Search Results (33)

Oblivious Transfer (OT) is a fundamental cryptographic primitive for privacy-preserving data exchange. While traditional OT protocols guarantee unconditional receiver anonymity, they inherently lack the mechanisms to prevent abusive mass data harvesting. Traceable Oblivious Transfer (TOT) addresses this by introducing “conditional anonymity,” revoking the privacy of malicious users. However, existing TOT mechanisms either rely on computationally expensive dynamic assumptions or require continuous interaction with a Trusted Third Party (TTP) to manage credentials. To overcome these limitations, we present an Identity-Based Traceable Oblivious Transfer (IB-TOT) protocol. By synergizing polynomial-based secret sharing with Blind Identity-Based Encryption (Blind IBE), our scheme completely eliminates the TTP during the data transfer stage. The Blind IBE extraction algorithm serves as the primary oblivious channel, utilizing data indices as user identities. We strictly bound the receiver’s query quota by embedding a degree-k tracing polynomial directly into the key issuance phase. Honest clients enjoy fully protected retrieval of up to k items, whereas any attempt to exceed this quota deterministically exposes the violator’s identity. Comprehensive security proofs demonstrate that IB-TOT satisfies sender privacy, receiver privacy, and strict accountability under standard static assumptions (DBDH and DL). Full article

Frequent data sharing in Vehicular Ad Hoc Networks (VANETs) necessitates a robust foundation of secure access control to ensure data security. Existing ciphertext-policy attribute-based encryption schemes are constrained by the performance bottleneck of a single attribute authority. Furthermore, although many schemes adopt outsourced decryption, the verifiability of the decryption results is not guaranteed. Therefore, this paper proposes a Symmetrically Verifiable Outsourced Decryption Data Sharing Scheme with Privacy-Preserving for VANETs (VODDS). To balance the computational overhead across multiple authorities, VODDS introduces a distributed key distribution mechanism that organizes them into groups. Within each group, the key distribution credential is generated through a Group Key Agreement, with each round secured by a Byzantine consensus mechanism to achieve a balance between security and efficiency. User identities are converted into anonymous representations via hashing for embedding into the attribute keys. Furthermore, blockchain technology is used to record a hash commitment for the verification ciphertext. This enables the user to verify the outsourced result through a smart contract, which performs a symmetrical verification by matching the user’s locally computed hash against the on-chain record. Moreover, VODDS employs a linear secret sharing scheme to achieve policy hiding. We provide security analysis under the q-parallel Bilinear Diffie–Hellman Exponent and Decisional Diffie–Hellman assumptions, which proves the security of VODDS. In addition, VODDS exhibits higher efficiency compared to related schemes in the performance evaluation. Full article

Blockchain is an emerging technology that is being used to create innovative solutions in many areas, including healthcare. Nowadays healthcare systems face challenges, especially with security, trust, and remote data access. As patient records are digitized and medical systems become more interconnected, the risk of sensitive data being exposed to cyber threats has grown. In this evolving time for healthcare, it is important to find a balance between the advantages of new technology and the protection of patient information. The combination of blockchain–InterPlanetary File System technology and conventional electronic health record (EHR) management has the potential to transform the healthcare industry by enhancing data security, interoperability, and transparency. However, a major issue that still exists in traditional healthcare systems is the continuous problem of remote data unavailability. This research examines practical methods for safely accessing patient data from any location at any time, with a special focus on IPFS servers and blockchain technology in addition to group signature encryption. Essential processes like maintaining the confidentiality of medical records and safe data transmission could be made easier by these technologies. Our proposed framework enables secure, remote access to patient data while preserving accessibility, integrity, and confidentiality using Ethereum blockchain, IPFS, and group signature encryption, demonstrating hospital-scale scalability and efficiency. Experiments show predictable throughput reduction with file size (200 → 90 tps), controlled latency growth (90 → 200 ms), and moderate gas increase (85k → 98k), confirming scalability and efficiency under varying healthcare workloads. Unlike prior blockchain–IPFS–encryption frameworks, our system demonstrates hospital-scale feasibility through the practical integration of group signatures, hierarchical key management, and off-chain erasure compliance. This design enables scalable anonymous authentication, immediate blocking of compromised credentials, and efficient key rotation without costly re-encryption. Full article

Distributed digital identity is an emerging identity management technology aimed at achieving comprehensive interconnectivity between digital objects. However, there is still the problem of privacy leakage in distributed identities, and selective disclosure technology partially solves the privacy issue in distributed identities. Most of the existing selective disclosure algorithms use anonymous credentials or hash functions. Anonymous credential schemes offer high security and meet the requirements of unforgeability and unlinkability, but their exponential operations result in low efficiency. The scheme based on hash functions, although more efficient, is susceptible to man-in-the-middle attacks. This article proposes an efficient selective disclosure scheme based on hash functions and implicit certificates. The attribute values are treated as leaf nodes of the Merkle tree, and the root node is placed in a verifiable credential. According to the implicit certificate algorithm process, a key pair that can use the credential is generated. During the attribute disclosure process, the user autonomously selects the attribute value to be presented and generates a verification path from the attribute to the root node. The verifier checks the Merkle tree verification path. All operations are completed within 10 ms while meeting the unforgeability requirements and resisting man-in-the-middle attacks. This article also utilizes the ZK-SNARK algorithm to hide the validation path of the Merkle tree, enhancing the security of the path during the disclosure process. The experimental results show that the selective disclosure algorithm performs well in both performance and privacy protection, with an efficiency 80% faster than that of existing schemes. This enhances the proposed scheme’s potential and value in the field of identity management; it also holds broad application prospects in fields such as the Internet of Things, finance, and others. Full article

The Internet of Vehicles (IoVs) uses vehicles as the main carrier to communicate with other entities, promoting efficient transmission and sharing of traffic data. Using real identities for communication may leak private data, so pseudonyms are commonly used as identity credentials. However, existing anonymous authentication schemes have limitations, including large vehicle storage demands, information redundancy, time-dependent pseudonym updates, and public–private key updates coupled with pseudonym changes. To address these issues, we propose a certificateless strong anonymous privacy protection authentication scheme that allows vehicles to autonomously generate and dynamically update pseudonyms. Additionally, the trusted authority transmits each entity’s partial private key via a session key, eliminating reliance on secure channels during transmission. Based on the elliptic curve discrete logarithm problem, the scheme’s existential unforgeability is proven in the random oracle model. Performance analysis shows that it outperforms existing schemes in computational cost and communication overhead, with the total computational cost reduced by 70.29–91.18% and communication overhead reduced by 27.75–82.55%, making it more suitable for privacy-sensitive and delay-critical IoV environments. Full article

An Identity Management System (IDMS) is responsible for managing and organizing identities and credentials exchanged between users, Identity Providers (IDPs), and Service Providers (SPs). The primary goal of IDMS is to ensure the confidentiality and privacy of users’ personal data. Traditional IDMS relies on a third party to store user information and authenticate the user. However, this approach poses threats to user privacy and increases the risk of single point of failure (SPOF), user tracking, and data unavailability. In contrast, decentralized IDMSs that use blockchain technology offer potential solutions to these issues as they offer powerful features including immutability, transparency, anonymity, and decentralization. Despite its advantages, blockchain technology also suffers from limitations related to performance, third-party control, weak authentication, and data leakages. Furthermore, some blockchain-based IDMSs still exhibit centralization issues, which can compromise user privacy and create SPOF risks. This study proposes a decentralized IDMS that leverages blockchain and smart contract technologies to address the shortcomings of traditional IDMSs. The proposed system also utilizes the Interplanetary file system (IPFS) to enhance the scalability and performance by reducing the on-chain storage load. Additionally, the proposed IDMS employs the Elliptic Curve Integrated Encryption Scheme (ECIES) to provide an extra layer of security to protect users’ sensitive information while improving the performance of the systems’ transactions. Security analysis and experimental results demonstrated that the proposed IDMS offers significant security and performance advantages compared to its counterparts. Full article

Telemedicine diagnosis has become a more flexible and convenient way to receive diagnoses, which is of great significance in enhancing diagnosis, cutting costs, and serving remote users. However, telemedicine faces many security problems, such as the complexity of user authentication, the balance of the existing biometric factor authentication scheme, the unpredictability of user behavior, and the difficulty of unified authentication due to the differences in the security standards and authentication mechanisms of different trust domains, which affect the sustainable development of telemedicine. To address the above issues, this paper presents an identity management scheme based on multi-factor authentication and dynamic trust evaluation for telemedicine. Its authentication combines iris recognition for secure biometric verification, smart cards for encrypted credential storage, and static passwords for supplementary verification, addressing scenarios like facial coverage in medical settings. The scheme dynamically adjusts authentication based on attack rates, login anomalies, and service durations. By integrating ShangMi cryptographic algorithms and blockchain, it optimizes performance, achieving 35% lower communication overhead than previous protocols. A security analysis shows it resists impersonation, man-in-the-middle, and password modification attacks while preserving user anonymity. System evaluation meets authoritative standards, validating its practicality. This scheme balances security and efficiency, providing a strong basis for telemedicine’s long-term viability. Full article

Cryptographic accumulators are now fundamental for secure applications across blockchain, IoT, and big data, powering anonymous credentials, streamlining key management, and enabling efficient data filtering. However, existing accumulator methods, like RSA, bilinear pairing, and Merkle trees, are hampered by storage bloat, computational burdens, and reliance on trusted administrators. To solve these problems, we introduce a hash-chain-based ordered universal accumulator that eliminates these drawbacks. Our scheme uses collision-resistant hash functions to dynamically manage sets while providing strong, verifiable membership and non-membership proofs, all without a trusted administrator. The benefits include self-certification, batch verification, and consistent representation of accumulated sets. Testing shows our scheme cuts storage by roughly 50% compared to Merkle trees and significantly speeds up computation over RSA-based approaches. This lightweight and scalable solution is ideal for constrained environments like IoT and blockchain, unlocking wider decentralized application adoption. Full article

Anonymous credential (AC) systems are privacy-preserving authentication mech-anisms that allow users to prove that they have valid credentials anonymously. These systems provide a powerful tool for several practical applications, such as anonymous pay-ment systems in e-commerce, preserving robust privacy protection for users. Most existing AC systems are constructed using traditional number-theoretic approaches, making them insecure under quantum attacks. With four decades of research in anonymous credential systems, there is a need for a comprehensive review that identifies the design structures of AC systems, organizes the research trends, and highlights unaddressed gaps for the future development of AC, especially bringing AC to post-quantum cryptography. This work is a complete study describing AC systems, as well as their architecture, components, security, and performance. Additionally, real-world implementations of various applications are identified, analyzed, and compared according to the design structure. Lastly, the challenges hindering the shift toward the quantumly secure lattice-based AC designs are discussed. Full article

Due to the openness of communication channels and the sensitivity of the data being collected and transmitted, securing data access and communication in IoT systems requires robust ECC-based authentication and key agreement (AKA) protocols. However, designing an AKA protocol for IoT presents significant challenges, as most IoT sensors are deployed in resource-constrained, unattended environments with limited computational power, connectivity, and storage. To achieve anonymous authentication, existing solutions typically rely on shared temporary public keys to mask device IDs or validate sender certificates, which increases the computational overhead. Furthermore, these protocols often fail to address crucial security concerns, such as nonresistance to ephemeral secret leakage (ESL) attacks and a lack of perfect forward security. To mitigate the computational burden, we propose a dynamic authenticated credentials (DACs) synchronization framework for anonymous authentication. Then, we introduce an ECC-based AKA scheme that employs DACs in place of temporary public keys or sender credentials, enabling efficient and secure anonymous authentication. The security of the proposed protocol was rigorously verified under the Real-or-Oracle model and validated using ProVerif. Performance comparisons demonstrate that our scheme offered significant improvements in security, with an over 37% reduction in communication cost and computational overhead. Full article

Much of the literature on digital religious authority has focused on spiritual “influencers” and the challenges they pose to traditional religious hierarchies and structures of authority. Less attention has been dedicated to religious websites, social media pages, and digital feeds whose popularity and influence do not hinge on the personalistic qualities of their creators. There is a wide assortment of generic religious reference sites that, although developed and managed by largely anonymous webmasters and administrators, command significant audiences and exert substantial influence on religious interpretations and practices. We argue that anonymity affords certain advantages for bolstering visibility and influence that have hitherto received insufficient attention in the literature on religion, authority, and cyberspace. In contrast to spiritual influencers, who draw attention to their personal biographies, credentials, appearances, and connections to enhance their legitimacy and authority, individuals or groups who administer religious reference sites commonly employ alternative strategies that involve concealing personal identities, experiences, and affiliations. Their aim is to come off as neutral, impartial, and free of ideological baggage that might bias their interpretations. This facilitates their efforts to frame the content they share as a form of universal religious truth that transcends ideological and sectarian differences. Our analysis centers on websites and social media pages that provide guidance to Spanish speakers on Islamic theology, jurisprudence, and piety. Full article

This article proposes a novel method for managing usage counters within an anonymous credential system, addressing the limitation of traditional anonymous credentials in tracking repeated use. The method takes advantage of blockchain technology through Smart Contracts deployed on the Ethereum network to enforce a predetermined maximum number of uses for a given credential. Users retain control over increments by providing zero-knowledge proofs (ZKPs) demonstrating private key possession and agreement on the increment value. This approach prevents replay attacks and ensures transparency and security. A prototype implementation on a private Ethereum blockchain demonstrates the feasibility and efficiency of the proposed method, paving the way for its potential deployment in real-world applications requiring both anonymity and usage tracking. Full article

Ensuring security in electronic examination systems represents a significant challenge, particularly when practical considerations dictate that most involved parties cannot be fully trusted due to self-interest. To enhance the security, we introduce auditability to e-exam systems, enabling an auditing authority to verify the system integrity. This auditability not only ensures system robustness but also creates an opportunity to grant communication between candidates and examiners, allowing for clarification on unclear questions during exams. Additionally, the implementation of attribute-based certifications ensures anonymity for both candidates and examiners throughout all stages of the exam, with the option for revocation in case of audit-detected fraud. Full article

Anonymity forms the basis of decentralized ecosystems, leading to an increase in criminal activities such as money laundering and illegal currency trading. Especially in blockchain-based metaverse services, activities such as preventing sexual crimes and verifying the identity of adults are becoming essential. Therefore, avatar authentication and the KYC (Know Your Customer) process have become crucial elements. This paper proposes a mechanism to achieve the KYC process by verifying user identity using smart contracts. Users obtain an SBT (Soul Bound Token) from the metaverse service provider through the DID (Decentralized Identity) credential issued during the KYC process. The identity verification of avatars occurs within smart contracts, ensuring user privacy and protection through ZKP (Zero Knowledge Proof). Tools for generating ZKP are also provided, enabling users, even those who are unfamiliar with ZKP, to use them conveniently. Additionally, an integrated wallet is offered to seamlessly manage DID credentials and SBTs. Furthermore, in case of avatar identity issues, users can request an audit by the issuer through the associated DID tokens. Full article

Exploiting Radio Frequency Identification (RFID) technology in healthcare systems has become a common practice, as it ensures better patient care and safety. However, these systems are prone to security vulnerabilities that can jeopardize patient privacy and the secure management of patient credentials. This paper aims to advance state-of-the-art approaches by developing more secure and private RFID-based healthcare systems. More specifically, we propose a lightweight RFID protocol that safeguards patients’ privacy in the Internet of Healthcare Things (IoHT) domain by utilizing pseudonyms instead of real IDs, thereby ensuring secure communication between tags and readers. The proposed protocol has undergone rigorous testing and has been proven to be secure against various security attacks. This article provides a comprehensive overview of how RFID technology is used in healthcare systems and benchmarks the challenges faced by these systems. Then, it reviews the existing RFID authentication protocols proposed for IoT-based healthcare systems in terms of their strengths, challenges, and limitations. To overcome the limitations of existing approaches, we proposed a protocol that addresses the anonymity and traceability issues in existing schemes. Furthermore, we demonstrated that our proposed protocol had a lower computational cost than existing protocols and ensured better security. Finally, our proposed lightweight RFID protocol ensured strong security against known attacks and protected patient privacy using pseudonyms instead of real IDs. Full article