Message Attack Research Articles

Practical two-party SM2 signing using multiplicative-to-additive functionality

Threshold signatures are important tools for addressing issues related to key management, certificate management, and cryptocurrencies. Among them, two-party SM2 signatures have received considerable interest recently. In this paper, we propose a fast and secure online/offline two-party SM2. By employing the re-sharing technique, we have successfully made the online phase of the signing process non-interactive while achieving nearly optimal computational efficiency. Additionally, in the offline phase, there is just a single call to the multiplicative-to-additive functionality based on Paillier encryption. Our protocol is existentially unforgeable under adaptive chosen message attacks in the random oracle model in the presence of a static adversary. Experimental results demonstrate that our proposed scheme outperforms previous similar schemes by approximately a factor of 2 in online computation and a factor of 3 in online communication. Our scheme can be applied in scenarios such as Certificate Authority (CA) and the signing of blockchain transactions to provide them with a more secure and flexible implementation method, enhancing the security and reliability of the systems.

LB-CLAS: Lattice-based conditional privacy-preserving certificateless aggregate signature scheme for VANET

The rapid development of vehicular ad-hoc networks (VANETs) has brought great convenience to intelligent transportation, and the secure transmission of information in VANETs has become a serious problem. In addition, the protection of private information of vehicles is also a key issue. Aiming at the problem of how to guarantee the secure transmission of information in VANETs under the condition of satisfying security and privacy, we propose a lattice-based conditional privacy-preserving certificateless aggregate signature scheme (LB-CLAS) for VANETs. Instead of using Number Theory Research Unit (NTRU) lattices and discrete Gaussian sampling, the proposed LB-CLAS scheme is based on algebraic lattice. In addition, based on the module version of Small Integer Solution (MSIS) and module version of Learning With Error (MLWE) hard problems, we prove that the LB-CLAS scheme is existential unforgeability under adaptively chosen message attacks (EUF-CMA). Our LB-CLAS scheme employs individual signature verification in vehicle-to-vehicle (V2V) mode, while utilizing aggregate signatures and batch verification in vehicle-to-infrastructure (V2I) mode, with slightly differing transmission parameters between the two modes. Based on Dilithium, our LB-CLAS scheme solves the problem of high storage overhead and computational cost of existing schemes. The performance analysis shows that our LB-CLAS scheme is more efficient in terms of computation cost, storage overhead, and power consumption compared to existing schemes. Compared with existing schemes, our LB-CLAS scheme reduces the signature and verification overheads by more than 17.6% and 43.4%, respectively. Our LB-CLAS program also has significant advantages in batch verification. As the number of vehicles increases, our batch certification time cost is reduced by more than 90%. In addition, our LB-CLAS scheme has the smallest signature length, with a signature size that is 1X smaller than the most efficient existing scheme for the same level of security.

Backdoor-resistant certificateless-based message-locked integrity auditing for computing power network

With the evolution of 6G technology, the computing power network (CPN), a crucial infrastructure underpinning the future of digital transformation, is being tightly integrated with 6G to jointly foster significant enhancements in network performance. However, the openness of the network and the semi-trusted nature of cloud service providers pose risks to user data, including potential theft and tampering. To address these challenges, this paper introduces a novel scheme called the backdoor-resistant certificateless message-locked integrity audit (BRCLMIA). This scheme incorporates a cryptographic reverse firewall, offering an efficient and secure approach to auditing CPN data integrity. Our thorough analysis demonstrates that the BRCLMIA scheme effectively safeguards against existential forgery under adaptive message attacks, safeguards against algorithm replacement attacks, and ensures the integrity and authenticity of data transmitted within the CPN. Furthermore, the performance analysis reveals that the BRCLMIA scheme exhibits remarkable communication and computational efficiency while defending against various attacks.

A revocable and comparable attribute-based signature scheme from lattices for IoMT

The Internet of Medical Things (IoMT) refers to the utilization of the Internet of Things (IoT) technology in the healthcare industry. Access control is particularly important for IoMT due to the sensitive nature of patient data, such as electronic health records (EHR). Although fine-grained access control can be achieved by attribute-based signature (ABS), existing ABS schemes lacks the ability to provide range comparison access policy in which patients can check whether the attribute value is within a certain range. In addition, the dynamic change of doctors’ permissions and the development of quantum technology also require that ABS can provide user revocation and resist quantum attacks. In order to solve these problems and make ABS schemes for IoMT more useful and more secure, we come up with a novel revocable and comparable ABS (RC-ABS) from lattices for IoMT, enabling fine-grained access control, attribute range comparison, and user revocation. First of all, we provide a proof of the unforgeability of our scheme in the standard model (SM) under the selective user revocation list semi-adaptive attribute adaptive message attack, which can resist attacks by semi-honest adversaries and prevent adversaries from attacking the weaknesses of hash functions in IoMT. Furthermore, our ABS scheme leverages the small integer solution problem (SIS) to effectively defends against quantum algorithm attacks. Finally, detailed performance analysis demonstrates that our solution not only possesses enhanced security features and functionalities, such as revocability, comparability, and resistance against quantum attacks, but also maintains a constant computation cost of user revocation, making it more efficient compared to other revocation schemes.

Quantum-Resistant Forward-Secure Digital Signature Scheme Based on q-ary Lattices

In this paper, we design and consider a new digital signature scheme with an evolving secret key, using random q-ary lattices as its domain. It is proved that, in addition to offering classic eu-cma security, the scheme is existentially forward unforgeable under an adaptive chosen message attack (fu-cma). We also prove that the secret keys are updated without revealing anything about any of the keys from the prior periods. Therefore, we design a polynomial-time reduction and use it to show that the ability to create a forgery leads to a feasible method of solving the well-known small integer solution (SIS) problem. Since the security of the scheme is based on computational hardness of a SIS problem, it turns out to be resistant to both classic and quantum methods. In addition, the scheme is based on the "Fiat-Shamir with aborts" approach that foils a transcript attack. As for the key-updating mechanism, it is based on selected properties of binary trees, with the number of leaves being the same as the number of time periods in the scheme. Forward security is gained under the assumption that one out of two hash functions is modeled as a random oracle.

IPCAS: An improved conditional privacy-preserving certificateless aggregate signature scheme without bilinear pairing for VANETs

Recently, Gong et al. proposed a Certificateless Aggregate Signature (CLAS) scheme (shorted by PCAS) with conditional privacy-preserving without bilinear pairing for Vehicular Ad-hoc Networks (VANETs). Unfortunately, after analyzing security, the PCAS scheme fails to satisfy the necessary unlinkability in VANETs and is vulnerable to the public key replacement forgery attack of the Type-I adversary. Subsequently, this article analyzes the causes of these two security issues in detail and proposes an improved CLAS scheme for VANETs (called IPCAS). Through security analysis, this article proves that the IPCAS is existentially unforgeable under the adaptive chosen message attacks against Type-I and Type-II adversaries in the random oracle model, and satisfies the necessary security and privacy requirements in VANETs, including unlinkability. Finally, the performance analysis results show that compared to PCAS for single message and n aggregate messages (n=1000), the computational overhead of IPCAS is reduced by 20.01% and 49.08% respectively, and the communication overhead is reduced by 18.75% and 28.14% respectively. Therefore, IPCAS not only makes up for the security vulnerabilities of PCAS but also has better performance.

Edwards curve digital signature algorithm for video integrity verification on blockchain framework

Within the field of forensic science, video integrity is an essential component that ensures the validity and dependability of visual evidence that is essential for court cases. Maintaining the integrity of justice in a time when digital modification tools are easily accessible requires making sure that video recordings are unaltered. Video footage is carefully inspected by forensic analysts who use advanced tools to look for indications of manipulation or change. This paper presents a novel, lightweight approach for verifying the integrity of video data. The proposed method utilizes the blockchain and the Edwards Curve Digital Signature Algorithm, coupled with the BLAKE2b hash function. Signatures are generated for video clips with a predetermined size called video segments and stored in blocks chronologically. The signature of the previous block is stored in the current block to add another layer of security. At the time of validation, these signatures are verified. Experimental results show that the proposed method outperforms state-of-the-art methods in both speed and security. Our method is capable of identifying any type of forgery on any video file, by anyone, at any given moment, with insignificant additional storage requirements. Furthermore, our security analysis shows that our method is resilient against various types of attacks, including collision attacks, key substitution attacks, side-channel attacks, and chosen message attacks. The proposed lightweight video integrity verification method is better suited for use in resource constrained devices.

A Certificateless Linearly Homomorphic Signature Scheme Based on Lattice for Network Coding

Abstract Homomorphic signature is an extremely important public key authentication technique for network coding to defend against pollution attacks. However, there are many problems with previous homomorphic signature schemes which require key escrow, cannot resist malicious key generation center (KGC), and are insecure in the post-quantum era. Therefore, we propose a lattice-based certificateless linearly homomorphic signature scheme. In our scheme, certificateless structure can avoid key escrow and malicious KGC. The lattice structure ensures that our scheme is secure in the post-quantum era. The bimodal Gaussian distribution is used to improve the security and the efficiency. Compared with the previous schemes, our scheme has smaller storage space (no key escrow), can avoid malicious KGC, is more secure in the post-quantum era, and has higher signature efficiency. At the same time, our scheme is more suitable for network coding. Finally, under random oracle model, we proved that our scheme is weakly context hiding and existentially unforgeable against adaptive chosen message attacks against external attackers and the internal KGC.

Attribute Based Signature Encryption Scheme Based on Cloud Computing in Medical Social Networks

The emergence of mobile medical social networks has provided great convenience for patients to communicate with each other about their medical conditions, promoting efficient and high-quality communication and exchange among patients. However, at the same time, it has also raised issues of confidentiality and privacy of patient data. In response to this issue, this article proposes a cloud-based attribute-based signature encryption scheme that can effectively protect the privacy of patient data. The patient encrypts their medical information and uploads it to the cloud server. When the data user wants to access the patient’s information, the cloud server helps the data user partially decrypt and verify the integrity of the data, which to some extent reduces the computational workload of the data user. Meanwhile, under the random oracle model, it has been proven that the scheme satisfies the unforgeability under selective message attacks, indistinguishability under selective cipher text attacks, and attribute privacy security. Theoretical analysis and numerical simulation experiments show that this scheme has higher efficiency than existing schemes in the signing and decryption stages.

A secure and efficient heterogeneous ID‐based signcryption for unmanned aerial vehicular networking system

AbstractIn the last decade, Internet of Things opened the door to applications of unmanned aerial vehicles (UAVs). Since the data is transferred on a public channel, therefore security, privacy, and efficiency are the main concerns of UAVs communication. Signcryption is a technique to execute encryption and signature in one step. However, the usual signcryption is not applicable to UAVs with constrained nature of resources and ground station. Moreover, in particular, UAVs and ground station need a heterogeneous signcryption for UAVs to establish communication with the ground station. But, the bilinear bilinear mapping is a very costly operation, so we need pairless identity based heterogeneous signcryption. The proposed design is unforgeable and secure against chosen message attacks. The experiment shows the efficiency of the proposed method. It takes less communication and computation costs.

Comment on “An efficient identity-based signature scheme with provable security”

In this comment paper, we reveal a security issue in an efficient identity-based signature (IBS) scheme that has been proven secure in the standard model. More specifically, we perform a key-only attack on the IBS scheme to break its universal unforgeability. Since the security notion of universal unforgeability under key-only attack (uuf-koa) is a weaker notion than the existential unforgeability under chosen message attack (euf-cma), this invalidates the euf-cma security claimed by the IBS scheme. Subsequently, we propose a fix to achieve a stronger seuf-cma security without a random oracle.

A lightweight attribute-based signcryption scheme based on cloud-fog assisted in smart healthcare.

In the environment of big data of the Internet of Things, smart healthcare is developed in combination with cloud computing. However, with the generation of massive data in smart healthcare systems and the need for real-time data processing, traditional cloud computing is no longer suitable for resources-constrained devices in the Internet of Things. In order to address this issue, we combine the advantages of fog computing and propose a cloud-fog assisted attribute-based signcryption for smart healthcare. In the constructed "cloud-fog-terminal" three-layer model, before the patient (data owner)signcryption, it first offloads some heavy computation burden to fog nodes and the doctor (data user) also outsources some complicated operations to fog nodes before unsigncryption by providing a blinded private key, which greatly reduces the calculation overhead of resource-constrained devices of patient and doctor, improves the calculation efficiency. Thus it implements a lightweight signcryption algorithm. Security analysis confirms that the proposed scheme achieves indistinguishability under chosen ciphertext attack and existential unforgeability under chosen message attack if the computational bilinear Diffie-Hellman problem and the decisional bilinear Diffie-Hellman problem holds. Furthermore, performance analysis demonstrates that our new scheme has less computational overhead for both doctors and patients, so it offers higher computational efficiency and is well-suited for application scenarios of smart healthcare.

PE-detector: Intrusion Detection of Periodic and Event Message Attacks on Controller Area Networks

PE-detector: Intrusion Detection of Periodic and Event Message Attacks on Controller Area Networks

Communication-robust multi-agent learning by adaptable auxiliary multi-agent adversary generation

Communication can promote coordination in cooperative Multi-Agent Reinforcement Learning (MARL). Nowadays, existing works mainly focus on improving the communication efficiency of agents, neglecting that real-world communication is much more challenging as there may exist noise or potential attackers. Thus the robustness of the communication-based policies becomes an emergent and severe issue that needs more exploration. In this paper, we posit that the ego system1) trained with auxiliary adversaries may handle this limitation and propose an adaptable method of Multi-Agent Auxiliary Adversaries Generation for robust Communication, dubbed MA3C, to obtain a robust communication-based policy. In specific, we introduce a novel message-attacking approach that models the learning of the auxiliary attacker as a cooperative problem under a shared goal to minimize the coordination ability of the ego system, with which every information channel may suffer from distinct message attacks. Furthermore, as naive adversarial training may impede the generalization ability of the ego system, we design an attacker population generation approach based on evolutionary learning. Finally, the ego system is paired with an attacker population and then alternatively trained against the continuously evolving attackers to improve its robustness, meaning that both the ego system and the attackers are adaptable. Extensive experiments on multiple benchmarks indicate that our proposed MA3C provides comparable or better robustness and generalization ability than other baselines.

Provably secure multi-signature scheme based on the standard SM2 signature scheme

The multi-signature scheme plays a crucial role in addressing trust and authentication challenges in digital transactions and other scenarios by allowing multiple users to sign the same message. Among various signature schemes, the SM2 signature scheme stands out for its exceptional security and efficiency, making it widely adopted in numerous fields. In this paper, we propose the first provably secure multi-signature scheme based on the standard SM2 signature scheme, i.e., the scheme can be reduced to the standard SM2 signature scheme when there is only one signer. We prove that our scheme is existential unforgeability under chosen message attacks in the bijective random oracle model, based on the assumption that the elliptic curve discrete logarithm problem is hard. Compared with the existing multi-signature schemes based on the SM2 signature scheme in the same category, our scheme exhibits improved efficiency in terms of communication delay and computational cost.

Attribute-Based Proxy Signature Scheme Supporting Flexible Threshold Predicate for UAV Networks

Unmanned aerial vehicle (UAV) is an attractive application because of its flexibility and economy. It may use a digital signature scheme to protect commands sent to UAVs. Moreover, the digital signature scheme should guarantee the real-time performance of UAVs executing commands and protect the signer’s privacy. Therefore, we proposed an attribute-based proxy signature (ABPS) scheme supporting flexible threshold predicate for UAV networks and proved its security. It has existential unforgeability under selective-predicate and chosen message attacks (EUF-sP-CMA) and can protect the signer’s privacy. We analyzed its computation costs based on experimental data and communication costs. The analysis results indicate that our ABPS scheme has less computation costs than other ABPS schemes and is at the same level as other ABPS schemes on communication costs.

Revocable Signature Scheme with Implicit and Explicit Certificates.

This paper addresses the certificate revocation problem and proposes the first revocable pairing-based signature scheme with implicit and explicit certificates (IE-RCBS-kCAA). We should no longer discuss whether to revoke certificates but how to do it effectively, ensuring both the scalability of the revocation operation and the non-repudiation of the signature in the short or long term. Under the computational difficulty assumptions of the modified collusion attack algorithm with k traitors (k-mCAA) and discrete logarithm (DL) problems, we demonstrate that our scheme is secure against existential unforgeability under chosen message attacks (EUF-IERCBS-kCAA-CMA) in a random oracle model. The proposed solution is scaled and allows the use of many trusted status authorities that issue explicit short-term certificates confirming the validity of explicit long-term certificates. Furthermore, we demonstrate that our signature scheme has a short-term non-repudiation property for the shell validity model.

Efficient Anonymous Batch Authentication Scheme With Conditional Privacy in the Internet of Vehicles (IoV) Applications

The Internet of Vehicles (IoV) has emerged as a robust solution to improve real-time road traffic conditions, safety, and driving comfort. However, the road’s dynamic environment and network heterogeneity make communication insecure. It poses many security threats like man-in-the-middle attacks, impersonation attacks, replay attacks, etc. Therefore, the message exchanges and real identities of nodes over the IoV network need to be preserved. The existing authentication schemes are inefficient and incur computational and communication overhead. They are unsuitable for resource-constrained IoV networks due to their highly dynamic nature, open communication, and chaotic road environment. Therefore, this paper proposes an elliptic curve cryptography-based secure and efficient anonymous batch authentication scheme with conditional privacy (EABAS-CP) for the IoV environment. The EABAS-CP scheme achieves conditional privacy by tracing the malicious vehicle efficiently. The RSU’s distributed parameters generate a pseudo-identity for vehicles and unique signatures that do not require secure channels and trusted authorities (TAs) for secure communication. Furthermore, the EABAS-CP scheme supports batch signature verification in which multiple signatures can be verified simultaneously and efficiently. The Random Oracle Model (RoM) provides unforgeability against adaptive message attacks by using the Elliptic Curve Discrete Logarithm Problem (ECDLP). The AVISPA simulation tool is used to evaluate the proposed protocol for its reliability and protection from the attacks like man-in-the-middle and replay attacks. The proposed EABAS-CP scheme is also proven secure against replay, impersonation, stolen verifier, ephemeral secret leakage, and linkability attacks. The network performance of the EABAS-CP scheme has been evaluated in terms of end-to-end delay, throughput, average message delay, average message loss ratio, communication cost, and computation cost through the NS-2 simulator and compared with existing schemes to demonstrate its efficiency.

A Security-Enhanced Pairing-Free Certificateless Aggregate Signature for Vehicular Ad-Hoc Networks

As self-organizing, highly heterogeneous and multi-interactive networks, vehicular ad-hoc networks (VANETs) are rapidly improving the efficiency of modern traffic. This promising technology is significant for supporting current intelligent transportation by cooperative data sharing and processing. Considering requirements for secure interactions and the limitation of resources in VANETs, protecting data authenticity while enhancing computational efficiency has become the main challenge. A certificateless aggregate signature (CLAS) can not only ensure data security, but also reduce communication costs, which is suitable for a resource-constrained environment. However, most existing CLAS schemes either own serious security vulnerabilities or result in tremendous computational overhead. In this article, we propose an efficient, privacy-preserving, and pairing-free CLAS scheme with enhanced security. We prove that it is existentially unforgeable against adaptive chosen message attacks in the random oracle model. Performance evaluation illustrates that our proposed scheme is more appropriate to the VANETs scenario.

A Privacy-Preserving Data Aggregation Scheme Based on Chinese Remainder Theorem in Mobile Crowdsensing System

Mobile crowdsensing provides a large-scale reliable data, since sensing nodes support wide distribution, flexible mobility, and opportunistic connectivity. The generated data often contains the sensing node's sensitive information. Existing schemes dedicated to protecting the privacy of perception data, but these schemes cannot balance the computational and communication overheads well. Therefore, we propose a privacy-preserving data aggregation scheme based on the Chinese remainder theorem. Using blinding factor and Paillier homomorphic encryption technology, which not only ensures the privacy of perceived data but also improves the robustness of the system. Specially, the introduction of secure multicast communication technology based on the Chinese remainder theorem protects task privacy and ensures only designated sensing nodes can obtain the task. In addition, we design an efficient signature scheme to ensure data integrity. Detailed security analysis shows that our scheme is existentially unforgeable against adaptively chosen message attack. Extensive experiments and performance analysis show that our scheme is efficient and has a low communication overhead.