Oct 19, 2016 - My friend Bob, until yesterday I was using binoculars for stargazing. Today ... Next, I plan to check out some ..... Proposed by Seo et al., 2014:.
towards dependable computing through public key cryptography alternative models LADC 2016 Tutorial
Eduardo da Silva, Mehran Misaghi, and Luiz Carlos P. Albini 19 October 2016 Catarinense Federal Institute UniSociesc Federal University of Paraná
learning outcomes
At the end of the course, participants will be able to: • Understand Public Key Cryptography concepts. • Explain the main alternative models to Public Key Infrastructure. • Explain how alternative models to PKI are applied to provide dependable computing.
2
table of contents
Part I - Introduction Part II - Alternative Cryptographic Models Parte III - Applications
3
Introduction
4
table of contents
1. Ancient Cryptography
2. Computer Era Cryptography
3. Certification
5
introduction
• Cryptography • is an important part of any security solution • is used on ATM cards, computer passwords, network communications, etc.
• It focus on secure communications in the presence of attackers. • It does not prevent the attacker from receive the information, it must prevent the attacker from understand / alter / access the information it is protecting.
6
introduction
• Note that cryptography is different from steganography • Steganography is the art of hide some information inside another text, picture, newspaper article, etc. • Steganography security is based on the attacker not finding the hidden message, while cryptography security is based on the attacker not being able to understand the message • However, they can be used together:
7
steganography
My friend Bob, until yesterday I was using binoculars for stargazing. Today, I decided to try my new telescope. The galaxies in Leo and Ursa Major were unbelievable! Next, I plan to check out some nebulas and then prepare to take a few snapshots of the new comet. Although I am satisfied with the telescope, I think I need to purchase light pollution filters to block the xenon lights from a nearby highway to improve the quality of my pictures. Cheers, Alice.
8
steganography
My friend Bob, until yesterday I was using binoculars for stargazing. Today, I decided to try my new telescope. The galaxies in Leo and Ursa Major were unbelievable! Next, I plan to check out some nebulas and then prepare to take a few snapshots of the new comet. Although I am satisfied with the telescope, I think I need to purchase light pollution filters to block the xenon lights from a nearby highway to improve the quality of my pictures. Cheers, Alice. mfbuyiwubfstidttmnttgilaumwuniptcosnat pttafsotncaiaswttitintplpftbtxlfanhtitqompca
9
steganography
My friend Bob, until yesterday I was using binoculars for stargazing. Today, I decided to try my new telescope. The galaxies in Leo and Ursa Major were unbelievable! Next, I plan to check out some nebulas and then prepare to take a few snapshots of the new comet. Although I am satisfied with the telescope, I think I need to purchase light pollution filters to block the xenon lights from a nearby highway to improve the quality of my pictures. Cheers, Alice. mfbuyiwubfstidttmnttgilaumwuniptcosnat pttafsotncaiaswttitintplpftbtxlfanhtitqompca π = 3.141592653589793...
10
steganography My friend Bob, until yesterday I was using binoculars for stargazing. Today, I decided to try my new telescope. The galaxies in Leo and Ursa Major were unbelievable! Next, I plan to check out some nebulas and then prepare to take a few snapshots of the new comet. Although I am satisfied with the telescope, I think I need to purchase light pollution filters to block the xenon lights from a nearby highway to improve the quality of my pictures. Cheers, Alice. mfbuyiwubfstidttmnttgilaumwuniptcosnat pttafsotncaiaswttitintplpftbtxlfanhtitqompca π = 3.141592653589793... buubdlupnpsspx 11
steganography My friend Bob, until yesterday I was using binoculars for stargazing. Today, I decided to try my new telescope. The galaxies in Leo and Ursa Major were unbelievable! Next, I plan to check out some nebulas and then prepare to take a few snapshots of the new comet. Although I am satisfied with the telescope, I think I need to purchase light pollution filters to block the xenon lights from a nearby highway to improve the quality of my pictures. Cheers, Alice. mfbuyiwubfstidttmnttgilaumwuniptcosnat pttafsotncaiaswttitintplpftbtxlfanhtitqompca π = 3.141592653589793... buubdlupnpsspx attack tomorrow from: www.cl.cam.ac.uk/~sc609/talks/ed12stego.pdf 12
ancient cryptography
ancient cryptography
• The steganography example involves one of the very first cryptography techniques find in history: the Cesar Cipher • The Cesar Cipher was used by the Roman empire • It consists in rotating the alphabet a certain number of characters to the left or to the right • The cipher employed by the Roman empire at Julio Cesar time rotate the alphabet in three characters • Today it sounds trivial to solve the Cesar Cipher, but 2000 years ago it was pretty hard. The first record of someone breaking the Cesar Cipher dates from the 9th century, and it is based on character frequency analysis.
14
ancient cryptography
• Ancient cipher methods are manual encryption techniques, most of them are based on character substitution • Two of the most famous famous methods are the Payfair and the Rotor techniques • Playfair: is the cryptography used by the British army in World War I and II • Rotor: is the technique behind the Enigma, the cryptography used by the German army in World War II
15
playfair
• Uses a 5x5 matrix for character substitution • Each cell of the matrix contains one character • i and j stays in the same cell • To build the matrix: • Select a key word • Start the matrix with the key word • Fill the rest of the matrix with the alphabet characters not used in the key word
16
a pelo preenchimento das letras da palavra-chave (menos duplica playfair ara baixo, e depois pelo preenchimento do restante da matriz com
m como• uma Matrixletra with the key word: UFPR
Exemplo de matrix do algoritmo Playfair com a palavra-chave UFPR
17 rafado com duas letras de cada vez, de acordo com as seguintes
playfair
• Substitute EO by CS
Regra da substiuição de linha e coluna 18
playfair tratado como ca rx ro.
laro que se encontrem na mesma linha da matriz sao substituídas p
nto da linha vindo após o último, de forma circular. Por exemplo, CG • Substitute CG by DB
Regra das letras em mesma linha
laro que se encontrem na mesma coluna são substituídas pela letra 19
playfair
Regra das letras em mesma linha
ro que se encontrem na mesma coluna são substituídas pela le
oluna vindo após o último, de forma circular. Por exemplo, DX é • Substitute DX by KP
Regra das letras em mesma coluna
20 tra de texto claro em um par é substituída pela letra que se enco
rotor
• Uses several rotors, 3 for example • The first rotor changes position at each character typed • The second one changes one position after each lap of the first rotor • The third rotor changes one position after each lap of the second one • Inside each rotor there is a fixed character substitution • There is no key word. The key is the initial position of each rotor
21
rotor
from: global.britannica.com/topic/rotor-cipher-machine 22
enigma
from: en.wikipedia.org/wiki/Enigma_machine
23
enigma
• Uses 5 rotors • 2 other different types of character changes • A code book, indicating the start position of each component each day • Operator type a letter and a machine indicates the cyphered letter • Very hard to break • One of the last well succeed cryptography algorithm before the computer era
24
computer era cryptography
classification
• Computer based algorithms • Must always consider the brute force attack performed by fast computers • Algorithms can be classified into Symmetric and Asymmetric
26
symmetric
• The same key is used to encrypt and to decrypt messages • All parts involved in a communication must know the key • Key must be stored securely by everybody • If key is corrupted, all communications are vulnerable • Use small key to achieve the same protection when compared with asymmetric algorithms • Keys smaller than 96 bits are considered broken nowadays • Faster then asymmetric algorithms • Example: DES / AES
27
symmetric
from: www.ibm.com/support/knowledgecenter/SSB23S_1.1.0.13/gtps7/s7symm.html 28
des
from: homepage.usask.ca/~dtr467/400/
29
aes
from: yhscs.us/advanced/lessons/aes.php
30
asymmetric • One key is used to encrypt (public key) and another one to decrypt (private key) messages • The public key is not able to decrypt the message encrypted with itself • Each computer has its own public and private keys • Private key must be stored securely • If private key is corrupted, only the communications to this computer are compromised • Use larger keys than symmetric algorithms • Security reports suggest the use of 2048 bits keys • Slower than symmetric algorithms • Example: RSA 31
asymmetric
from: www.ibm.com/support/knowledgecenter/SSB23S_1.1.0.13/gtps7/s7pkey.html 32
rsa
from: article.sciencepublishinggroup.com/html/10.11648.j.iotcc. 20160402.12.html 33
combining worlds • One way to overcome the limitations of both symmetric and asymmetric worlds can be achieved by combining them • Each computer has its own public and private keys • Each communication starts as an asymmetric one • The first step through the asymmetric cryptography is a symmetric session key agreement between the two parts • This symmetric key is used during the entire communication session and then it is discarded • After the key agreement, all communications use the symmetric cryptography • Advantages: • • • •
There is no distributed symmetric key to be securely stored All computers have a their own pair of asymmetric keys The symmetric key is used for just one communication session The major part of the communication uses the symmetric (faster) algorithm 34
major problem
• To establish the secure communication using the asymmetric cryptography, the source must obtain the public key from the destination • Public keys are public, they are distributed by the source to anyone who asks it • The problem arises in this public nature: when the source receives the public key of the destination, how it knows if this is the correct key for the destination. • It might be a false key, sent by an invader trying to take the destination messages • The problem is: How to bind the public key with the identity of the machine?
35
certification
certificates
• Certificates bind the identity of a user (machine) with its own public key • Certificates are issued by Certificate Authorities (CA) • A certificate contains the identity of the machine, its public key, the time it was issued, the validity. All this information is signed by Certificate Authority, i.e. the CA encrypts the information with its own private key • Any user can verify this information using the public key of the CA
37
certificate authority
from: Cryptography and Network Security (4th Edition) - William Stallings 38
certificate authority
39
certificates
• Problem: How to bind the public key of the CA with the CA identity? • CAs public keys are pre-installed in ”all” Internet browsers / Operational Systems • Thus, computers already known the identity and the public key of the CAs, and they can use this information to validate certificated issued by these CAs.
40
Alternative Cryptographic Models
41
table of contents
4. Identity-Based Cryptography
5. Hierarchical Identity-Based Encryption
6. Self-Certified Public Key Cryptography
7. Certificateless Public Key Cryptography
42
public key cryptography problems
1. Dependence on a public-key infrastructure. 2. High computational cost 3. Certificate revocation process has known vulnerabilities and is not so fast and convenient. 4. Authenticity proof of the public key owner.
43
identity-based cryptography
identity based cryptography
Characteristics • No need for a repository for public key storage. • Low computational cost. • Possibility of implementation: • • • • •
Hierarchical Models Ring Signature Short Signature Group Signature Conditional Availability
45
identity based cryptography
Shamir Scheme The scheme proposed by Shamir, 1984 pioneered respect to Identity Based Cryptography, commonly known as IBC, allowing secure communication without the need to use digital certificates provided by a certificate authority. Other Schemes Other schemes have been proposed to improve performance or reduce existing vulnerabilities in the IBC scheme. The Boneh and Franklin, 2001 scheme, it was the first model that originated the current IBC implementations, and a more practical , present in several commercial products already on the market.
46
pkc x ibc
PKC • For the public key revocation, it is necessary to request to the Certifying Authority for this revocation. • Limitations of the features in a digital certificate IBC • Ideal for groups or business partners. • Easy revocation through conditional authentications. • Key Escrow Problem.
47
identity based encryption
IBE at a glance 1. Proposed by Shamir, 1984. 2. The public key is some user identification. 3. The private key is calculated by PKG. 4. Some models, like Boneh and Franklin, 2001 model, have implementation for sending e-mail. 5. Boneh and Boyen, 2004; Boneh, Boyen and Goh, 2005; Gentry and Silverberg, 2002; Yao et al., 2004 hierarchical models don’t have implementation, only theoreticals models.
48
Phases of an IBC generic scheme • setup: PKG creates private key skPKG and public pkPKG . • extract: Bob authenticate himself with PKG and take private key skIDBob that is associated with his identity IDBob . • encrypt: Using Bob ID, IDBob , and pkPKG , Alice encrypt her message M and take ciphered text C. • decrypt: Getting C from Alice, Bob decrypt the message M with your private key skIDBob .
Bob
Bob
49
ibe models
• Encryption and Signature Shamir, 1984 • Use of Pairing for cryptosystem construction Sakai, Ohgishi and Kasahara, 2000 • Weil Pairing Boneh and Franklin, 2001 • Quadratic Residues Cocks, 2001: • Without pairing; • used in Boneh, Gentry and Hamburg, 2007 for Space-Efficient IBE.
• More details in Misaghi, 2008
50
hierarchical identity-based encryption
hierarchical identity-based encryption - hibe
• Proposed by Gentry and Silverberg, 2002 • Extension of Boneh and Franklin, 2001 model. • Delegate public key generation and authentication to lower levels of hierarchy. • Reduce overhead of Central PKG.
52
hierarchical identity-based encryption - hibe (cont.)
• Possibility to eliminate Key Escrow. • Forward security and Broadcast Encryption proposed by Yao et al., 2004. • Compact HIBE with fewer parameters for HIBE construction proposed by Chen and Wee, 2013.
53
identity-based key agreement schemes - ibka Key Agreement Protocol Key agreement protocol is a protocol that a signature scheme or encryption scheme need for authenticate the related parties in exchange or distribution keys process.Provides implicit key authentication from an entity to other entity. • Use of Weil pairing and mutual implicit authentication by Smart, 2002 • Use of Tate pairing and Diffie-Hellman Bilinear Problem Difficulty Scott, 2002. • With or Without Key Escrow McCullagh and Barreto, 2004. Very efficient scheme. • Efficient Identity-Based and Authenticated Key Agreement Protocol Y. Wang, 2013. Use Tate/Weil pairing. 54
self-certified public key cryptography
self-certified public key cryptography - sc-pkc
• Proposed by Girault, 1991. • The public key itself contains association warranty with its owner. • SC-PKC reduce the amount of storage and computations in public key schemes. • Private keys are still chosen by the user himself and remain unknown to the authority. • There is a trusted entity that assists in public key generation.
56
sc-pkc: how works? More info on Goya et al., 2009 • The public key is auto-certified. It depends: • User’s ID; • User’s Secret; • Authority’s Secret
• Key pair generation: • Interactive protocol between user and authority; • User choose your private key; • The user and authority prove know their secrets without reveal them; • Interactively, they calculate the public key value; • The public key may be generated by user or authority; • Only user knows his private key (Without key escrow).
57
sc-pkc - characteristics
Advantages • Without Key Escrow; • Without certificate distribution; • Implicit certification. Disadvantages • Without formal model; • Without trust encryption scheme; • Without security model for encryption and key agreement.
58
sc-pkc - applicabilities
Petersen and Horster, 1997 • Delegation of power of decrypt; • Delegation of power of sign; • Delegation of rights. • Electronic voting; • Electronic money; • Key agreement with authentication.
59
certificateless public key cryptography
certificateless public key cryptography - cl-pkc
More info on Goya et al., 2009 • Proposed by Al-Riyami and Paterson, 2003. • Combination of ideas of self-certified models and identity-based models: • Use the identity as a part of public key; • Dispenses digital certificates (implicit certification); • Without key escrow.
61
cl-pkc: how works? There is a Trust Authority - TA: • Holds private master key; • Identifies and records all users; • Calculates partial private keys of users , using: • User’s private master key • User identity
• Delivery partial keys securely; • The user: • Choose a secret; • Generate his public key, from this secret; • Spread public key and can receive ciphered text
After recieve a partial key from TA, user: • Generate complete private key, joining his secret and the partial private key; • With complete private key, he can decrypt and sign. 62
cl-pkc - applicabilities
• Ideal for closed groups; • The same use as IBC models, but when: • Key escrow is undesirable. • Survival is desired to even with the master key compromise
63
Applications
64
table of contents
8. Identity-Based 9. Hierarchical IBC 10. Certificateless 11. Self-certificate public key 12. Other examples
65
identity-based
identity-based
• Concept introduced by Shamir, 1984. • Boneh and Franklin, 2001 show the first practical ID-based encryption scheme. • Based on user’s identity, the public key is an arbitrary string that identifies the user. • The original motivation was to simplify certificate management in e-mail systems. • Requires a trusted authority, and key master guardian, called Private Key Generator (PKG).
67
Towards a fully self-organized identity-based key management system for MANETs (2013)
68
i-fuso - fully self-organized id-based km for manets Mobile Ad Hoc Networks • Infrastructureless, self-organized and autonomous networks • Several application scenarios: • Battlefields, disaster rescue, multi-user games, and so on
• Composed by mobile and heterogeneous devices
69
i-fuso - fully self-organized id-based km for manets Security treats • Dynamic behavior allows: • Network partitioning and disconnections
• Dynamic topology requires: • Distributed security mechanisms
• Cryptography → used to provide security • Symmetric and asymmetric cryptosystems • Require the use of keys
• ID-based schemes → simple and with reduced memory storage cost 70
i-fuso - fully self-organized id-based km for manets Identity-based schemes • The node or user identity → used to derive its public key • Private key → provided by a trusted entity, called Private Key Generator (PKG) • Main problem: • Centralized entity to act as the PKG • Violates the self-organization nature of MANETs • Requires a fully trusted entity • Can be a single point of failure on the system
• PKG knows the master private key • Able to decrypt or sign messages for any client → “key escrow”
• How to overcome these problems? • Many solutions were proposed → do not consider all characteristics and challenges of MANETs 71
i-fuso - fully self-organized id-based km for manets
Project and authors • Proposed by Silva and Albini, 2013 • Federal University of Paraná and Catarinense Federal Institute • To provide a distributed and self-organized key management service for MANETs
72
i-fuso - fully self-organized id-based km for manets Solution • Considers an asynchronous network • n nodes → N1 , N2 , Nn • Malicious nodes can compromise at most t nodes
• Only trusted nodes participate in the group initialization • m nodes which initialize → founding nodes (NF ) • Form the distributed PKG (D-PKG) in a distribute way (m, t) • Generate the master public key and its corresponding master private key
• No node knows the master private key of the system • iFuso → allows: • Nodes to join or leave the D-PKG. • Key update and key revocation 73
i-fuso - fully self-organized id-based km for manets Results Results presented by authors show that: • operations of iFUSO are effective • Do not impose a high communication overhead • These characteristics are not found on any previous IBC system for MANETs • All operations: • Performed by nodes themselves • Fully distributed way
• Provides key revocation of malicious nodes • Ensures the key update of non-compromised nodes • Allows nodes to enter and/or leave the system • Even D-PKG members 74
Obtain confidentiality or/and authenticity in Big Data by ID-based generalized signcryption (2015)
75
id-based signcryption in big data Project and authors • Proposed by (Wei et al., 2015): • Guiyi Wei, Jun Shao, Yang Xiang, Pingping Zhu and Rongxing Lu • Zhejiang Gongshang University, Deakin University and Nanyang Technological University,
• To provide confidentiality and authenticity on Big Data solutions • Avoiding fake data and the abuse of data • Being efficient on massive scenarios
76
id-based signcryption in big data Problem and motivation
77
id-based signcryption in big data Solution • Authors propose the use of an Identity-Based Generalized Signcryption (IBGSC) • It achieves confidentiality and unforgeability under adaptive chosen-ciphertext attacks (CCA) • Composed of four algorithms: • Setup: takes a security parameter and generates the system’s public parameters and the master key. • Extraction: takes the master key and an identity u, and generates the private key corresponding to the identity u. • IBGSC: takes the message m, two identities ua (sender with its private key) and ub , and outputs the signcryptext r. • IBGUSC: takes the signcryptext r, two identities ua and ub (receiver with its private key) as input, and then checks whether r is valid. If r is valid, it outputs the message m. 78
id-based signcryption in big data Results • Results presented by authors claim that: • the proposed scheme is quite suitable for the efficiency requirement in Big Data. • it can work as an encryption scheme, a signature scheme or a signcryption scheme as per need. • it does not have the heavy burden on the complicated certificate management as the traditional cryptographic schemes. • the security proofs of the proposal can be obtained in the standard model based on the DBDH assumption and CDH assumption.
79
hierarchical ibc
hierarchical ibc
• Proposed by Gentry and Silverberg, 2002 • Extension of Boneh and Franklin, 2001 model. • Delegate public key generation and authentication to lower levels of hierarchy. • Reduce overhead of Central PKG. • Possibility to eliminate Key Escrow.
81
Strengthen Cloud Computing Security with Federal Identity Management Using Hierarchical Identity-Based Cryptography
82
cloud security with federal identity management using h-ibc Project and authors • Proposed by Yan, Rong and Zhao, 2009: • Liang Yan, Chunming Rong and Gansen Zhao • University of Stavanger and South China Normal University
• To simplify the key distribution and the mutual authentication on cloud computing • Integrate Federated identity with hierarchical identity-based cryptography
83
cloud security with federal identity management using h-ibc Problem and motivation • To provide security in a private or a public cloud is easier, when compared with a hybrid cloud. • commonly a private cloud or a public cloud only has one service provider in the cloud.
• To access the services in a cloud, a user digital identity is needed to manage the access control. • In the whole cloud, there are many different kinds of clouds and each of them has its own identity management system. • Thus, user who wants to access services from different clouds needs multiple digital identities from different clouds: • it will bring inconvenience for users.
84
cloud security with federal identity management using h-ibc Solution • By using federated identity management, each user will have his unique digital identity. • Hierarchical identity-based cryptography is used to solve the scalability problem. • With this unique identity and H-IBC, the key distribution and mutual authentication can be greatly simplified
85
cloud security with federal identity management using h-ibc Results • Results presented by authors claim that: • They have simplified the public key distribution while reduced the header size.
• Users and servers can generate secret session key without message exchange • Users and servers can authenticate each other with a simple way • Finally, authors solve the key escrow problem of traditional identity-based cryptography
86
certificateless
certificateless
• Concept introduced by Al-Riyami and Paterson (2003). • Combined ideas from identity-based with self-certified model • An intermediate approach between ID-PKC and traditional certificated PKC • Does not require the use of digital certificates to guarantee the authenticity of public keys
88
An Efficient Certificateless Encryption for Secure Data Sharing in Public Clouds
89
certificateless encryption for data sharing in public clouds Project and authors • Proposed by Seo et al., 2014: • Seung-Hyun Seo, Mohamed Yoosuf Mohamed Nabeel, Xiaoyu Ding and Elisa Bertino • Purdue University
• To solve the critical issue of data confidentiality • Aiming to widespread adoption of cloud storage services
• Shared sensitive data must be strongly secured from unauthorized accesses • To assure confidentiality of sensitive data stored, a commonly adopted approach is to encrypt the data before uploading it to the cloud
90
certificateless encryption for data sharing in public clouds Problem and motivation • To provide confidentiality of data stored in an untrusted cloud • Cloud must not be able to fully decrypt stored information • But the traditional PKC • Requires a trusted Certificate Authority (CA) • to issue digital certificates that bind users to their public keys
• Overall certificate management is very expensive and complex
91
certificateless encryption for data sharing in public clouds Solution • The use of mediated certificateless public key encryption (mCL-PKE) is proposed: • to solve the key escrow problem in identity-based encryption • and certificate revocation in public key cryptography
• Uses a pairing-free approach, to reduce the computation overhead • consequence of bilinear pairings, common on the most CL-PKC
92
certificateless encryption for data sharing in public clouds Overview
• Data owner • encrypts data using the cloud generated users’ public keys • uploads the encrypted data to the cloud
• Upon successful authorization, • cloud partially decrypts the encrypted data for the users
• The users subsequently fully decrypt the partially decrypted data using their private keys.
93
certificateless encryption for data sharing in public clouds Results • Scheme → applied to construct a practical solution • To solve: sharing sensitive information in public clouds
• The confidentiality of the context and the keys is preserved • Results shows that the scheme system implemented is effective, efficient and practical • Data retrieval, data encryption and data decryption
94
self-certificate public key
self-certificate public key cryptography - sc-pkc • Proposed by Girault, 1991. • The public key itself contains association warranty with its owner. • SC-PKC reduce the amount of storage and computations in public key schemes. • Private keys are still chosen by the user himself and remain unknown to the authority. • There is a trusted entity that assists in public key generation.
96
Fully Distributed Self Certified Key Management for Large-Scale MANETs
97
distributed self certified km for large-scale manets Project and authors • Proposed by Moradlu et al., 2013: • Zahra Moradlu, Mohammad Ali Doostari, Mohammed Gharib and Ali Movaghar • Shahed University and Sharif University of Technology
• To distribute the role of the key generation center (KGC) among all nodes • the private key is issued by distributed KGCs. • to solve the key escrow problem.
98
distributed self certified km for large-scale manets Problem and motivation • Acoording to authors, KM for MANETs presents some disadvantages: • they assume an offline KGC that pre-distributes all the keys before the network formation. • In some applications, the number of nodes cannot be specified before the network formation. • So they are not scalable.
• they need a reliable broadcasting protocol which guarantees all nodes will receive the witness value even in the case of link failures and mobility of the nodes. • finally if each node stores all the witness values, it would need more storage space.
99
distributed self certified km for large-scale manets Solution • Authors suggest a new key management scheme: • It consists of four separate phase: network initialization, network formation, new node joining and, update and revocation. • Considers a MANET without any predefined trust relationship between nodes. • Nodes can move freely in the network. • There is an off-line initiator in the initialization phase • Nodes themselves can detect whether their keys are compromised or not and when they need to update keys. • Assumes that there are at least t honest nodes in the network • to provide KGC service • in a distributed way
100
distributed self certified km for large-scale manets Results Results presented by authors claim that: • Network initialization and key update communication overhead are O(n) • compared schemes presents communication overhead of O(n2 )
• number of exchanged message are smaller • it presents similar or faster computational costs: • considering authentication, sharing of KGC and generation of keys
101
other examples
some ibe applications (i)
• Here are presented another examples of practical use of alternative cryptographic models • Just a tiny overview • More details can be found on original papers
103
key agreement
• Proposed by Smart, 2002. • Key agreement protocol is useful for implicit authentication in IBE scheme. • Use Weil pairing. • Provide implicit mutual authentication. • Provide Forward Secrecy: If a long term private key, from one or more entity is compromised,the security of previously established session keys will not be affected.
104
minimal-overhead ip security using ibc
• Proposed by Appenzeller and Lynn, 2002. • Allows encrypted and authenticated communication using IBC. • No initial handshake to establish a connection. • Low overhead and simpler key distribution. • Sender can simply send a packet encrypted with the receiver’s IP address. • Use a modified version of Boneh and Franklin, 2001.
105
signcryption
• Proposed by Barreto, Libert et al., 2005. • Use bilinear mapping. • Efficient scheme, needs only a unique pairing calculation in verification stage. • Signature stage needs two multiplications without exponentiation and pairing operations and takes 1.56 milliseconds. • Verification stage needs one multiplication and one pairing operation, takes 3.60 milliseconds.
106
ibc for grid security
• Proposed by Lim, 2006 • a fully identity-based key infrastructure for grid (IKIG).
• Lightweight one-pass delegation protocol that supports short-term identity-based keys. • Customized identity-based authenticated key agreement protocol for grid environments. • Support Single Sign-On. • Use a variation of Gentry and Silverberg, 2002 HIBE to construct IKIG. • Mutual Authentication.
107
delay and disruption tolerant networks
• Proposed by Asokan et al., 2007. • Enable better ways of providing end-to-end confidentiality. • Cross-domain operations with use of HIBE. • Does not provide any significant improvement in authentication.
108
body sensor networks
• Proposed by Tan et al., 2008. • Network of sensors deployed on a person’s body, usually for health care monitoring. • Propose lightweight IBE suitable for sensors.
109
secure machine to machine communication (m2m)
• Proposed by Adiga et al., 2012. • Use IBE to solve privacy and security issues M2M communications for Internet of Things (IoT) applications. • Use Tate Pairing. • Use fast cryptographic algorithms based on BN curves Barreto and Naehrig, 2006. • Use mobile phones as nodes of M2M communications for IoT applications.
110
t-ip: a self-trustworthy and secure internet protocol
• Proposed by X. Wang et al., 2014. • Self-Trustworthy IP address. • Low connection latency and transmission overhead. • Compatible with the existing TCP/IP architecture. • T-IP has a much lower transmission overhead and connection latency.
111
mobile applications
• Proposed by Mora-Afonso and Caballero-Gil, 2014. • Use IBC to protect communications. • Combines the use of IBC for Wi-Fi or Bluetooth communication between smartphones, with the promising Near Field Communication (NFC) technology for secure authentication. • Simple, efficient, energy-saving, functional and practical.
112
secure mobile access to sensitive data
• Proposed by Deng et al., 2015 • New encryption paradigm to meet the security requirements in mobile access to sensitive data. • Use Identity-Based Broadcast Encryption - IBBE. • Convert encrypted data for resource-asymmetric computing device.
113
key establishment framework for wireless mesh network wmn
• Proposed by Sarvabhatla, Reddy and Vorugunti, 2015. • Based on Tripathy and Sahoo, 2012. • Light weight authentication framework for WMN. • Strong mutual authentication. • 13.12% faster than ibid. scheme in hash function
114
authentication scheme for cloud-based storage applications
• Proposed by Medhioub, Hamdi and Kim, 2016. • Cost efficient architecture. • Use IBC to protection of cloud storage infrastructures. • New authentication scheme for Cloud-based Storage applications.
115
The End Thank you!
116
bibliography
references Adiga, B. S. et al. (2012). ‘An Identity Based Encryption Using Elliptic Curve Cryptography for Secure M2M Communication’. In: Proceedings of the First International Conference on Security of Internet of Things. SecurIT ’12. Kollam, India: ACM, pp. 68–74. isbn: 978-1-4503-1822-8. doi: 10.1145/2490428.2490438. url: http://doi.acm.org/10.1145/2490428.2490438. Appenzeller, Guido and Ben Lynn (2002). Minimal-Overhead IP Security using Identity-Based Encryption. Disponível em: http://rooster.stanford.edu/~ben/pubs/ipibe.pdf.
117
bibliography (cont.)
Asokan, N. et al. (2007). ‘Applicability of identity-based cryptography for disruption-tolerant networking’. In: MobiOpp ’07: Proceedings of the 1st international MobiSys workshop on Mobile opportunistic networking. San Juan, Puerto Rico: ACM, pp. 52–56. isbn: 978-1-59593-688-2. doi: http://doi.acm.org/10.1145/1247694.1247705. Barreto, Paulo S. L. M., Benoit Libert et al. (2005). ‘Efficient and Provabley-Secure Identity-Based Signatures and Signatures and Signcryption from Bilinear Maps’. In: Asiacrypt 2005. Ed. by B. Roy. Vol. 3788. Lecture Notes in Computer Science. Springer, pp. 515–532. isbn: 3-540-30684-6.
118
bibliography (cont.) Barreto, Paulo S. L. M. and Michael Naehrig (2006). ‘Pairing-Friendly Elliptic Curves of Prime Order’. In: Selected Areas in Cryptography: 12th International Workshop, SAC 2005, Kingston, ON, Canada, August 11-12, 2005, Revised Selected Papers. Ed. by Bart Preneel and Stafford Tavares. Berlin, Heidelberg: Springer Berlin Heidelberg, pp. 319–331. isbn: 978-3-540-33109-4. doi: 10.1007/11693383_22. url: http://dx.doi.org/10.1007/11693383_22. Boneh, Dan and Xavier Boyen (2004). ‘Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles’. In: Advances in Cryptology—EUROCRYPT 2004. Vol. 3027. Lecture Notes in Computer Science. Disponível em: http://www.cs.stanford.edu/~xb/eurocrypt04b/. Berlin: Springer-Verlag, pp. 223–238.
119
bibliography (cont.) Boneh, Dan, Xavier Boyen and Eu-Jin Goh (2005). Hierarchical Identity Based Encryption with Constant Size Ciphertext. Cryptology ePrint Archive, Report 2005/015. Disponível em: http://eprint.iacr.org/2005/015. Boneh, Dan and Matthew K. Franklin (2001). ‘Identity-Based Encryption from the Weil Pairing’. In: CRYPTO ’01: Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology. London, UK: Springer-Verlag, pp. 213–229. isbn: 3-540-42456-3. Boneh, Dan, Craig Gentry and Michael Hamburg (2007). ‘Space-Efficient Identity Based Encryption Without Pairings’. In: FOCS ’07: Proceedings of the 48th Annual IEEE Symposium on Foundations of Computer Science. Washington, DC, USA: IEEE Computer Society, pp. 647–657. isbn: 0-7695-3010-9. doi: http://dx.doi.org/10.1109/FOCS.2007.64.
120
bibliography (cont.)
Chen, Jie and Hoeteck Wee (2013). ‘Fully, (Almost) Tightly Secure IBE and Dual System Groups’. In: Advances in Cryptology – CRYPTO 2013: 33rd Annual Cryptology Conference, Santa Barbara, CA, USA, August 18-22, 2013. Proceedings, Part II. Ed. by Ran Canetti and Juan A. Garay. Berlin, Heidelberg: Springer Berlin Heidelberg, pp. 435–460. isbn: 978-3-642-40084-1. doi: 10.1007/978-3-642-40084-1_25. url: http://dx.doi.org/10.1007/978-3-642-40084-1_25. Cocks, Clifford (2001). ‘An Identity Based Encryption Scheme Based on Quadratic Residues’. In: Proceedings of the 8th IMA International Conference on Cryptography and Coding. London, UK: Springer-Verlag, pp. 360–363. isbn: 3-540-43026-1.
121
bibliography (cont.) Deng, Hua et al. (2015). ‘Asymmetric Cross-cryptosystem Re-encryption Applicable to Efficient and Secure Mobile Access to Outsourced Data’. In: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security. ASIA CCS ’15. Singapore, Republic of Singapore: ACM, pp. 393–404. isbn: 978-1-4503-3245-3. doi: 10.1145/2714576.2714632. url: http://doi.acm.org/10.1145/2714576.2714632. Gentry, Craig and Alice Silverberg (2002). ‘Hierarchical ID-Based Cryptography’. In: ASIACRYPT ’02: Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security. London, UK: Springer-Verlag, pp. 548–566. isbn: 3-540-00171-9. Girault, M. (1991). ‘Self-Certified Public Keys’. In: EuroCrypt91. LCNS vol.547. Brighton, UK: Springer, pp. 490–497.
122
bibliography (cont.) Goya, Denise et al. (2009). Modelos de Criptografia de Chave Pública Alternativos. Minicurso de IX Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg 2009). Lim, Hoon Wei (2006). ‘On the Application of Identity-Based Cryptography In Grid Security’. Doutorado. University of London. McCullagh, Noel and Paulo S. L. M. Barreto (2004). A New Two-Party Identity-Based Authenticated Key Agreement. Cryptology ePrint Archive, Report 2004/122. Disponível em: http://eprint.iacr.org/2004/122. Medhioub, Manel, Mohamed Hamdi and Tai-Hoon Kim (2016). ‘A New Authentication Scheme for Cloud-based Storage Applications’. In: Proceedings of the 9th International Conference on Security of Information and Networks. SIN ’16. Newark, NJ, USA: ACM, pp. 57–60. isbn: 978-1-4503-4764-8. doi: 10.1145/2947626.2951963. url: http://doi.acm.org/10.1145/2947626.2951963.
123
bibliography (cont.) Misaghi, Mehran (2008). ‘Um Ambiente Criptográfico Baseado na Identidade’. Doutorado. Escola Politécnica, Universidade de São Paulo. Mora-Afonso, V. and P. Caballero-Gil (2014). ‘Using Identity-Based Cryptography in Mobile Applications’. In: International Joint Conference SOCO’13-CISIS’13-ICEUTE’13: Salamanca, Spain, September 11th-13th, 2013 Proceedings. Ed. by Álvaro Herrero et al. Cham: Springer International Publishing, pp. 527–536. isbn: 978-3-319-01854-6. doi: 10.1007/978-3-319-01854-6_54. url: http://dx.doi.org/10.1007/978-3-319-01854-6_54. Moradlu, Zahra et al. (2013). ‘Fully Distributed Self Certified Key Management for Large-Scale MANETs’. In: Proceedings of the 2013 IEEE 10th International Conference on Ubiquitous Intelligence & Computing and 2013 IEEE 10th International Conference on Autonomic & Trusted Computing. UIC-ATC ’13. Washington, DC, USA: IEEE Computer Society, pp. 96–102. isbn: 978-1-4799-2482-0. doi: 10.1109/UIC-ATC.2013.60. 124
bibliography (cont.) Petersen, H. and P. Horster (1997). Self-certified keys - Concepts and Applications. url: citeseer.ist.psu.edu/petersen97selfcertified.html. Al-Riyami, Sattam S. and Kenneth G. Paterson (2003). ‘Certificateless Public Key Cryptography’. In: Advances in Cryptology - ASIACRYPT 2003, 9th International Conference on the Theory and Application of Cryptology and Information Security. Vol. 2894. Lecture Notes in Computer Science. Taipei, Taiwan: Springer. isbn: 3-540-20592-6. url: http://eprint.iacr.org/2003/126. Sakai, R., K. Ohgishi and M. Kasahara (2000). ‘Cryptosystems based on pairing’. In: Symposium on Cryptography and Information Security (SCIS2000). Okinawa, Japan: Inst. of Electronics, Information and Communication Engineers, pp. 26–28.
125
bibliography (cont.) Sarvabhatla, Mrudula, M. ChandraMouli Reddy and Chandra Sekhar Vorugunti (2015). ‘A Secure and Light Weight Authentication and Key Establishment Framework for Wireless Mesh Network’. In: Proceedings of the Third International Symposium on Women in Computing and Informatics. WCI ’15. Kochi, India: ACM, pp. 539–544. isbn: 978-1-4503-3361-0. doi: 10.1145/2791405.2791412. url: http://doi.acm.org/10.1145/2791405.2791412. Scott, Michael (2002). Authenticated ID-based Key Exchange and remote log-in with simple token and PIN number. Cryptology ePrint Archive, Report 2002/164. Disponível em: http://eprint.iacr.org/2002/164. Seo, S. H. et al. (2014). ‘An Efficient Certificateless Encryption for Secure Data Sharing in Public Clouds’. In: IEEE Transactions on Knowledge and Data Engineering 26.9, pp. 2107–2119. issn: 1041-4347. doi: 10.1109/TKDE.2013.138.
126
bibliography (cont.) Shamir, Adi (1984). ‘Identity-Based Cryptosystems and Signature Schemes.’ In: CRYPTO, pp. 47–53. Silva, E. da and L. C. P. Albini (2013). ‘Towards a fully self-organized identity-based key management system for MANETs’. In: Proceedings of the 2013 IEEE 9th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), pp. 717–723. doi: 10.1109/WiMOB.2013.6673435. Smart, N. P. (2002). ‘An identity based authenticated key agreement protocol based on the Weil pairing’. In: Electronics Letters 38.13, pp. 630–632. issn: 00135194. Tan, Chiu C. et al. (2008). ‘Body Sensor Network Security: An Identity-based Cryptography Approach’. In: Proceedings of the First ACM Conference on Wireless Network Security. WiSec ’08. Alexandria, VA, USA: ACM, pp. 148–153. isbn: 978-1-59593-814-5. doi: 10.1145/1352533.1352557. url: http://doi.acm.org/10.1145/1352533.1352557. 127
bibliography (cont.)
Tripathy, Somanath and Debasish Sahoo (2012). ‘WAKE: Authentication and Key Establishment for Wireless Mesh Network’. In: Recent Trends in Computer Networks and Distributed Systems Security - International Conference, SNDS 2012, Trivandrum, India, October 11-12, 2012. Proceedings, pp. 64–74. doi: 10.1007/978-3-642-34135-9_7. Wang, Xiaofeng et al. (2014). ‘POSTER: T-IP: A Self-Trustworthy and Secure Internet Protocol with Full Compliance to TCP/IP’. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. CCS ’14. Scottsdale, Arizona, USA: ACM, pp. 1520–1522. isbn: 978-1-4503-2957-6. doi: 10.1145/2660267.2662371. url: http://doi.acm.org/10.1145/2660267.2662371.
128
bibliography (cont.)
Wang, Yongge (2013). ‘Efficient Identity-Based and Authenticated Key Agreement Protocol’. In: Transactions on Computational Science XVII. Ed. by Marina L. Gavrilova and C. J. Kenneth Tan. Berlin, Heidelberg: Springer Berlin Heidelberg, pp. 172–197. isbn: 978-3-642-35840-1. doi: 10.1007/978-3-642-35840-1_9. url: http://dx.doi.org/10.1007/978-3-642-35840-1_9. Wei, Guiyi et al. (2015). ‘Obtain Confidentiality or/and Authenticity in Big Data by ID-based Generalized Signcryption’. In: Information Sciences: an International Journal 318.C, pp. 111–122. issn: 0020-0255. doi: 10.1016/j.ins.2014.05.034. url: http://dx.doi.org/10.1016/j.ins.2014.05.034.
129
bibliography (cont.) Yan, Liang, Chunming Rong and Gansen Zhao (2009). ‘Strengthen Cloud Computing Security with Federal Identity Management Using Hierarchical Identity-Based Cryptography’. In: Proceedings of the First International Conference on Cloud Computing (CloudCom 2009). Ed. by Martin Gilje Jaatun, Gansen Zhao and Chunming Rong. Berlin, Heidelberg: Springer Berlin Heidelberg, pp. 167–177. isbn: 978-3-642-10665-1. doi: 10.1007/978-3-642-10665-1_15. Yao, Danfeng et al. (2004). ‘ID-based encryption for complex hierarchies with applications to forward security and broadcast encryption’. In: CCS ’04: Proceedings of the 11th ACM conference on Computer and communications security. Washington DC, USA: ACM Press, pp. 354–363. isbn: 1-58113-961-6. doi: http://doi.acm.org/10.1145/1030083.1030130.
130
