Private Key Generator Research Articles

Efficient and provably secured puncturable attribute-based signature for Web 3.0

Web 3.0 is a grand design with intricate data interchange, implying the requirement of versatile network protocol to ensure its security. Attribute-based signature (ABS) allows a user, who is featured with a set of attributes, to sign messages under a predicate. The validity of the ABS signature demonstrates that this signature is generated by the user whose attributes satisfy the corresponding predicate, and thus flexibly achieves anonymous authentication. Similar to other digital signatures, the security of ABS is broken in case the private key of the user is leaked out. To address the threat brought by the key leakage, this paper proposes a puncturable attribute-based signature scheme that allows the private key generator to revoke the signing right associated with specific tags. This paper firstly elaborates the construction of the proposed ABS scheme with puncturable property, and then proves its security theoretically by reducing the involved security to the computational Diffie–Hellman assumption. This paper then experimentally shows that the suggested puncturable ABS scheme owns a more efficient storage cost and superior performance.

Lattice-based multi-authority ciphertext-policy attribute-based searchable encryption with attribute revocation for cloud storage

Multi-authority attribute-based searchable encryption (MABSE) is an flexible and efficient way to securely share and search encrypted data. Compared with single-authority systems, MABSE has more complex access control policies and key management mechanism. However, most existing MABSE schemes rely on traditional number-theoretic assumptions, which maybe vulnerable to attack in the era of quantum-computers. Besides, the effective revocation of user attributes is also crucial in searchable encryption. To overcome these challenges, this paper proposes a new multi-authority ciphertext-policy attribute-based searchable encryption scheme for securely sharing encrypted data in the cloud. By calling Shamir’s threshold secret-sharing technology twice, we achieve co-management of the master key by attribute authorities and interactive generation of user private keys. Furthermore, the KUNodes algorithm is employed for attribute revocation, offering a mechanism to update private keys for non-revoked users. Compared to other schemes, MCP-ABSE-AR introduces multiple attribute authorities responsible for managing user attributes collectively. Additionally, it provides functionalities for keyword searching and attribute revocation. Finally, the proposed scheme is proved to be semantically secure under the decision learning with errors problem in the standard model.

A Novel Security Scheme Supported by Certificateless Digital Signature and Blockchain in Named Data Networking

Named Data Networking (NDN) is a promising network architecture that differs from the traditional TCP/IP network, as it focuses on data rather than the host. A new secure model is required to provide the data-oriented trust instead of the host-oriented trust. This paper proposes a new secure solution in the NDNs named Secure Mechanism supported by Certificateless Digital Signature and Blockchain (CLDS-B). The CLDS-B scheme employs a certificateless digital signature to guarantee the authentication and integrity of data. On the one hand, the key escrow problem has been solved to eliminate the risks of compromised private key generators; on the other hand, the data name has been bound to the public key to prevent the false public key. Moreover, the blockchain is used to manage cryptographic information. Each domain designates an information service entity to join the blockchain so that the consumer could retrieve the cryptographic information public parameter in the local domain if necessary. Furthermore, due to the decentralization of the blockchain, the CLDS-B would be robust to resist the single-node failure. Simulation results show that the CLDS-B scheme outperforms a classic NDN scheme, although it shows slightly inferior to the other secure NDN scheme. The security verification and analysis show that the CLDS-B would resist the key escrow attack. The CLDS-B would be a competitive solution in scenarios with a high-security level.

Secure semantic search using deep learning in a blockchain-assisted multi-user setting

Deep learning-based semantic search (DLSS) aims to bridge the gap between experts and non-experts in search. Experts can create precise queries due to their prior knowledge, while non-experts struggle with specific terms and concepts, making their queries less precise. Cloud infrastructure offers a practical and scalable platform for data owners to upload their data, making it accessible to intended data users. However, the contemporary single-owner/single-user (S/S) approach to DLSS schemes falls short of effectively leveraging the inherent multi-user capabilities of cloud infrastructure. Furthermore, most of these schemes delegate the dissemination of secret keys to a single trust point within the mutual distrust scenario in cloud infrastructure. This paper proposes a Secure Semantic Search using Deep Learning in a Blockchain-Assisted Multi-User Setting (S3DBMS)\\documentclass[12pt]{minimal} \\usepackage{amsmath} \\usepackage{wasysym} \\usepackage{amsfonts} \\usepackage{amssymb} \\usepackage{amsbsy} \\usepackage{mathrsfs} \\usepackage{upgreek} \\setlength{\\oddsidemargin}{-69pt} \\begin{document}$$(S^3DBMS)$$\\end{document}. Specifically, the seamless integration of attribute-based encryption with transfer learning allows the construction of DLSS in multi-owner/multi-user (M/M) settings. Further, blockchain’s smart contract mechanism allows a multi-attribute authority consensus-based generation of user private keys and system-wide global parameters in a mutual distrust M/M scenario. Finally, our scheme achieves privacy requirements and offers improved security and accuracy.

Physical-Layer Secret and Private Key Generation in Wireless Relay Networks With Correlated Eavesdropping Channels

Physical-Layer Secret and Private Key Generation in Wireless Relay Networks With Correlated Eavesdropping Channels

A Key Based Hybrid Approach for Privacy and Integrity in Multi-Cloud

Before users store data in the cloud, many security issues must be addressed, as they will have no direct control over the data that has been outsourced to the cloud, particularly personal and sensitive data (health, finance, military, etc.). This article proposes a system based on chaotic maps for private key generation. A hybrid encryption for fast and secure cryptography. In addition to a multi-cloud storage with Pseudonymized file names to preserve user data privacy on the cloud while minimizing data loss. As well as a hash approach to check data integrity. AES in combination with RSA and fragmenting the file is used for the encryption. Integrity is cheeked using SHA-3. The experiments demonstrated that the key generation strategy may provide efficient keys in a shorter amount of time. Furthermore, the keys for the proposed approach passed NIST randomness testing. When cipher text fragmentation and encryption are combined, the average entropy value was (7.99). In addition, as file sizes grew, the total system's execution time increased only slightly.

A novel authentication scheme for secure data sharing in IoT enabled agriculture

Now a days, the Internet of Things (IoT) plays a vital role in every industry including agriculture due to its widespread and easy integrations. The agricultural methods are incorporated with IoT technologies for significant growth in agricultural fields. IoT is utilized to support farmers in using their resources effectively and support decision-making systems with better field monitoring techniques. The data collected from IoT-based agricultural systems are highly vulnerable to attack, hence to address this issue it is necessary to employ an authentication scheme. In this paper, Auth Key_Deep Convolutional Neural Network (Auth Key_DCNN) is designed to promote secure data sharing in IoT-enabled agriculture systems. The different entities, namely sensors, Private Key Generator (PKG), controller, and data user are initially considered and the parameters are randomly initialized. The entities are registered and by using DCNN a secret key is generated in PKG. The encryption of transmitted data is performed in the data protection phase during the protection of data between the controller and the user. Additionally, the performance of the designed model is estimated, where the experimental results revealed that the Auth Key_DCNN model recorded superior performance with a minimal computational cost of 142.56, a memory usage of 49.5 MB, and a computational time of 1.34 sec.

PPADT: Privacy-Preserving Identity-Based Public Auditing With Efficient Data Transfer for Cloud-Based IoT Data

Public auditing is a significant technique in cloud-based IoT systems, which enables the verifier to check the integrity of IoT data stored in the cloud. Nowadays, data become a core property for owners. Once the data of one owner are sold to another one, the ownership of these data has to be transferred. However, the existing public auditing schemes with data transfer require all the authenticators corresponding to the transferred data to be transformed to the new ones for integrity auditing. It incurs significant computation cost because of re-computing the new authenticators for all transferred data, especially when a vast quantity of data is being transferred. In addition, the data privacy and the identity privacy of the data owner cannot be protected for the verifier in such schemes. Thus, how to achieve efficient data transfer and privacy protection are key challenges in public auditing with data transfer for cloud-based IoT data. In this paper, we propose a privacy-preserving identity-based public auditing scheme with efficient data transfer for cloud-based IoT data (PPADT). In PPADT, all the authenticators corresponding to the transferred data blocks do not need to be transformed. We only need to transform an aggregated authenticator in the integrity auditing phase. It means that the computation cost of data transfer is independent of the number of transferred data blocks. Furthermore, the data owner’s identity privacy can be ensured with the assistance of the private key generator. The data privacy can also be guaranteed by employing the random masking technique.

MKSS: An Effective Multi-authority Keyword Search Scheme for edge–cloud collaboration

The rapid development of cloud computing motivates Internet of Things users to outsource their data to enjoy value-added cloud services: data storage, data sharing, etc. To provide reliable but searchable results, searchable encryption (e.g., Ciphertext-Policy Attribute-Based Keyword Search (CP-ABKS)) become an area of active research. One major drawback of existing CP-ABKS designs lies in the private key being generated and distributed by a trusted Central Authority (CA), which is a single point of failure/attack. Another limitation is that the cloud server may return forged or incomplete query results to the data user. This paper proposes a novel Multi-authority Keyword Search Scheme for edge–cloud collaboration (MKSS). To protect the security of the private key, we design a private key generation algorithm based on secure multi-party computation. To preserve the integrity of search results, we construct an efficient verification algorithm that detects forged or incomplete results. We evaluate the security and performance of our protocol using real-world datasets to demonstrate robustness and efficiency. Our construction advances the existing body of research towards secure and efficient keyword search protocols in cloud systems.

T-FIM: Transparency in Federated Identity Management for Decentralized Trust and Forensics Investigation

Federated Identity Management (FIM) has gained significant adoption as a means to simplify user authentication and service authorization across diverse domains. It serves as a centralized authentication and authorization method, enabling users to access various applications or resources using credentials issued by a universally trusted identity provider (IdP). However, recent security incidents indicate that the reliability of credentials issued by IdP is not absolute in practice. If the IdP fails, it can persistently access any application that trusts it as any user. This poses a significant security threat to the entire system. Furthermore, with the increasing adoption of FIM across diverse scenarios, there is a growing demand for the development of an identity management system that can effectively support digital forensics investigations into malicious user behavior. In this work, we introduce transparency to federated identity management, proposing T-FIM to supervise unconditional trust. T-FIM employs privacy-preserving logs to record all IdP-issued tokens, ensuring that only the true owner can access the exact token. We utilize identity-based encryption (IBE), but not just as a black box, encrypting tokens before they are publicly recorded. In addition, we propose a decentralized private key generator (DPKG) to provide IBE private keys for users, avoiding the introduction of a new centralized trust node. T-FIM also presents a novel approach to digital forensics that enables forensic investigators to collect evidence in a privacy-preserving manner with the cooperation of the DPKG. We conduct a comprehensive analysis of the correctness, security, and privacy aspects of T-FIM. To demonstrate the practical feasibility of T-FIM, we evaluated the additional overhead through experimental evaluations. Additionally, we compared its performance with other similar schemes to provide a comprehensive understanding of its capabilities and advantages.

Institutional innovation essence and knowledge innovation goal of intellectual property law in the big data era

This work aims to expand the understanding on the nature of institutional innovation and the goal of knowledge innovation of intellectual property (IP) law in the era of big data (BD) and to avoid the risks of information security in the IP service system. On the basis of the era of BD, the nature of institutional innovation and the goal of knowledge innovation in IP law are systematically discussed. Combined with smart contract (SC) technology, an IP service system based on blockchain technology is designed to ensure the security of IP services. The SC is optimized from the perspective of concurrency, and the contract transactions (CTs) are clustered. Moreover, considering the execution time (ET) and available resources of CTs, a speculative concurrency control algorithm that can realize intelligent contract scheduling is proposed. On the basis of the ciphertext-policy attribute-based encryption (CP-ABE) algorithm, a policy-updatable attribute encryption algorithm is designed. The improved CP-ABE algorithm includes six steps: system initialization, attribute private key generation, encryption, decryption, ciphertext policy generation, and ciphertext policy update. The identity parameter of the traceability manager is introduced into the improved CP-ABE scheme, which significantly increases the amount of computation of bilinear mapping, thus resulting in the time cost of encryption and decryption being approximately 350 ms and 300 ms higher than that of the CP-ABE scheme. Using the technical mode of “blockchain + SC,” the design of the IP service system is realized, which has important reference value for the institutional innovation of IP law.

IdenMultiSig: Identity-Based Decentralized Multi-Signature in Internet of Things

Most devices in the Internet of Things (IoT) work on unsafe networks and are constrained by limited computing, power, and storage resources. Since the existing centralized signature schemes cannot address the challenges to security and efficiency in IoT identification, this article proposes IdenMultiSig, a decentralized multi-signature protocol that combines identity-based signature (IBS) with Schnorr scheme under discrete logarithms on elliptic curves. First, to solve the problem of offline or faulty devices under unstable networks, we introduce a novel improvement of the existing Schnorr scheme by introducing a threshold Merkle tree for the verification with only <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$m$</tex-math> </inline-formula> valid signatures among <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$n$</tex-math> </inline-formula> participants ( <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$m$</tex-math> </inline-formula> – <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$n$</tex-math> </inline-formula> tree), while hiding the real identity to protect the data security and privacy of IoT nodes. Furthermore, to prevent dishonest or malicious behavior of the private key generator (PKG), a consortium blockchain is innovatively applied to replace the traditional PKG as a decentralized and trusted private key issuer. Finally, the proposed scheme is proven to be unforgeable against forgery signature attacks in the random oracle model (ROM) under the elliptic curve discrete logarithm (ECDL) assumption. Theoretical analysis and experimental results show that our scheme matches or outperforms existing research studies in privacy protection, offline device support, decentralized PKG, and provable security.

Lattices-Inspired CP-ABE from LWE Scheme for Data Access and Sharing Based on Blockchain

To address the quantum attacks on number theory-based ciphertext policy attribute-based encryption (CP-ABE), and to avoid private key leakage problems by relying on a trustworthy central authority, we propose a lattice-inspired CP-ABE scheme for data access and sharing based on blockchain in this paper. Firstly, a CP-ABE-based algorithm using learning with errors (LWE) assumption is constructed, which is selective security under linear independence restriction in the random oracle model. Secondly, the blockchain nodes can act as a distributed key management server to offer control over master keys used to generate private keys for different data users that reflect their attributes through launching transactions on the blockchain system. Finally, we develop smart contracts for proving the correctness of proxy re-encryption (PRE) and provide auditability for the whole data-sharing process. Compared with the traditional CP-ABE algorithm, the post-quantum CP-ABE algorithm can significantly improve the computation speed according to the result of the functional and experimental analysis. Moreover, the proposed blockchain-based CP-ABE scheme provides not only multi-cryptography collaboration to enhance the security of data access and sharing but also reduces average transaction response time and throughput.

A Smart Image Encryption Technology via Applying Personal Information and Speaker-Verification System

In this paper, a framework for authorization and personal image protection that applies user accounts, passwords, and personal I-vectors as the keys for ciphering the image content was developed and connected. There were two main systems in this framework. The first involved a speaker verification system, wherein the user entered their account information and password to log into the system and provided a short voice sample for identification, and then the algorithm transferred the user’s voice (biometric) features, along with their account and password details, to a second image encryption system. For the image encryption process, the account name and password presented by the user were applied to produce the initial conditions for hyper-chaotic systems to generate private keys for image-shuffling and ciphering. In the final stage, the biometric features were also applied to protect the content of the image, so the encryption technology would be more robust. The final results of the encryption system were acceptable, as a lower correlation was obtained in the cipher images. The voice database we applied was the Pitch Tracking Database from the Graz University of Technology (PTDB-TUG), which provided the microphone and laryngoscope signals of 20 native English speakers. For image processing, four standard testing images from the University of Southern California–Signal and Image Processing Institute (USC-SIPI), including Lena, F-16, Mandrill, and Peppers, were presented to further demonstrate the effectiveness and efficiency of the smart image encryption algorithm.

Efficient private key generation from iris data for privacy and security applications

Private key generation based on biometric data is gaining popularity in several cryptographic applications. Some key generation approaches using fingerprint and face data are known for this purpose. The existing approaches, in general, follow direct features from raw data, which may have an issue of revealing users’ biometric data. Further, iris biometrics being a better source for stable and secure key generation, is yet to be explored. In this work, an iris biometric-based key generation approach is proposed. In the proposed method, first, an ensemble L0 Gradient Minimization and an edge-preserving filter are used to extract iris structure from the iris images. Secondly, the iris texture data is normalized, and the consistent region is selected based on a novel statistical method. Thirdly, feature vectors are generated using the ensemble local space-filling curve descriptors and their variants. Fourth, a discriminant feature vector is generated using hybrid feature selection and neighbourhood component analysis. Finally, an interval-based encoding scheme is used to generate a key from the discriminant feature vector. To substantiate the efficacy of the proposed approach, extensive experiments have been carried out with near-infrared images, visible wavelength images, at-a-distance, and on-move images. Further, distinctiveness, dissimilarity, randomness, and security analyses have been carried out to validate the resilience of keys against different attacks. More significantly, a unique key can be generated dynamically, that is, from an online image. The proposed approach is applicable to different cryptographic applications, such as data storage security, remote authentication protocol, blockchain system security, etc.

An efficient revocable identity‐based encryption with ciphertext evolution in the cloud‐assisted system

AbstractIdentity‐based encryption (IBE) is a public key cryptosystem on purpose to remove the traditional certificate management. How to realize efficient user revocation in the IBE is of great importance when considering its application. The drawback of most existing works is that the revoked user can still access the ciphertext prior to revocation. One possible solution proposed by Sun et al. is to evolve the ciphertext in the cloud. However, it is unfortunate that the master time key in their scheme is kept by the private key generator (PKG), which means it is sustained extra burden. In this article, we present an efficient revocable IBE with ciphertext evolution in the cloud‐assisted system and the ciphertext remains constant size. The cloud server keeps only one secret master time update key sent by the PKG in a private channel, and thus our scheme offers scalability. In the meantime, our detailed analysis demonstrates that our proposed scheme is semantically secure against ciphertext chosen attacks based on the k‐CAA problem and enjoys better efficiency in computation and communication costs compared with previous works.

Secure multi-factor access control mechanism for pairing blockchains

Digitalization has made it easier for centric systems to transition from single-factor to two-factor authentication. However, several access control practices struggle to authenticate users correctly due to their weak and outdated authorization systems. Moreover, the majority of cloud-centric models suffer from security and single-point-of-failure issues. Consequently, several systems have migrated their access control services to the blockchain. A good illustration is using two-factor authentication techniques to increase transaction security in Bitcoin systems. However, with this holistic trend of 2FAs, multi-factor authentication has yet to see this trend. In this regard, the study proposes an access control technique that combines multiple factors of knowledge, inherent, and possession to authenticate users to the blockchain. The multiple factors derive a time-based access code for users to generate private keys. The efficiency of the proposed method is tested with a Py-Eth-pairing library to determine the computation cost and transmission overhead. Furthermore, we use the EIP (Ethereum Improvement Proposals) library to assess the gas cost and determine the throughput. Our findings show the suggested approach to achieving the lowest operational cost, making it scalable on the blockchain while demonstrating its practicability through the model framework.

Full black-box retrievable and accountable identity-based encryption

Accountable identity-based encryption (A-IBE) was proposed to relieve the key escrow problem caused by the fully trustworthy private-key generator (PKG) in the IBE system, where the true generator of private keys or decoder boxes can be traced back to the PKG or related users. Retrievable A-IBE (RA-IBE) enhances the security of A-IBE by providing retrievability to the master secret key of the PKG when more than one private key of the same user are released. RA-IBE strengthens the deterrent effect of A-IBE against the PKG since disclosure of the master secret key could lead to the breakdown of the entire IBE system. However, current RA-IBE schemes only provide retrievability in a white-box model, which limits the ability to support traceability and retrievability on well-formed private keys only. This overlooks the fact that a malicious PKG can easily conceal a private key within a decoder box, making the inserted private key inaccessible. To overcome this limitation, we propose a full black-box RA-IBE scheme, where traceability and retrievability of decoder boxes are provided while the malicious PKG is allowed to access the decryption oracle in the security model simultaneously. We first give the formal definition and security models of full black-box RA-IBE and then present a concrete construction. In our construction, a user interacts with the PKG to obtain its private key and an additional commitment tuple with which the user can retrieve the master secret key of the PKG using a related decoder box generated by the PKG. Finally, we show that the proposed full black-box RA-IBE scheme is secure in the random oracle model.

Transparent Registration-Based Encryption through Blockchain

Garg et al. (TCC 2018) defined the notion of registration-based encryption (RBE) where the private key generator (PKG) is decoupled from key management and replaced by a key curator (KC). KC does not possess any cryptographic secrets and only plays the role of aggregating the public keys of all the registered users and updating the public parameters whenever a new user joins the system, which solves the key escrow issue. Notwithstanding, RBE still places a significant amount of trust in KC, whose actions are not accountable, e.g., it could secretly register multiple keys for already registered users. In this article, we propose a blockchain-based RBE framework, which provides total transparency and decentralization of KC by leveraging smart contracts. Our framework transfers the right of key management from KC to individual participants and keeps publicly upgradable parameters on-chain. We provide a basic construction that calculates the public parameter on-chain and an extended construction with better efficiency, which merely calculates the roots of trees on-chain. Our basic version is theoretically feasible, while the extended version is practically feasible. In particular, the enhanced scheme reduces computing complexity to a constant level. Our prototype implementation and evaluation results demonstrate that our extended construction is satisfactorily efficient.

Secured Access Policy in Ciphertext-Policy Attribute-Based Encryption for Cloud Environment

The cloud allows clients to store and share data. Depending on the user’s needs, it is imperative to design an effective access control plan to share the information only with approved users. The user loses control of their data when the data is outsourced to the cloud. Therefore, access control mechanisms will become a significant challenging problem. The Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is an essential solution in which the user can control data access. CP-ABE encrypts the data under a limited access policy after the user sets some access policies. The user can decrypt the data if they satisfy the limited access policy. Although CP-ABE is an effective access control program, the privacy of the policy might be compromised by the attackers. Namely, the attackers can gather important information from plain text policy. To address this issue, the SHA-512 algorithm is presented to create a hash code for the user’s attributes in this paper. Depending on the created hash codes, an access policy will be formed. It leads to protecting the access policy against attacks. The effectiveness of the proposed scheme is assessed based on decryption time, private key generation time, ciphertext generation time, and data verification time.