Search Results (25)

The proliferation of Internet of Things (IoT) deployments demands Authentication and Key Agreement (AKA) protocols that scale from one initiator to many devices while preserving strong security guarantees on constrained hardware. Prior lightweight one-to-many designs often rely on a network-wide secret, reuse a single group session key across devices, or omit Perfect Forward Secrecy (PFS), leaving systems vulnerable to compromise and traffic exposure. To this end, we present in this paper a lightweight protocol, named Lightweight One-To-many User-to-Sensors Authentication and Key Agreement (LOTUS-AKA), that achieves mutual authentication, PFS, and per-sensor key isolation while keeping devices free of public-key costs. The user and gateway perform an ephemeral elliptic-curve Diffie–Hellman exchange to derive a short-lived group key, from which independent per-sensor session keys are expanded via Hashed Message Authentication Code HMAC-based Key Derivation Function (HKDF). Each sensor receives its key through a compact Authenticated Encryption with associated data (AEAD) wrap under its long-term secret; sensors perform only hashing and AEAD, with no elliptic-curve operations. The login path uses an augmented Password-Authenticated Key Exchange (PAKE) to eliminate offline password guessing in the smart-card theft setting, and a stateless cookie gates expensive work to mitigate denial-of-service. We provide a game-based security argument and a symbolic verification model, and we report microbenchmarks on Cortex-M–class platforms showing reduced device computation and linear low-constant communication overhead with the number of sensors. The design offers a practical path to secure, scalable multi-sensor sessions in resource-constrained IoT. Full article

Frequent data sharing in Vehicular Ad Hoc Networks (VANETs) necessitates a robust foundation of secure access control to ensure data security. Existing ciphertext-policy attribute-based encryption schemes are constrained by the performance bottleneck of a single attribute authority. Furthermore, although many schemes adopt outsourced decryption, the verifiability of the decryption results is not guaranteed. Therefore, this paper proposes a Symmetrically Verifiable Outsourced Decryption Data Sharing Scheme with Privacy-Preserving for VANETs (VODDS). To balance the computational overhead across multiple authorities, VODDS introduces a distributed key distribution mechanism that organizes them into groups. Within each group, the key distribution credential is generated through a Group Key Agreement, with each round secured by a Byzantine consensus mechanism to achieve a balance between security and efficiency. User identities are converted into anonymous representations via hashing for embedding into the attribute keys. Furthermore, blockchain technology is used to record a hash commitment for the verification ciphertext. This enables the user to verify the outsourced result through a smart contract, which performs a symmetrical verification by matching the user’s locally computed hash against the on-chain record. Moreover, VODDS employs a linear secret sharing scheme to achieve policy hiding. We provide security analysis under the q-parallel Bilinear Diffie–Hellman Exponent and Decisional Diffie–Hellman assumptions, which proves the security of VODDS. In addition, VODDS exhibits higher efficiency compared to related schemes in the performance evaluation. Full article

Fuzzy signature (${\mathsf{SIG}}_{\mathsf{F}}$) is a type of digital signature that preserves the core functionalities of traditional signatures, while accommodating variations and non-uniformity in the signing key. This property enables the direct use of high-entropy fuzzy data, such as biometric information, as the signing key. In this paper, we define the m-existentially unforgeable under chosen message attack ($\mathfrak{m}{-\mathrm{EUF}-\mathrm{CMA}}^{\ast }$) security of fuzzy signature. Furthermore, we propose a generic construction of fuzzy signature, which is composed of a homomorphic secure sketch ($\mathsf{SS}$) with an error-recoverable property, a homomorphic average-case strong extractor ($\mathsf{Ext}$), and a homomorphic and key-shift* secure signature scheme ($\mathsf{SIG}$). By instantiating the foundational components, we present a $\mathfrak{m}{-\mathrm{EUF}-\mathrm{CMA}}^{\ast }$ secure fuzzy signature instantiation based on the Computational Diffie–Hellman (CDH) assumption over bilinear groups in the standard model. Full article

A fuzzy extractor is a foundational cryptographic component that enables the extraction of reproducible and uniformly random strings from sources with inherent noise, such as biometric traits. Reusable fuzzy extractor guarantees the security of multiple extractions from the same noisy source. In addition, although isogeny-based cryptography has become an important branch in post-quantum cryptography, the study of fuzzy extractors based on isogeny assumptions is still in its early stages and holds much room for improvement. In this paper, we give two reusable fuzzy extractor schemes derived from isogeny-based assumptions: one is based on the linear hidden shift assumption over group actions, while the other is built upon the group-action decisional Diffie–Hellman assumption within the isogeny framework. Both proposed constructions achieve post-quantum security and are capable of correcting a linear proportion of errors. They rely solely on fundamental cryptographic primitives, which ensure simplicity and efficiency. Additionally, the second construction is based on restricted effective group action, which is weaker than the effective group action used in the first construction, thereby offering greater practical applicability. Full article

This paper investigates the role of solvable and nilpotent Lie algebras in the domains of cryptography and steganography, emphasizing their potential in enhancing security protocols and covert communication methods. In the context of cryptography, we explore their application in public-key infrastructure, secure data verification, and the resolution of commutator-based problems that underpin data protection strategies. In steganography, we examine how the algebraic properties of solvable Lie algebras can be leveraged to embed confidential messages within multimedia content, such as images and video, thereby reinforcing secure communication in dynamic environments. We introduce a key exchange protocol founded on the structural properties of solvable Lie algebras, offering an alternative to traditional number-theoretic approaches. The proposed Lie Exponential Diffie–Hellman Problem (LEDHP) introduces a novel cryptographic challenge based on Lie group structures, offering enhanced security through the complexity of non-commutative algebraic operations. The protocol utilizes the non-commutative nature of Lie brackets and the computational difficulty of certain algebraic problems to ensure secure key agreement between parties. A detailed security analysis is provided, including resistance to classical attacks and discussion of post-quantum considerations. The algebraic complexity inherent to solvable Lie algebras presents promising potential for developing cryptographic protocols resilient to quantum adversaries, positioning these mathematical structures as candidates for future-proof security systems. Additionally, we propose a method for secure message embedding using the Lie algebra in combination with frame deformation techniques in animated objects, offering a novel approach to steganography in motion-based media. Full article

Computing systems grouped in subnets use distributed security models, in general, by creating session keys based on the Diffie–Hellman model, and calculating the necessary parameters for this, on each of the systems. In the particular case of a network of devices heterogeneous in terms of computing power, such as IoT, the modeling of a security system of the entire structure will have to take into account the fact that some devices have a very low computing power. In this sense, starting from the study of some general models, used in structures of this type, an integrated structure was developed to secure communications and test certain vulnerable components, to calculate a degree of risk that they are maliciously intended. The system was developed with a customized mathematical model, a scheme for propagation and management of cryptographic parameters and a test in a real environment by creating the algorithmic model and implementing it within a structure of a beneficiary. Full article

Reputation evaluation systems are vital for online platforms, helping users make informed choices based on the trustworthiness of products, services, or individuals. Ensuring privacy and trust in these systems is critical to allow users to provide feedback without fear of retribution or identity exposure. The ring signature (RS), enabling anonymous group-based signing, has garnered attention for building secure and private reputation systems. However, RS-based systems face significant challenges, including the inability to identify malicious users who repeatedly sign the same message, the lack of mechanisms to reveal identities involved in unlawful activities, and a linear growth in signature size with the number of ring members, which poses storage challenges for certain applications. Addressing these limitations, we propose a compressed revocable one-time ring signature (CRORS) scheme leveraging compressible proofs under the Diffie–Hellman Decision and Discrete Logarithm assumptions in the random oracle model. CRORS ensures anonymity, unforgeability, one-time linkability, non-slanderability, and revocability. The one-time linkability feature prevents double-signing, while revocability enables identity disclosure for regulatory enforcement. Additionally, the signature size is reduced to $\mathcal{O}(logn)$, significantly enhancing storage efficiency. These improvements make CRORS particularly suitable for blockchain-based reputation systems with ever-growing storage demands. Theoretical analysis validates its effectiveness and practicality. Full article

We present an active attack that targets Ateniese et al.’s authenticated group key agreement, which, as a particular case, includes the well-known multiparty key exchange protocol CLIQUES that allows a group of users to build a common secret using some private values in a collaborative and distributed way, naturally extending the foundational key exchange introduced by Diffie and Hellman between two communicating parties that motivated the birth of public key cryptography. Ateniese et al.’s protocol adds some authentication information, allowing the parties to trust the exchanged information, but we show that it is possible to surpass this as well. The attack allows a malicious party to agree on a secret with the rest of the legal members of the group without their knowledge, so all the distributed information can be accessed using this secret. In addition, this is shown under a well-known cryptographic model that, in principle, requires absolute control of group communications, but, in fact, it only requires malicious control of the communications of a single arbitrary user and only for the duration of the key exchange. This means that after the attack, the malicious party does not have to take any other actions that could reveal a clue that an attack occurred and that the distributed information is being illegally accessed, contrary to a typical man-in-the-middle attack where the attacker has to continue the activity, meaning this could be detected at some point. Full article

In the realm of the fifth-generation (5G) wireless cellular networks, renowned for their dense connectivity, there lies a substantial facilitation of a myriad of Internet of Things (IoT) applications, which can be supported by the massive machine-type communication (MTC) technique, a fundamental communication framework. In some scenarios, a large number of machine-type communication devices (MTCD) may simultaneously enter the communication coverage of a target base station. However, the current handover mechanism specified by the 3rd Generation Partnership Project (3GPP) Release 16 incurs high signaling overhead within the access and core networks, which may have negative impacts on network efficiency. Additionally, other existing solutions are vulnerable to malicious attacks such as Denial of Service (DoS), Distributed Denial of Service (DDoS) attacks, and the failure of Key Forward Secrecy (KFS). To address this challenge, this paper proposes an efficient and secure handover authentication protocol for a group of MTCDs supported by blockchain technology. This protocol leverages the decentralized nature of blockchain technology and combines it with certificateless aggregate signatures to mutually authenticate the identity of a base station and a group of MTCDs. This approach can reduce signaling overhead and avoid key escrow while significantly lowering the risk associated with single points of failure. Additionally, the protocol protects device anonymity by encrypting device identities with temporary anonymous identity markers with the Elliptic Curve Diffie–Hellman (ECDH) to abandon serial numbers to prevent linkage attacks. The resilience of the proposed protocol against predominant malicious attacks has been rigorously validated through the application of the BAN logic and Scyther tool, underscoring its robust security attributes. Furthermore, compared to the existing solutions, the proposed protocol significantly reduces the authentication cost for a group of MTCDs during handover, while ensuring security, demonstrating commendable efficiency. Full article

A bilinear map whose domain and target sets are identical is called a self-bilinear map. Original self-bilinear maps are defined over cyclic groups. Since the map itself reveals information about the underlying cyclic group, the Decisional Diffie–Hellman Problem (DDH) and the computational Diffie–Hellman (CDH) problem may be solved easily in some specific groups. This brings a lot of limitations to constructing secure self-bilinear schemes. As a compromise, a self-bilinear map with auxiliary information was proposed in CRYPTO’2014. In this paper, we construct this weak variant of a self-bilinear map from generic sets and indistinguishable obfuscation. These sets should own several properties. A new notion, One Way Encoding System (OWES), is proposed to summarize these properties. The new Encoding Division Problem (EDP) is defined to complete the security proof. The OWES can be built by making use of one level of graded encoding systems (GES). To construct a concrete self-bilinear map scheme, Garg, Gentry, and Halvei(GGH13) GES is adopted in our work. Even though the security of GGH13 was recently broken by Hu et al., their algorithm does not threaten our applications. At the end of this paper, some further considerations for the EDP for concrete construction are given to improve the confidence that EDP is indeed hard. Full article

The Industrial Internet of Things (IIoT) provides internet connectivity for instruments, digital machines, and any other manufactured object to enable intelligent industrial operations to achieve high productivity. Securing communications between IIoT devices remains a critical and challenging issue due to the resource-constrained and processing capabilities of sensing devices. Moreover, the traditional group shared key might implement complex mathematical operations that are not suitable for the limited recourse capability of the IIoT device. Furthermore, the standard Diffie–Hellman (DH) and elliptic curve Diffie–Hellman (ECDH), which are the most suited for tiny devices, only work between a pair of IIoT devices, while they are not designed to work among a group of IIoT devices. This paper proposes an authenticated group shared key (AGSK) mechanism that allows a set of industrial objects to establish a common session key over the IIoT. The proposed AGSK utilizes the combiner for the hash function and digital signature, which is implemented in IIoT devices. Additionally, the random oracle model has been used to prove the security of AGSK, while the IIoT adversary model has been used to analyze the AGSK countermeasures against cyberattacks. The results of the performance evaluation showed that the efficiency of the AGSK was reduced by 41.3% for CPU computation time, 45.7% for storage cost, and 40% less power consumption compared to the baseline group key management algorithms. Full article

Vehicular Ad Hoc Network (VANET) is an important part of the modern intelligent transportation system, which can provide vehicle communication at a certain distance. More importantly, VANET can provide route planning and autonomous driving for drivers by analyzing data. However, VANET’s data privacy and security are a huge challenge when serving drivers. In this paper, we propose a VANET data-sharing model (DSVN) that combines ciphertext-based attribute encryption (CP-ABE), blockchain, and InterPlanetary File System (IPFS). DSVN uses an outsourced and revocable ciphertext policy attribute-based encryption (ORCP-ABE) scheme, which is improved based on CP-ABE. ORCP-ABE uses key encryption key (KEK) trees to manage user attribute groups and revoke user-level attributes. It eliminates redundant attributes in the access policy by attribute-weighted access trees. Moreover, DSVN has no single point of failure. We demonstrate the indistinguishability under the chosen-plaintext attack (IND-CPA) security of DSVN by a game based on the computational Diffie–Hellman (CDH) assumption. Experimental results show that DSVN can store and share data with low overhead. Additionally, it can revoke attributes of users safely. Full article

In this paper we introduce a Group Key Management protocol following the idea of the classical protocol that extends the well-known Diffie–Hellman key agreement to a group of users. The protocol is defined in a non-commutative setting, more precisely, in a twisted dihedral group ring. The protocol is defined for an arbitrary cocycle, extending previous key agreements considered for two users. The main objective of this work is to show that there is no lack of security derived from the fact that a larger amount of public information is known by an external observer. Full article

Consumer electronics manufacturers have been incorporating support for 4G/5G communication technologies into many electronic devices. Thus, highly capable Internet of Things (IoT)-ready versions of electronic devices are being purchased which will eventually replace traditional consumer electronics. With the goal of creating a smart environment, the IoT devices enable data sharing, sensing, awareness, increased control. Enabled by high-speed networks, the IoT devices function in a group setting thus compounding the attack surface leading to security and privacy concerns. This research is a study on the possibility of incorporating PUF as a basis for group key generation. The challenge here lies in identifying device features that are unique, stable, reproducible and unpredictable by an adversary. Each device generates its own identity leading to collaborative cryptographic key generation in a group setting. The research uses a comprehensive hardware testbed to demonstrate the viability of PUFs for the generation of a symmetric key through collaboration. Detailed analysis of the proposed setup and the symmetric key generation scheme has shown that the system is scalable and offers unrivalled advantages compared to conventional cryptographic implementations. Full article

Cross-domain authenticated asymmetric group key agreement allows group members in different domains to establish a secure group communication channel and the senders can be anyone. However, the existing schemes do not meet the requirement of batch verification in the group key negotiation phase, which makes the schemes have low efficiency. To address this problem, an identity-based cross-domain authenticated asymmetric group key agreement is proposed that supports batch verification. The performance analysis shows that this protocol is highly efficient. Finally, the proposed protocol is proved to be secure under the k-Bilinear Diffie–Hellman Exponent assumption. Full article