Implicit Certificate Research Articles

English

    Certificate-based encryption (CBE) is a new asymmetric encryption paradigm which was introduced to solve the certificate management problem in traditional public key encryption (PKE). It combines PKE and identity-based encryption (IBE) while preserving some of their most attractive features. CBE provides an efficient implicit certificate mechanism which eliminates the third-party queries and simplifies the certificate revocation problem in the traditional public key infrastructure (PKI). It also solves the key escrow problem and key distribution problem inherent in IBE. In this paper, we introduce the key replacement attack and the malicious-but-passive certifier attack into CBE, and define a class of new security models for CBE under different security levels according to the power of the adversaries against CBE. Our new security models are more elaborated and stronger compared with other existing ones. Then, we propose a generic construction of CBE from certificateless public key encryption and prove its security under the proposed security models in the standard model. We also show a concrete conversion using the proposed generic construction.   Key words: Certificate-based encryption, security model, generic construction, certificateless public key encryption, standard model. &nbsp

An ID-Based Authenticated Key Agreement Protocol for Wireless Sensor Networks

Providing a suitable key establishment protocol in wireless sensor networks is challenging due to all the characteristics of these networks, such as limitations of power, computation capability and storage resources. This paper presents a novel key agreement protocol for wireless sensor networks. By applying the ID-based technique, a sensor node and a security manager can achieve key exchange and fast authentication. In this protocol the expensive operations are removed from sensor node side and a sensor node needs not to transmit its implicit certificate, so it reduces the energy cost of sensor nodes. We prove the security of our protocol in the random oracle model.

Forward-Secure Certificate-Based Encryption and its Generic Construction

In this paper, we introduce a new asymmetric encryption paradigm called Forward-Secure Certificate-Based Encryption. It preserves the advantages of certificate-based encryption (CBE) such as implicit certificate and no private key escrow. At the same time it also inherits the properties of the forward-secure public key encryption. In a forward-secure CBE scheme, all users’ private keys are updated at regular periods throughout the lifetime of the system; exposure of a user’s private key corresponding to a given time period does not enable an adversary to break the security of the ciphertext sent to this user for any prior time period. We first provide the formal definition for forward-secure CBE and its security model. Then we propose a generic construction of forward-secure CBE and prove it to be secure against chosen plaintext attacks in the standard model. We also describe how this construction can be enhanced to achieve security against adaptive chosen-ciphertext attacks both in the standard model and in the random oracle model. Finally, a concrete forward-secure CBE scheme is constructed.

Secure Vehicle-to-roadside Communication Protocol Using Certificate-based Cryptosystem

As various applications of vehicular ad hoc networks (VANETs) have been proposed, security has become one of the big research challenges and is receiving increasing attention. In this paper, we propose a secure and an efficient vehicle-to-roadside communication protocol by using the recently developed concepts of a certificate-based cryptosystem. The proposed approach combines the best aspects of identity-based public key cryptography approaches (implicit certification) and traditional public key infrastructure approaches (no key escrow). As compared with the previous works, which were implemented with the traditional public key infrastructure and identity-based public key cryptography, the proposed approach is more secure and efficient.

Security Mediated Certificateless Signatures Without Pairing

Security-mediated certificateless (SMC) signature provides a method for immediate revocation of security capabilities in certificateless signature (CLS). In addition, SMC signauture maintains the merits in CLS: implicit certification without key escrow. Unfortunately, most of the existing schemes for CLS and SMC signature are based on bilinear pairing. There are schemes without bilinear pairing such as [1] and [2] which is based on discrete logarithm problem. In this paper, based on the schemes in [2] and [3], we propose another SMC signature scheme without bilinear pairing. Our scheme is existential unforgeable in the random oracle model based on the intractability of the factoring problem. In addition, it is also efficient in signing and verifyin.

Partial decryption attacks in security-mediated certificateless encryption

Certificateless encryption refers to public key encryption with implicit certification. Security-mediated certificateless (SMC) encryption takes one-step further, such that every decryption requires a security-mediator (SEM) to partially decrypt the ciphertext. One major benefit is that instant revocation can be done by simply instructing the SEM to reject any further decryption request. Similar to the conventional chosen-ciphertext attack, it is reasonable to assume that an adversary can obtain the partial decryption of many ciphertexts. The authors show that the schemes proposed by Yang-Wang-Wang in AINAW 2007, Lo-Hwang-Li in IET Information Security, 1(3) and Yang-Xiong-Su in Computer Applications, 28(11) are insecure against partial decryption attacks, and hence cannot be classified as SMC encryption according to the original Chow-Boyd-Gonza-lez Nieto-s formulation in PKC 2006.

Threshold Certificate-based Encryption

Certificate-based encryption (CBE) is a new asymmetric encryption paradigm which combines traditional public-key encryption (PKE) and identity based encryption (IBE) while preserving some of their most attractive features. CBE provides an efficient implicit certificate mechanism to eliminate third-party queries for the certificate status and to simply the certificate revocation problem. Therefore, CBE can be used to construct an efficient PKI requiring fewer infrastructures. In addition, it also solves the key escrow problem and key distribution problem inherent in IBE. In this paper, we introduce a new notion called Threshold Certificate-Based Encryption (TCBE) to overcome the limitations of CBE due to the using of sole master key in the system. It preserves the advantages of CBE such as implicit certificate and no private key escrow. At the same time it inherits the properties of threshold encryption. We first formalize the definition and security model for TCBE. Then we propose a concrete TCBE scheme and prove it to be CCA-secure under the Decisional Bilinear Diffie-Hellman assumption in the standard model.

Constructing Efficient Certificate-based Encryption with Paring

The certificate-based encryption (CBE) is a new PKC paradigm which combines traditional public-key encryption (PKE) and identity based encryption (IBE) while preserving their features. CBE provides an efficient implicit certificate mechanism to eliminate third-party queries for the certificate status and to simply the certificate revocation problem. Therefore, CBE can be used to construct an efficient PKI requiring fewer infrastructures. In addition, it also solves the key escrow problem and key distribution problem inherent in IBE. In this paper, we construct an efficient CBE scheme with paring and prove it to be CCAsecure in the random oracle model based on the hardness of the Bilinear Diffie-Hellman Inversion assumption. When compared with other existing CBE schemes, our scheme has obvious advantage in the computation performance.

Seeking More Scienter: The Effect of False Claims Act Interpretations

Two circuit conflicts have developed regarding the proper interpretation of the FCA. First, the circuits are divided over whether an implicit certification of compliance with a federal law, regulation, or contract is sufficient to give rise to liability under the FCA. Second, the circuits have split on what constitutes presentment of a claim to the government as required by the FCA. While the two circuit splits involve separate questions of interpretation, courts that have rejected liability on both issues are motivated by a common but unacknowledged concern: ensuring that unsuspecting defendants do not face FCA liability. The interpretive moves used to achieve this result, however, in practice create additional scienter requirements that are imperfect solutions for the problem of unsuspecting defendants. In fact, the courts are doing more harm than good. The statutory scienter framework can better protect unsuspecting defendants than the courts' similarly intentioned reinterpretations of the FCA.

Efficient Certificate-Based Signcryption Scheme from Bilinear Pairings

Signcryption is a public key cryptographic primitive that performs digital signature and public key encryption simultaneously, at lower computational costs and communication overheads than the signature-then-encryption approach. In this paper, an efficient certificate-based signcryption scheme based on bilinear pairings is proposed. As compared to traditional and identity-based signcryption schemes, the proposed scheme has the following advantages: it provides implicit certification; it does not have the private key escrow feature of identity-based signcryption schemes. we also analyze the proposed scheme from security and performance points of view.

Alliances Between Competitors and Consumer Information

Alliances between competitors where an established firm provides access to its marketing and distribution channels are an important real-world phenomenon. We analyze a market where an established firm, firm A, produces a product of well-known quality, and a firm with an unknown brand, firm B, has to choose to produce high or low quality. Firm A observes firm B's quality choice but consumers do not. Hence, firm B is subject to a moral hazard problem which can potentially be solved by firm A. Firm A can accept or reject to form an alliance with firm B, which is observed by consumers. If an alliance is formed, firm A is providing an implicit certification about the rival's product: consumers can infer that firm B is a strong competitor (high quality), as otherwise why would the established firm accept to form an alliance? The mechanism we discover allows for an economic interpretation of several types of business strategies.