiency of the tendering process. Although providing adequate security services is a desired feature in an e-tendering system, current e-tendering systems are usually designed with little consideration of security and legal compliance. This research focuses on designing secure protocols for e-tendering systems. It involves developing methodologies for establishing security requirements, constructing security protocols and using formal methods in protocol security verification. The implication is that it may prove suitable for developing secure protocols in other electronic business domains. In depth investigations are conducted into a range of issues in relation to establishing generic security requirements for e-tendering systems. The outcomes are presented in a form of basic and advanced security requirements for e-tendering process. This analysis shows that advanced security services are required to secure e-tender negotiation integrity and the submission process. Two generic issues discovered in the course of this research, functional difference and functional limitations, are fundamental in constructing secure protocols for tender negotiation and submission processes. Functional difference identification derives advanced security requirements. Functional limitation assessment defines how the logic of generic security mechanisms should be constructed. These principles form a proactive analysis applied prior to the construction of security protocols. Security protocols have been successfully constructed using generic cryptographic security mechanisms. These protocols are secure e-tender negotiation integrity protocol suite, and secure e-tender submission protocols. Their security has been verified progressively during the design. Verification results show that protocols are secure against common threat scenarios. The primary contribution of this stage are the procedures developed for the complex e-business protocol analysis using formal methods. The research shows that proactive analysis has made this formal security verification possible and practical for complex protocols. These primary outcomes have raised awareness of security issues in e-tendering. The security solutions proposed in the protocol format are the first in e-tendering with verifiable security against common threat scenarios, and which are also practical for implementation. The procedures developed for securing the e-tendering process are generic and can be applied to other business domains. The study has made improvements in: establishing adequate security for a business process; applying proactive analysis prior to secure protocol construction; and verifying security of complex e-business protocols using tool aided formal methods.

An identity-based cryptosystem (IBC) is a public-key system where the public key can be represented by any arbitrary string such as an e-mail address. The notion was introduced by Shamir with the primary goal of simplifying certificate management. An identity-based signature(IBS) is the identity-based counter part of a digital signature. In the first (and primary) part of the work, we take a closer look at an IBS due to Galindo and Garcia–GG-IBS, for short. GG-IBS is derived through a simple and elegant concatenation of two Schnorr signatures and, importantly, does not rely on pairing. The security is established through two algorithms (both of) which use the Multiple-Forking(MF) Algorithm to reduce the problem of computing the discrete logarithm to breaking the IBS. Our focus is on the security argument : It turns out that the argument is flawed and, as a remedy, we sketch a new security argument. However, the resulting security bound is still quite loose, chiefly due to the usage of the MF Algorithm. We explore possible avenues for improving this bound and , to this end, introduce two notions pertaining to random oracles termed dependency and independency. Incorporating (in) dependency allows us to launch the nested replay attack far more effectively than in the MF Algorithm leading to a cleaner,(significantly) tighter security argument for GG-IBS, completing the final piece of the GG-IBS jigsaw. The second part of the work pertains to the notion of selective-identity (sID) for IBCs. The focus is on the problem of constructing a fully-secure IBS given an sID-secure IBS without using random oracles and with reasonable security degradation.

An identity-based cryptosystem (IBC) is a public-key system where the public key can be represented by any arbitrary string such as an e-mail address. The notion was introduced by Shamir with the primary goal of simplifying certificate management. An identity-based signature(IBS) is the identity-based counter part of a digital signature. In the first (and primary) part of the work, we take a closer look at an IBS due to Galindo and Garcia–GG-IBS, for short. GG-IBS is derived through a simple and elegant concatenation of two Schnorr signatures and, importantly, does not rely on pairing. The security is established through two algorithms (both of) which use the Multiple-Forking(MF) Algorithm to reduce the problem of computing the discrete logarithm to breaking the IBS. Our focus is on the security argument : It turns out that the argument is flawed and, as a remedy, we sketch a new security argument. However, the resulting security bound is still quite loose, chiefly due to the usage of the MF Algorithm. We explore possible avenues for improving this bound and , to this end, introduce two notions pertaining to random oracles termed dependency and independency. Incorporating (in) dependency allows us to launch the nested replay attack far more effectively than in the MF Algorithm leading to a cleaner,(significantly) tighter security argument for GG-IBS, completing the final piece of the GG-IBS jigsaw. The second part of the work pertains to the notion of selective-identity (sID) for IBCs. The focus is on the problem of constructing a fully-secure IBS given an sID-secure IBS without using random oracles and with reasonable security degradation.

Au Man Ho Allen.<br>Thesis (M.Phil.)--Chinese University of Hong Kong, 2005.<br>Includes bibliographical references (leaves 60-68).<br>Abstracts in English and Chinese.<br>Abstract --- p.i<br>Acknowledgement --- p.iii<br>Chapter 1 --- Introduction --- p.1<br>Chapter 2 --- Preliminaries --- p.5<br>Chapter 2.1 --- Complexity Theory --- p.5<br>Chapter 2.2 --- Algebra and Number Theory --- p.7<br>Chapter 2.2.1 --- Groups --- p.7<br>Chapter 2.2.2 --- Additive Group Zn and Multiplicative Group Z*n --- p.8<br>Chapter 2.2.3 --- The Integer Factorization Problem --- p.9<br>Chapter 2.2.4 --- Quadratic Residuosity Problem --- p.11<br>Chapter 2.2.5 --- Computing e-th Roots (The RSA Problem) --- p.13<br>Chapter 2.2.6 --- Discrete Logarithm and Related Problems --- p.13<br>Chapter 2.3 --- Public key Cryptography --- p.16<br>Chapter 2.3.1 --- Encryption --- p.17<br>Chapter 2.3.2 --- Digital Signature --- p.20<br>Chapter 2.3.3 --- Identification Protocol --- p.22<br>Chapter 2.3.4 --- Hash Function --- p.24<br>Chapter 3 --- Paillier Cryptosystems --- p.26<br>Chapter 3.1 --- Introduction --- p.26<br>Chapter 3.2 --- The Paillier Cryptosystem --- p.27<br>Chapter 4 --- Identity-based Cryptography --- p.30<br>Chapter 4.1 --- Introduction --- p.31<br>Chapter 4.2 --- Identity-based Encryption --- p.32<br>Chapter 4.2.1 --- Notions of Security --- p.32<br>Chapter 4.2.2 --- Related Results --- p.35<br>Chapter 4.3 --- Identity-based Identification --- p.36<br>Chapter 4.3.1 --- Security notions --- p.37<br>Chapter 4.4 --- Identity-based Signature --- p.38<br>Chapter 4.4.1 --- Security notions --- p.39<br>Chapter 5 --- Identity-Based Cryptography from Paillier System --- p.41<br>Chapter 5.1 --- Identity-based Identification schemes in Paillier setting --- p.42<br>Chapter 5.1.1 --- Paillier-IBI --- p.42<br>Chapter 5.1.2 --- CGGN-IBI --- p.43<br>Chapter 5.1.3 --- GMMV-IBI --- p.44<br>Chapter 5.1.4 --- KT-IBI --- p.45<br>Chapter 5.1.5 --- Choice of g for Paillier-IBI --- p.46<br>Chapter 5.2 --- Identity-based signatures from Paillier system . . --- p.47<br>Chapter 5.3 --- Cocks ID-based Encryption in Paillier Setting . . --- p.48<br>Chapter 6 --- Concluding Remarks --- p.51<br>A Proof of Theorems --- p.53<br>Chapter A.1 --- "Proof of Theorems 5.1, 5.2" --- p.53<br>Chapter A.2 --- Proof Sketch of Remaining Theorems --- p.58<br>Bibliography --- p.60

The Boneh-Boyen signature scheme is a short signature scheme which is provably secure in the standard model under the q-Strong Diffie-Hellman (SDH) assumption. The primary objective of this thesis is to examine the relationship between the Boneh-Boyen signature scheme and SDH. The secondary objective is to survey surrounding topics such as the generic group model, related signature schemes, intractability assumptions, and the relationship to identity-based encryption (IBE) schemes. Along these lines, we analyze the plausibility of the SDH assumption using the generic bilinear group model. We present the security proofs for the Boneh-Boyen signature scheme, with the addition of a small improvement in one of the probability bounds. Our main contribution is to give the reduction in the reverse direction; that is, to show that if the SDH problem can be solved then the Boneh-Boyen signature scheme can be forged. This contribution represents the first known proof of equivalence between the SDH problem and Boneh-Boyen signatures. We also discuss the algorithm of Cheon for solving the SDH problem. We analyze the implications of Cheon's algorithm for the security of the Boneh-Boyen signature scheme, accompanied by a brief discussion on how to counter the attack.

碩士<br>逢甲大學<br>資訊工程所<br>95<br>We present three identity-based multi-proxy threshold signature schemes. First one is easier to manage. the second one is anonymity, the third one is anomymity and traceable. The main features of our proposed work are: (a)ID-based scheme reduces certificate management, (b) riginal signers and proxy signers are both allowed to be a group (c) only t or more proxy signers of the group can cooperatively issue a proxy signature on behalf of the original signer group, (d) the first and the third proposed schemes, we allow anyone join the original group without reset the system, (e) we support anonymity ability for the second and the third proposed schemes, (f ) in traceable scheme, if it’s necessary we can trace the co-signers of a certain signature. Furthermore, our proxy signature scheme is shown to be secure against forgery attacks.

碩士<br>國立高雄應用科技大學<br>資訊工程系<br>104<br>Proxy signature schemes allow a signer to designate another party as a proxy signer. The proxy signer can sign a document on behalf of the original signer, while she /he is away (on vacation for example). Identity-Based cryptography uses a per-son's ID as public key to avoid the need of certificate. Recently, more and more Iden-tity-Based Proxy Signature (IBPS) schemes have been proposed. In particular, Hu et al. proposed an IBPS scheme in 2015, and showed that their scheme is more efficient than two other IBPS schemes proposed by Cao et al. and Gu et al., respectively. Although Hu et al.'s scheme is efficient, they did not give or cite a formal security definition. In this paper, we adopt the formal definition of proxy signature scheme given by Xu et al. in 2005, and point out that Hu et al.'s scheme is insecure according to this definition. In particular, if the original signer gets the proxy signer's standard signature on a specific message, the original signer can forge the proxy signature on any message. In other words, the original signer can produce the proxy signature on his/her own (without the proxy singer), and later claims that this signature was signed by the proxy signer. We propose a scheme to fix this problem. Our scheme is slightly less efficient than Hu et al.'s scheme, but is more efficient than Cao et al.'s and Gu et al.'s schemes.

碩士<br>逢甲大學<br>應用數學系<br>106<br>Strongdesignatedverifiersignatureschemes,aremainlyusedfor ine-tradingande-voting. Thedesignatedverifierisonlysignaturerecipients recognized by the signer who can ascertain the contents of the document, but cannot verify the real identity of the signer to a third party. Identity-based cryptosystem can overcome the certificate managementproblemintraditionalpublickeysystem,theuser′spublic key is generated by their own identity information. In the thesis, weintroducesomeidentity-basedstrongdesignatedverifiersignature schemes based on bilinear pairings. Also, we complete their security analysis,includingthepropertyofstrongdesignatedverifiersignature schemes. Also, the analysis checks whether it will be attacked by the thirdparty. Furthermore,weprovethatsomesignatureschemeswhich do not withstand delightability attack and key-compromise attack attack are insecure under various types of attackand compare the efficiencyofcomputingandthesizeofsign. Finally,wecomparethepros andconsofeachschemes.

Cryptographic techniques are essential for the security of communication in modern society. Today, nearly all public key cryptographic schemes used in practice are based on the two problems of factoring large integers and solving discrete logarithms. However, as the world grapples with the possibility of widespread quantum computing, these schemes are the ones most threatened. Multivariate Public Key Cryptography is one of the possible candidates for security in a post-quantum society, especially in the area of digital signature. This thesis uses the setting of multivariate cryptography to propose an identity-based signature scheme. Our proposal is based on the Rainbow signature scheme and the multivariate 3-pass identification scheme, both of which have been subjected to scrutiny by cryptographers all over the world and have emerged as strong post-quantum candidates. In our construction, we use the identity of users to generate their private key using Rainbow signature scheme. Thereafter, we use these user private keys to sign messages by applying Fiat-Shamir transform to the 3-pass identification scheme. We support the proposed scheme with suitable proof under appropriate computational assumptions, using the standard notions of security. We study the known attacks against multivariate schemes in general, and Rainbow and MQDSS in particular. We then use this analysis to propose concrete parameter sets for our construction. We implement our proposed scheme on an x86-64 PC platform and provide timing results. Our implementation shows that our construction is both practical and efficient. Thus our proposed scheme stands as a potential post-quantum multivariate signature candidate in the identity-based setting.

碩士<br>逢甲大學<br>資訊工程所<br>95<br>We propose to work on identity-based cryptosystem that provides traceable threshold signature with multiple signing policies. There are four distinct features of the proposed systems: (a) identity-based public key, allowing uses to use name, email address and/or phone numbers as their public keys; (b) multiple signing policies, the threshold values can be chosen as different signing policies; (c) single private key for each user; and (e) all signers are traceable. Analysis will be given to show that our proposed cryptosystem is secure under various attacks.

碩士<br>臺中技術學院<br>資訊科技與應用研究所<br>97<br>Radio frequency identification (RFID) is a popular technology, as limited computation ability and power supply, there are some security problem to overcome. Hopper and Blum proposed a light-weight authentication protocol, HB protocol [1], which is especially suitable for devices with low computation ability such as passive RFID tags. Later, HB protocol was proven to be insecure, and Munilla and Peinado amended it by proposing HB-MP and HB-MP protocols [2]. However, only the tag is authenticated by the reader in these protocols. RSA is a popular public-key cryptology for encryption and signing messages. In 2008, Harn and Ren introduced a new identity-based RSA multi-signature [8] scheme by adopting Shamir’s IBS scheme [9]. But, we find that there are some flaws in their proposal: First, the original signer’s signing secret key can be derived. Second, the verification equation will never hold even if the received signature and message are legal. Third, transmission environments are not taken into consideration. This manuscript will thoroughly make discussions on Harn and Ren’s scheme by showing the mentioned flaws. In this thesis, we will first present an enhancement with mutual authentication to have only the legal reader obtain the legal reader’s data, also we keep advantages of HB-protocol family, the light-weight computation. Second, we will point out flaws of Harn and Ren’s scheme and make directions of improvement.