IET Information Security
Volume 12, Issue 3, May 2018
Volumes & issues:
Volume 12, Issue 3
May 2018
-
- Source: IET Information Security, Volume 12, Issue 3, page: 165 –165
- DOI: 10.1049/iet-ifs.2018.0043
- Type: Article
- + Show details - Hide details
-
p.
165
(1)
- Author(s): Nils Fleischhacker ; Johannes Krupp ; Giulio Malavolta ; Jonas Schneider ; Dominique Schröder ; Mark Simkin
- Source: IET Information Security, Volume 12, Issue 3, p. 166 –183
- DOI: 10.1049/iet-ifs.2017.0041
- Type: Article
- + Show details - Hide details
-
p.
166
–183
(18)
A sanitizable signature scheme is a malleable signature scheme where a designated third party has the permission to modify certain parts of the message and adapt the signature accordingly. This primitive was introduced by Ateniese et al. (ESORICS 2005) and Brzuska et al. (PKC 2009) formalized the initially suggested five security properties. In the subsequent year, Brzuska et al. (PKC 2010) introduced a notion called unlinkability where the basic idea is that linking message-signature pairs of the same document should be infeasible. Brzuska et al. formalized this notion and suggested a generic instantiation based on group signatures with a special structure. Unfortunately, the most efficient instantiations of group signatures do not have this property. In this work, we present the first efficient construction of unlinkable sanitizable signatures based on a novel type of signature schemes with re-randomizable keys. This property allows one to re-randomize both the signing and the verification key separately but consistently. Given a signature scheme with re-randomizable keys, we obtain a sanitizable signature scheme by signing the message with a re-randomized key and proving in zero-knowledge that the derived key originates from either the signer or the sanitizer. To obtain an efficient instantiation, we instantiate this generic idea with Schnorr signatures and efficient -protocols that we turn into a non-interactive zero-knowledge proof via the Fiat-Shamir transformation. In this work, we present an optimized version that is more efficient than the construction we suggested in the extended abstract of this work at PKC 2016.
- Author(s): Yusuke Sakai ; Nuttapong Attrapadung ; Goichiro Hanaoka
- Source: IET Information Security, Volume 12, Issue 3, p. 184 –193
- DOI: 10.1049/iet-ifs.2017.0029
- Type: Article
- + Show details - Hide details
-
p.
184
–193
(10)
Attribute-based signatures allow us to sign anonymously, in such a way that the signature proves that the signer's attributes satisfy some predicate, but it hides any other information on the signer's attributes beyond that fact. As well as any cryptographic primitive, one of the important goals of the research on this primitive is to construct a scheme that is expressive (supports a wide class of predicates), is practically efficient, and is based on well-studied cryptographic assumptions. The authors construct attribute-based signature schemes that support any Boolean circuit of unbounded depth and number of gates, are practically efficient, from the symmetric bilinear Diffie–Hellman assumption. Toward this end, they combine the Groth–Sahai proof system, which serve as an efficient proof system for algebraic equations, and the Groth–Ostrovsky–Sahai proof system, which are still inefficient, but can prove any NP language via a Karp reduction to circuit satisfiability.
- Author(s): Sebastian Meiser and Dominique Schröder
- Source: IET Information Security, Volume 12, Issue 3, p. 194 –206
- DOI: 10.1049/iet-ifs.2017.0082
- Type: Article
- + Show details - Hide details
-
p.
194
–206
(13)
The authors introduce delegatable functional signatures (DFS) which support the delegation of signing capabilities to another party, called the evaluator, with respect to a functionality . In a DFS, the signer of a message can choose an evaluator, specify how the evaluator can modify the signature without voiding its validity, allow additional input, and decide how the evaluator can further delegate its capabilities. Technically, DFS unify several seemingly different signature primitives, including functional signatures and policy-based signatures, sanitisable signatures, identity-based signatures, and blind signatures. The authors characterise the instantiability of DFS with respect to the corresponding security notions of unforgeability and privacy. On the positive side, they show that privacy-free DFS can be constructed from one-way functions. Furthermore, they show that unforgeable and private DFS can be constructed from doubly-enhanced trapdoor permutations. On the negative side, they show that the previous result is optimal regarding its underlying assumptions. Their impossibility result shows that unforgeable private DFS cannot be constructed from one-way permutations.
- Author(s): Angelo De Caro ; Vincenzo Iovino ; Adam O'Neill
- Source: IET Information Security, Volume 12, Issue 3, p. 207 –216
- DOI: 10.1049/iet-ifs.2017.0040
- Type: Article
- + Show details - Hide details
-
p.
207
–216
(10)
Deniable encryption, first introduced by Canetti et al. 1997, allows equivocation of encrypted communication. In this work, the authors generalise its study to functional encryption (FE). The authors’ results are summarised as follows: They first put forward and motivate the concept of receiver-deniable FE, for which they consider two models. In the first model, as previously considered by O'Neill et al. 2011 in the case of identity-based encryption, a receiver gets assistance from the master authority to generate a fake secret key. In the second model, there are ‘normal’ and ‘deniable’ secret keys, and a receiver in possession of a deniable secret key can produce a fake but authentic-looking normal key on its own. In the first model, they show a compiler from any FE scheme for circuits to a FE scheme having receiver deniability. In addition, they show an efficient receiver-deniable FE scheme for Boolean formulae from bilinear maps. In the second (multi-distributional) model, they present a specific FE scheme for circuits having receiver deniability. To the authors’ knowledge, a scheme in the multi-distributional model was not previously known even for the special case of identity-based encryption. Finally, they construct the first sender (non-multi-distributional) deniable FE scheme.
- Author(s): Samuel Neves and Mehdi Tibouchi
- Source: IET Information Security, Volume 12, Issue 3, p. 217 –225
- DOI: 10.1049/iet-ifs.2017.0075
- Type: Article
- + Show details - Hide details
-
p.
217
–225
(9)
Invalid curve attacks are a well known attack class targeting elliptic curve arithmetic implementations. In such attacks, the adversary tricks the cryptographic device into carrying out scalar multiplications on a weaker curve instead of on the expected, secure curve. The original approach of Antipa et al., however, only affects elliptic curve implementations using addition and doubling formulas that are independent of at least one of the curve parameters. This property is satisfied for elliptic curves in Weierstrass form, but not newer, increasingly popular models such as (twisted) Edwards curves. It has, therefore, been suggested that invalid curve attacks would not be applicable against these alternate models. In this study, the authors demonstrate that this is not the case, and present the first attack of this nature against (twisted) Edwards curves, Jacobi quartics, Jacobi intersections, and more. They also extend the analysis to characteristic 2 models, namely binary Huff, Edwards, and Lambda coordinates. They also show that our result may be used constructively as a fault attack countermeasure inspired by Shamir's trick, particularly on curves over random base fields.
Guest Editorial: Selected Papers from the Public Key Cryptography (PKC 2016) Conference
Efficient unlinkable sanitizable signatures from signatures with re-randomizable keys
Practical attribute-based signature schemes for circuits from bilinear map
Delegatable functional signatures
Receiver- and sender-deniable functional encryption
Degenerate curve attacks: extending invalid curve attacks to Edwards curves and other models
-
- Author(s): Hongchao Hu ; Jiangxing Wu ; Zhenpeng Wang ; Guozhen Cheng
- Source: IET Information Security, Volume 12, Issue 3, p. 226 –237
- DOI: 10.1049/iet-ifs.2017.0086
- Type: Article
- + Show details - Hide details
-
p.
226
–237
(12)
In recent years, both academia and industry in cyber security have tried to develop innovative defense technologies, expecting that to change the rules of the game between attackers and defenders. The authors start by analysing the root causes of security problems in cyberspace: (i) vulnerabilities in cyber systems are universal; (ii) current cyber systems are static, predictable and monoculture which allows adversaries to plan and launch attacks effectively; (iii) existing techniques cannot detect and eliminates attacks employing unknown vulnerabilities. Based on their analysis, they develop a novel defense framework, mimic defense (MD), that employs ‘dynamic, heterogeneity, redundancy (DHR)’ mechanism to defense cyber attacks. The main ideas behind MD are: constructing diverse functional equivalent variants for the protected target; scheduling some variants to run in parallel dynamically; and adopting policy-based arbitration mechanism to decide whose results of current running variants are correct. Theoretical analysis and simulation results show that DHR can significantly increase the difficulties for attackers and enhance the security of cyber systems, and the security enhancement can be more than ten times. They also present a proof-of-principle prototype that employ MD, mimic router, to examine its effectiveness. Finally, they conclude its limitations.
- Author(s): Nader Sohrabi Safa ; Carsten Maple ; Tim Watson ; Steve Furnell
- Source: IET Information Security, Volume 12, Issue 3, p. 238 –245
- DOI: 10.1049/iet-ifs.2017.0257
- Type: Article
- + Show details - Hide details
-
p.
238
–245
(8)
The protection of organisational information assets requires the collaboration of all employees; information security collaboration (ISC) aggregates the efforts of employees in order to mitigate the effect of information security breaches and incidents. However, it is acknowledged that ISC formation and its development needs more investigation. This research endeavours to show how ISC forms and develops in the context of an organisation based on social bond factors. The social bond theory and theory of planned behaviour describe the effect of social bond factors on the attitude of employees and finally their behaviour regarding collaboration in the domain of information security. The results of the data analysis reveal that personal norms, involvement, and commitment to their organisation significantly influence the employees’ attitude towards ISC intention. However, contrary to the authors expectation, attachment does not influence the attitude of employees towards ISC. In addition, attitudes towards ISC, perceived behavioural control, and personal norms significantly affect the intention of employees towards ISC. The findings also show that the employees’ intention towards ISC and organisational support positively influence ISC, but that trust does not significantly affect ISC behaviour.
Mimic defense: a designed-in cybersecurity defense framework
Information security collaboration formation in organisations
Most viewed content
Most cited content for this Journal
-
High accuracy android malware detection using ensemble learning
- Author(s): Suleiman Y. Yerima ; Sakir Sezer ; Igor Muttik
- Type: Article
-
Crypto-based algorithms for secured medical image transmission
- Author(s): Ali Al-Haj ; Gheith Abandah ; Noor Hussein
- Type: Article
-
Pseudorandom bit generator based on non-stationary logistic maps
- Author(s): Lingfeng Liu ; Suoxia Miao ; Hanping Hu ; Yashuang Deng
- Type: Article
-
Constructing important features from massive network traffic for lightweight intrusion detection
- Author(s): Wei Wang ; Yongzhong He ; Jiqiang Liu ; Sylvain Gombault
- Type: Article
-
Empirical analysis of Tor Hidden Services
- Author(s): Gareth Owen and Nick Savage
- Type: Article