Deniable Authentication Research Articles

Enhancing privacy in cyber–physical systems: An efficient blockchain-assisted data-sharing scheme with deniability

The data in Cyber–Physical Systems (CPSs) is currently undergoing an explosive surge. Blockchain-based CPS exhibit enhancements in security, fault tolerance, and trust for its data sharing. However, it is very challenging to achieve the privacy preserving and efficient data sharing in CPS considering the privacy concerns introduced by blockchain while the cost associated with privacy protection cannot be neglected. To release these potential challenges, we propose a blockchain-assisted data-sharing scheme that ensures security, privacy-preserving and efficiency. We introduce deniability into data-sharing based on an identity-based deniable authentication protocol. This protocol enables data owners to deny their data-sharing actions, thereby protecting their privacy, while simultaneously providing recipients with the assurance of data verifiability. Furthermore, by incorporating multi-recipient encryption techniques, the proposed scheme significantly simplifies interactions with multiple recipients, reducing associated costs. Additionally, we propose a source traceability mechanism with the assistance of blockchain, establishing a distributed, transparent and trustworthy framework for data sharing, while ensuring honest cooperation between the individual participants. Security analysis and performance comparisons demonstrate the effectiveness and security of this scheme.

PF-IBDA: Provably secure and pairing-free identity-based deniable authentication protocol for MANET environments

Mobile Adhoc Network (MANET) is used in various real-time applications, such as e-voting, army tactical communication, health-care applications, disaster rescue, online message exchange, etc. However, source authentication and deniability are essential properties in such applications. Typically, these properties can be achieved using a deniable authentication (DA) protocol. With the help of a DA protocol, a mobile receiver node can directly verify the source, another mobile node, of a message without consulting a trusted third party (TTP). Recently, many identity-based deniable authentication (IBDA) protocols have been proposed. Most of these protocols are insecure and computationally expensive since they use costly operations, such as bilinear pairing and map-to-point hash function. We proposed a pairing-free identity-based deniable authentication (PF-IBDA) protocol for MANET environments. We proved that the PF-IBDA protocol could provide indistinguishability against adaptive chosen ciphertext attack (IND-CCA2) in the random oracle model (ROM) based on the hardness assumption of the elliptic curve computational Diffie–Hellman (ECCDH) problem. We have computed the execution time of PF-IBDA protocol in different security levels: 80-bit, 112-bit, 128-bit, 192-bit, and 256-bit on a mobile device using the JPBC library and compared it with the state-of-the-art IBDA protocols. We found that the proposed PF-IBDA protocol is more efficient than the existing IBDA protocols.

Time-Deniable Signatures

In this work we propose time-deniable signatures (TDS), a new primitive that facilitates deniable authentication in protocols such as DKIM-signed email. As with traditional signatures, TDS provide strong authenticity for message content, at least {\em for a sender-chosen period of time}. Once this time period has elapsed, however, time-deniable signatures can be forged by any party who obtains a signature. This forgery property ensures that signatures serve a useful authentication purpose for a bounded time period, while also allowing signers to plausibly disavow the creation of older signed content. Most critically, and unlike many past proposals for deniable authentication, TDS do not require interaction with the receiver or the deployment of any persistent cryptographic infrastructure or services beyond the signing process ( e.g., APIs to publish secrets or author timestamp certificates.) We first investigate the security definitions for time-deniability, demonstrating that past definition attempts are insufficient (and indeed, allow for broken signature schemes.) We then propose an efficient construction of TDS based on well-studied assumptions.

ID-Based Deniable Authentication Protocol with Key Agreement and Time-Bound Properties for 6G-Based WBAN Healthcare Environments

The advent of 6G technology is expected to bring a paradigm shift in the field of wireless communication. With its faster data transfer rates and lower latency, 6G could be an ideal solution for the challenges faced by Wireless Body Area Networks (WBANs) in terms of efficient data bandwidth and edge computing. Smart healthcare systems with 6G-based WBANs might provide more efficient and higher-quality healthcare services. However, 6G-based WBAN healthcare systems might face potential security and safety challenges from cybersecurity threats. This paper will propose an ID-based deniable authentication protocol with key agreement and time-bound properties for 6G-based WBAN healthcare environments by considering user privacy, secure communications, authentication, authorization, and scalability of 6G-based WBANs. As compared with previously proposed protocols, the proposed protocol will achieve the following security requirements: mutual authentication, key agreement for secure communication, deniability, time-bound access privilege control, and identity-based public key management for scalable wearable devices and 6G-based WBAN Service Providers. We proved the claimed security requirements of the proposed protocol by using AVISPA simulation and discussed its computational complexities. As compared with previous works, the proposed protocol can gain better contributions in terms of security requirements and performance evaluations for 6G-based WBAN healthcare environments.

Security Concepts in Emerging 6G Communication: Threats, Countermeasures, Authentication Techniques and Research Directions

Challenges faced in network security have significantly steered the deployment timeline of Fifth Generation (5G) communication at a global level; therefore, research in Sixth Generation (6G) security analysis is profoundly necessitated. The prerogative of this paper is to present a survey on the emerging 6G cellular communication paradigm to highlight symmetry with legacy security concepts along with asymmetric innovative aspects such Artificial Intelligence (AI), Quantum Computing, Federated Learning, etc. We present a taxonomy of the threat model in 6G communication in five security legacy concepts, including Confidentiality, Integrity, Availability, Authentication and Access control (CIA3). We also suggest categorization of threat-countering techniques specific to 6G communication into three types: cryptographic methods, entity attributes and Intrusion Detection System (IDS). Thus, with this premise, we distributed the authentication techniques in eight types, including handover authentication, mutual authentication, physical layer authentication, deniable authentication, token-based authentication, certificate-based authentication, key agreement-based authentication and multi-factor authentication. We specifically suggested a series of future research directions at the conclusive edge of this survey.

Efficient deniable authentication and its application in location-based services

Deniable authentication (DA) assures message authentication between sets of participants. The actual participants can be certain about the messages’ authenticity but cannot prove it to any third party after the event. In applications such as location-based service (LBS) systems, DA is inevitably relevant to assure the coercion-free state of its usage and to protect user privacy. To protect user privacy in LBS systems, we present two heterogeneous deniable authentication (HDA) schemes called HDA-I and HDA-II scheme. The HDA-I scheme permits communication sessions from certificateless cryptography (CLC) to identity-based cryptography (IBC) setting, whiles the HDA-II scheme runs in a vice versa mode. Our schemes admit security proof in random oracle model (ROM) under computational Diffie–Hellman (CDH) and bilinear Diffie–Hellman (BDH) assumptions. Furthermore, both HDA-I and HDA-II provide batch verification, that can accelerate the verification of authenticators. Lastly, via comprehensive performance evaluation, our schemes show up efficient against other recent related schemes.

Generic transformation from broadcast encryption to round-optimal deniable ring authentication

Generic transformation from broadcast encryption to round-optimal deniable ring authentication

An Efficient Public-Key Dual-Receiver Encryption Scheme

Public-key dual-receiver encryption (PK-DRE) is a kind of particular public-key encryption for enabling two independent recipients to obtain the same plaintext from the same ciphertext. Due to its dual-receiver property, PK-DRE is quite helpful in many scenarios, such as deniable authentication, global key escrow, security puzzle, and even blockchain. In this paper, we revisit the PK-DRE scheme <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$\mathtt {CFZ}14$ </tex-math></inline-formula> proposed at CT-RSA 2014 and propose a variant. This variant is original from a new security proof which allows us to remove some steps in <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$\mathtt {CFZ}14$ </tex-math></inline-formula> . To the best of our knowledge, the obtained variant is more efficient than the existing PK-DRE schemes in terms of public verifiability and key size.

Secure and Privacy-Preserved Data Collection for IoT Wireless Sensors

The captured data from smart devices via Internet of Things (IoT) wireless sensors are vulnerable to numerous online and offline attacks and unauthorized accesses, hence, some digital signature and encryption solutions have been designed to ensure public verifiability, data integrity, and confidentiality. However, there are still some issues to be addressed. For example, the data source is revealed to the public due to the public verifiability of digital signatures, in which authentication is transferrable. Moreover, computation of these data can only be done after decryption, restricting outsourced computation, such as a computing facility from a cloud. The best approach of private computation, which supports outsourced computation, is based on homomorphic encryption. However, significant computational overhead is a concern. To deal with these issues, in this article, we propose an efficient and provably secure scheme based on designated-verifier proofs, deniable authentication and homomorphic encryption for secure and lightweight data collection, batch verification, and data analysis in the privacy-preserved IoT wireless sensors applications. The main contribution of our work is the privacy-preserved IoT wireless sensors system along with a novel deniable authenticated homomorphic encryption scheme that can securely aggregate data from IoT wireless sensors for secure outsourced applications. To prove the security and efficiency of our proposed scheme, we provide formal security analysis and performance comparisons for IoT wireless sensors.

Deniable-Based Privacy-Preserving Authentication Against Location Leakage in Edge Computing

Edge computing provides cloud services at the edge of the network for Internet of Things (IoT) devices. It aims to address low latency of the network and alleviates data processing of the cloud. This “cloud-edge-device” paradigm brings convenience as well as challenges for location-privacy protection of the IoT. In the edge computing environment, the fixed edge equipment supplies computing services for adjacent IoT devices. Therefore, edge computing suffers location leakage as the connection and authentication records imply the location of IoT devices. This article focuses on the location awareness in the edge computing environment. We adopt the “deniability” of authentication to prevent location leakage when IoT devices connect to the edge nodes. In our solution, an efficient deniable authentication based on a two-user ring signature is constructed. The robustness of authentication makes the fixed edge equipment accept the legal end devices. Besides, the deniability of authentication cannot convince any third party that the fact of this authentication occurred as communication transcript is no longer an evidence for this connection. Therefore, it handles the inherent location risk in edge computing. Compared to efficient deniable authentications, our protocol saves 10.728% and 14.696% computational cost, respectively.

Provably secure certificateless deniable authenticated encryption scheme

Deniable Authenticated Encryption (DAE) scheme ensures the security of deniable authentication and confidentiality by performing both cryptographic functions of deniable authentication and public key encryption in one single logical step at a cost significantly lower than that required for performing these two functions separately. In this paper, we have designed a deniable authenticated encryption scheme CL-DAE on certificateless setting. We formalize the security and adversary model for deniable authentication and confidentiality and have proven the security in random oracle model. The proposed scheme can be applied to a network or system model where two communicating parties or devices exchanging their confidential messages and the recipient is not allowed to disclose the origin of message to any third party. Since our proposed protocol consumes very low cost, it is suited to implement on the framework where the constraints devices such as sensors, cell-phone, PDA, tablets etc. are involved in the communicating system. This protocols can be used for smart grid security, designing of secure exchange of e-mail, e-voting system etc.

A quantum deniable authentication protocol based on two-mode squeezed quantum states

A quantum deniable authentication protocol based on the theory of continuous quantum by using two-mode squeezed quantum states is proposed. By introducing the key agreement mechanism, the message sender and the specified receiver will first agree a new shared secret key by key update phases without the help of a third center and without their interaction by utilizing the amplitude and the phase properties of the entangled optical modes, and then the sender generates the message authentication code by using the new shared secret key. Security analysis results show that the protocol satisfies the basic security requirements of deniable authentication protocol such as completeness and deniability, and can withstand forgery attack, impersonation attack, inter-resend attack and beam splitter attack.

A practical and communication-efficient deniable authentication with source-hiding and its application on Wi-Fi privacy

Authentication service in communication is essential. However, information flows transmitted during an authentication process might reveal some personal information. In this paper, we propose a deniable authentication protocol with source hiding which does not reveal any private information, therefore the privacy of participants is preserved. With our approach, the sender is able to deny an authentication process to any third party. The receiver can not prove that the sender has participated in this authentication, though it is sure that the sender is legitimate. We construct this protocol without using “Encryption-then-MAC” paradigm, therefore the underlying building block is not required to be CCA2 secure, and is a more realistic authentication protocol for practical privacy-preserving Internet-based applications. We also show how to apply it in Wi-Fi authentication to prevent the location leakage.

Identity-based Deniable Authenticated Encryption for E-voting Systems

Deniable authentication (DA) is a protocol in which a receiver can generate an authenticator that is probabilistically indistinguishable from a sender. DA can be applied in many scenarios that require user privacy protection. To enhance the security of DA, in this paper, we construct a new deniable authenticated encryption (DAE) scheme that realizes deniable authentication and confidentiality in a logical single step. Compared with existing approaches, our approach provides proof of security and is efficient in terms of performance analysis. Our scheme is in an identity-based environment; thus, it avoids the public key certificate-based public key infrastructure (PKI). Moreover, we provide an example that shows that our protocol is applicable for e-voting systems.

A scheme on converting quantum deniable authentication into universal quantum designated verifier signature

The deniable authentication and designated verifier signature protocol can achieve the property of deniability by a transcript simulation algorithm, so two protocols are similar in the concepts and application scenarios. In this paper, we will avoid the research ideas of classical cryptography and research how to convert quantum deniable authentication protocol into quantum designated verifier signature in this universal case that the owner of the signature and the signer isn’t the same user in quantum designated verifier signature scheme such as electronic ID cards and e-passports. A mode on converting quantum deniable authentication into quantum designated verifier signature is firstly proposed by introducing quantum signature with public verifiability, including the entities and the implementation process converting, and then a real quantum designated verifier signature scheme is proposed, which satisfies all security requirements of a designated verifier signature scheme and can withstand intercept-resend attack and impersonation attack and entangle-measure attack.

Heterogeneous deniable authentication and its application to e-voting systems

An electronic voting (e-voting) system allows voters to cast their votes secretly and securely over a public channel. Security is the critical issue that should be considered in such a system. In this paper, we propose a heterogeneous deniable authentication (HDA) protocol for e-voting systems. The proposed protocol allows a sender in a certificateless cryptography (CLC) environment to transmit a message to a receiver in a public key infrastructure (PKI)environment. Our protocol admits security proof in the random oracle model under the bilinear Diffie–Hellman (BDH) and computational Diffie–Hellman (CDH) assumptions. Additionally, our protocol provides batch verification, which can accelerate the verification of authenticators. Comprehensive analysis shows that our protocol is highly suitable for practical e-voting systems.

A simplified deniable authentication scheme in cloud‐based pay‐TV system with privacy protection

SummaryCloud computing is a milestones for computing model, which enables on‐demand, flexible, and low‐cost usage of computing resources, especially for cloud storage. Nowadays, the services of cloud‐based pay‐TV systems are emerging endlessly. But these pay‐TV systems' privacy is not given enough attention. The users not only care about their information revealed during transmission processes but are also concerned about whether the video contents that they have seen were recorded by the pay‐TV systems or not. In this work, I propose a novel deniable authentication protocol in a cloud‐based pay‐TV system, named DAP‐TV, aiming to achieve mutual authentication, deniability, and privacy protection in cloud‐based pay‐TV systems. The unique feature of our scheme is deniability which means a pay‐TV system to identify a user is a legal user, but the pay‐TV system cannot prove video contents that the user has seen to any third party over an unsecured network. In additon, our scheme is based on chaotic maps, which is a highly efficient cryptosystem and is firstly used to construct a deniable authentication scheme in pay‐TV systems. Finally, we give the formal security proof and efficiency comparison with recently related works.

Certificateless Deniable Authenticated Encryption for Location-Based Privacy Protection

Deniable authenticated encryption (DAE) is a cryptographic primitive that supports data confidentiality with deniable authentication in an efficient manner. The DAE plays a significant role in location-based service systems for privacy protection. In this paper, we construct a certificateless DAE (CLDAE) scheme. The CLDAE is based on certificateless cryptosystems (CLCs), which avoids the need to manage public key certificates in public key infrastructure (PKI)-based cryptosystems and key escrow problems in identity-based cryptosystems (IBCs). Our design utilizes hybrid methods: tag-key encapsulation mechanism (TKEM) and data encapsulation mechanism (DEM). This technique is more suitable for location-based applications. We show how to construct a CLDAE scheme utilizing a certificateless deniable authenticated tag-KEM (CLDATK) and a DEM. We also design a CLDATK scheme and provide formal security proof using the random oracle model (ROM). We conduct a comprehensive performance analysis, which shows that CLDAE is highly efficient in terms of communication overhead. We also provide an application of the CLDAE for a location-based service (LBS) system.

An Efficient Deniable Authenticated Encryption Scheme for Privacy Protection

In the field of social survey of misconduct and legal consultation, the features of confidentiality, integrity, deniable authentication, and non-repudiation are needed for the sake of preserving privacy. For this special kind of application scenario, we propose an efficient deniable authentication encryption scheme. Our scheme can achieve the four secure features in a single logical step. And compared with the latest scheme, our scheme reduces the computational cost of encryption by about 30%, reduces computational cost of decryption by about 50%, and reduces the length of ciphertext by about 33%. Its security is shown in the random oracle model.

Comment on “A novel quantum deniable authentication protocol without entanglement”

Shi et al. (Quantum Inf Process 14(6):2183–2193, 2015) proposed a novel quantum deniable authentication protocol in which new shared secret keys can be updated timely with the help of a trusted party, and the fact that only the specified receiver could identify the true source of a given message is guaranteed by the new shared secret keys generated in the key update phase. Hence, the core of Shi et al.’s protocol is the key update phase . However, the analysis in this paper shows that there is a bug in the key update phase, which can lead to the failure of updating the shared key. Furthermore, an improved simple method is proposed to mitigate the security weakness.