Security-Mediated Certificateless Cryptography

Key management is one of the important issues in ensuring the security of network services. The aim of key management is to ensure availability of the keys at both the receiver's and the sender's ends. Key management involves two aspects: key distribution and key revocation. Key distribution involves the distribution of keys to various nodes with secrecy to provide authenticity and privacy. Key revocation involves securely and efficiently managing the information about the keys which have been compromised. This paper presents the geographic server distributed model for key revocation which concerns about the security and performance of the system. The concept presented in this paper is more reliable, faster and scalable than the existing Public Key Infrastructure (PKI) framework in various countries, as it provides optimization of key authentication in a network. It proposes auto-seeking of a geographically distributed certifying authority's key revocation server, which holds the revocation lists by the client, based on the best service availability. The network is divided itself into the strongest availability zones (SAZ), which automatically allows the new receiver to update the address of the authentication server and replace the old address with the new address of the SAZ, in case it moves to another location in the zone, or in case the server becomes unavailable in the same zone. In this way, it reduces the time to gain information about the revocation list and ensures availability and, thus, improvement of the system as a whole. Hence, the proposed system results in scalable, reliable and faster PKI infrastructure and will be attractive for the users who frequently change their location in the network. Our scheme eases out the revocation mechanism and enables key revocation in the legacy systems. It discusses the architecture as well as the performance of our scheme as compared to the existing scheme. However, our scheme does not call for the entire change in PKI, but is compatible with the existing scheme. Our simulations show that the proposed scheme is better for key revocation.

show abstract

“…They are the list-based revocation schemes, tree-based schemes [16] and the intermediate server scheme [17].…”

Section: Related Workmentioning

confidence: 99%

Geographic server distribution model for key revocation

et al. 2010

View full text Add to dashboard Cite

show abstract

“…Later on, this notion was further generalized as security mediated certificateless (SMC) cryptography [11], [48]. In a SMC system, a user has a secret key, public key and an identity.…”

Section: Cryptosystems With Online Authoritymentioning

confidence: 99%

Two-Factor Data Security Protection Mechanism for Cloud Storage System

Liu

Liang

Susilo

et al. 2016

IEEE Trans. Comput.

View full text Add to dashboard Cite

In this paper, we propose a two-factor data security protection mechanism with factor revocability for cloud storage system. Our system allows a sender to send an encrypted message to a receiver through a cloud storage server. The sender only needs to know the identity of the receiver but no other information (such as its public key or its certificate). The receiver needs to possess two things in order to decrypt the ciphertext. The first thing is his/her secret key stored in the computer. The second thing is a unique personal security device which connects to the computer. It is impossible to decrypt the ciphertext without either piece. More importantly, once the security device is stolen or lost, this device is revoked. It cannot be used to decrypt any ciphertext. This can be done by the cloud server which will immediately execute some algorithms to change the existing ciphertext to be un-decryptable by this device. This process is completely transparent to the sender. Furthermore, the cloud server cannot decrypt any ciphertext at any time. The security and efficiency analysis show that our system is not only secure but also practical. Abstract-In this paper, we propose a two-factor data security protection mechanism with factor revocability for cloud storage system. Our system allows a sender to send an encrypted message to a receiver through a cloud storage server. The sender only needs to know the identity of the receiver but no other information (such as its public key or its certificate). The receiver needs to possess two things in order to decrypt the ciphertext. The first thing is his/her secret key stored in the computer. The second thing is a unique personal security device which connects to the computer. It is impossible to decrypt the ciphertext without either piece. More importantly, once the security device is stolen or lost, this device is revoked. It cannot be used to decrypt any ciphertext. This can be done by the cloud server which will immediately execute some algorithms to change the existing ciphertext to be un-decryptable by this device. This process is completely transparent to the sender. Furthermore, the cloud server cannot decrypt any ciphertext at any time. The security and efficiency analysis show that our system is not only secure but also practical.

show abstract

“…The weak security is sufficient for the application of certificateless cryptography. The detailed discussion about the difference between weak security and strong security in certificateless cryptography can be found in [38][39][40].…”

Section: Introductionmentioning

confidence: 99%

Certificateless hybrid signcryption

Shirase

Takagi

2013

Mathematical and Computer Modelling

View full text Add to dashboard Cite

a b s t r a c tSigncryption is a cryptographic primitive that fulfills both the functions of digital signature and public key encryption simultaneously, at a cost significantly lower than that required by the traditional signature-then-encryption approach. In this paper, we address a question of whether it is possible to construct a hybrid signcryption scheme in the certificateless setting. This question seems to have never been addressed in the literature. We answer the question positively in this paper. In particular, we extend the concept of signcryption tag-KEM to the certificateless setting. We show how to construct a certificateless signcryption scheme using certificateless signcryption tag-KEM. We also give an example of certificateless signcryption tag-KEM.

show abstract

Security-Mediated Certificateless Cryptography

Cited by 51 publications

References 17 publications

Geographic server distribution model for key revocation

Geographic server distribution model for key revocation

Two-Factor Data Security Protection Mechanism for Cloud Storage System

Certificateless hybrid signcryption

Contact Info

Product

Resources

About