Search Results (120)

As technology advances rapidly, a diverse array of Internet of Things (IoT) devices finds widespread application across numerous fields. The intelligent nature of these devices not only gives people more convenience, but also introduces new challenges especially in security when transmitting data in fog-based cloud environments. In fog computing environments, data need to be transmitted across multiple devices, increasing the risk of data being intercepted or tampered with during transmission. To securely share cloud ciphertexts, an alleged proxy re-encryption approach is a commonly adopted solution. Without decrypting the original ciphertext, such a mechanism permits a ciphertext intended for user A to be easily converted into the one intended for user B. However, to revoke the decryption privilege of data users usually relies on the system authority to maintain a user revocation list which inevitably increases the storage space. In this research, the authors come up with a fog-based proxy re-encryption system with revocable identity. Without maintaining the traditional user revocation list, the proposed scheme introduces a time-updated key mechanism. The time-update key could be viewed as a partial private key and should be renewed with different time periods. A revoked user is unable to obtain the renewed time-update key and hence cannot share or decrypt cloud ciphertexts. We formally demonstrate that the introduced scheme satisfies the security of indistinguishability against adaptively chosen identity and chosen plaintext attacks (IND-PrID-CPA) assuming the hardness of the Decisional Bilinear Diffie–Hellman (DBDH) problem in the random oracle model. Furthermore, compared with similar systems, the proposed one also has lower computational complexity as a whole. Full article

Current authentication schemes based on zero-knowledge proof (ZKP) still face issues such as high computation costs, low efficiency, and security assurance difficulty. Therefore, we propose a secure and efficient authentication scheme (SEAS) for large-scale IoT devices based on ZKP. In the initialization phase, the trusted authority creates prerequisites for device traceability and system security. Then, we propose a new registration method to ensure device anonymity. In the identity tracing and revocation phase, we revoke the real identity of abnormal devices by decrypting and updating group public keys, avoiding their access and reducing revocation costs. In the authentication phase, we check the arithmetic relationship between blind certificates, proofs, and other random data. We propose a new anonymous batch authentication method to effectively reduce computation costs, enhance authentication efficiency, and guarantee device authentication security. Security analysis and experimental results show that an SEAS can ensure security and effectively reduce verification time and energy costs. Its security and performance exceed existing schemes. Full article

In the current 5G vehicle network system, there are security issues such as wireless intrusion, privacy leakage, and remote control. To address these challenges, an improved lightweight anonymous authentication key negotiation scheme based on certificate-less aggregate signatures is proposed and its security and efficiency are analyzed. The result shows that the scheme can offer security attributes including anonymity, traceability, and revocability, as well as effective identity authentication, and it can resist forgery attacks, man-in-the-middle attacks, tampering attacks, and smart card loss attacks. Moreover, compared with similar schemes, it possesses superior security and more efficient computational efficiency and less communication overhead, thereby being more appropriate for high-speed, large-capacity, low-latency, and resource-constrained 5G vehicle network application scenarios. Full article

Vehicular ad-hoc networks (VANETs) can significantly improve the level of urban traffic management. However, the sender unlinkability has become an intricate issue in the field of VANETs’ encryption. As the sender signcrypts a message, the receiver has to use the sender’s identity or public key to decrypt it. Consequently, the sender can be traced using the same identity or public key, which poses some security risks to the sender. To address this issue, we present an unlinkable and revocable signcryption scheme (URSCS), where an efficient and powerful signcryption mechanism is adopted for communication. The sender constructs a polynomial to generate a unique session key for each communication, which is then transmitted to a group of receivers, enabling the same secret message to be sent to multiple receivers. Each time a secret message is sent, a new key pair is generated, and an anonymization mechanism is introduced to conceal the true identity of the vehicle, thus preventing malicious attackers from tracing the sender through the public key or the real identity. With the introduction of the identification public key, this scheme supports either multiple receivers or a single receiver, where the receiver can be either road side units (RSUs) or vehicles. Additionally, a complete revocation mechanism is constructed with extremely low communication overhead, utilizing the Chinese remainder theorem (CRT). Formal and informal security analyses demonstrate that our URSCS scheme meets the expected security and privacy requirements of VANETs. The performance analysis shows that our URSCS scheme outperforms other represented schemes. Full article

Authentication is a crucial security service on the Internet. In real-world applications, multiple independent trust domains often exist, with each recognizing only certain identities within their own systems. During cross-domain access, users cannot directly use their original certificates, which presents a cross-domain authentication problem. Traditional centralized schemes typically employ a trusted third party (TTP) to facilitate the transfer of identity trust across domains. These schemes inevitably inherit the vulnerabilities associated with single points of failure. In contrast, blockchain-based decentralized schemes effectively eliminate the potential threats posed by TTPs. However, the openness and transparency of the blockchain also bring new security issues, such as privacy leakage. In this paper, we propose a zk-SNARK-based anonymous scheme on the blockchain for cross-domain authentication. Specifically, our scheme adopts an authorization-then-proof structure, which strikes a delicate balance between anonymity and revocability. We provide theoretical proofs for the security of our scheme and explain how it achieves proactive revocability. Experimental evaluation results demonstrated that our scheme is both secure and efficient, and the revocation could be accomplished by introducing only 64 bytes of on-chain storage with one hash comparison. Full article

Distributed grid-connected photovoltaic (PV) generation explores several methods that produce energy at or near the point of consumption, with the aim of reducing electricity losses among transmission networks. Consequently, home on-grid PV applications have garnered increased interest from both scientific researchers and industry professionals over the last decade. Nevertheless, the growing installation of intermittent nature residential PV systems (R-PV) in low-voltage distribution networks is leading to more cautious considerations of technology limitations and PV design challenges. This conservative perspective arises from the standpoint of grid quality and security, ultimately resulting in the revocation of PV connection authorization. Hence, the design of R-PV systems should consider not only the specifications of the PV panels and load profiles but also the characteristics and requirements of the connected power grid. This project therefore seeks to enhance the design considerations of grid-connected PV systems, in order to help the end-users meet the grid codes set out by the Saudi Electricity Regulatory Authority (SERA). Since the maximum amount of generated power is essential for PV system optimization, the ratio of grid strength to maximum transmitted power was employed to ascertain the suitable capacity of the PV system, while the assessment of PV power output was utilized to specify the system size. Furthermore, a battery energy storage system (BESS) with a small size (~10% of the PV capacity) is employed to enhance the PV power quality for a dependable grid interconnection. The BESS is equipped with a versatile power controller in order to achieve the designed objectives. The obtained results show an essential advancement in terms of power quality and reliability at the customer’s connection point. Moreover, with the design assessment process, the low-voltage ride-through (LVRT) and power factor requirements can be met, in addition to the total harmonic distortion (THD) and frequency transient limitations. The proposed solution assists end-users in efficiently designing their own R-PV systems while ensuring quality and sustainability for authorized grid interconnection. Full article

Team score orienteering, a challenging and interesting sport, is gradually becoming known by the majority of sports enthusiasts. Integrating team score orienteering with the Internet can enhance the interactive experience for athletes. However, this integration increases the risk of the leakage of the athletes’ information. In order to protect the privacy of athletes, it is necessary to employ encryption. Therefore, this paper proposes an efficient lattice-based revocable certificateless public key encryption (RCL-PKE) scheme with decryption key exposure resistance (DKER). The adoption of certificateless encryption not only avoids the complex certificate management required for traditional public key encryption, but also addresses the key escrow problem of identity-based encryption, thereby significantly ensuring data security and privacy. Furthermore, the revocable mechanism enables the organizing committee to flexibly manage the athletes’ qualification for competitions, and DKER can effectively prevent the leakage of decryption keys, which further enhances data security. The constructed RCL-PKE scheme was proven to be IND-CPA secure under the learning with errors (LWE) assumption. Experiments indicated that the proposed RCL-PKE scheme had lower computation and communication costs, making it particularly suitable for team score orienteering. Full article

What are the differences in how public and private institutions of higher education, with religious schools as a subset of private colleges and universities, approach on-campus protests in a framework of civic engagement? Unfortunately, public, private, and religious schools have all restricted opportunities of speech, assembly, and protest, despite in many cases state and federal courts ruling that this is against the law. With the goal of increasing the civic capacities of students at all institutions of higher education, we propose a mechanism of partial revocation of tax exemptions at universities that do not currently uphold a robust understanding of civic engagement opportunities for all students, which will apply to any college or university receiving federal funding, consistent with the constitutional tradition of free speech still exemplified by Brandenburg v. Ohio and the “national policy” test of Bob Jones University vs. United States. In doing so, we build on the critique of exemptions in the recent work of Vincent Phillip Munoz on religious liberty. By opting only for incentives and by not even incentivizing private institutions that continue to restrict civic engagement but that do not accept federal dollars, we affirm and support a mutually beneficial ongoing dialogue among public, private, and religious schools. This dialogue, as it is sharpened and maintained in place by our recommended policies, is also consistent with pluralism as conceptualized by Jacob Levy. Full article

Ensuring security in electronic examination systems represents a significant challenge, particularly when practical considerations dictate that most involved parties cannot be fully trusted due to self-interest. To enhance the security, we introduce auditability to e-exam systems, enabling an auditing authority to verify the system integrity. This auditability not only ensures system robustness but also creates an opportunity to grant communication between candidates and examiners, allowing for clarification on unclear questions during exams. Additionally, the implementation of attribute-based certifications ensures anonymity for both candidates and examiners throughout all stages of the exam, with the option for revocation in case of audit-detected fraud. Full article

With the rapid development of the information age, smart meters play an important role in the smart grid. However, there are more and more attacks on smart meters, which mainly focus on the identity authentication of smart meters and the security protection of electricity consumption data. In this paper, an efficient lightweight smart meter authentication scheme is proposed based on the Chinese Remainder Theorem (CRT), which can realize the revocation of a single smart meter user by publishing a secret random value bound to the smart meter identity. The proposed scheme not only protects the security of smart meter electricity consumption data by using encryption, but also resists identity attacks from both internal and external adversaries by using hash functions and timestamps. Experiment shows that the proposed scheme has lower computation overhead and communication overhead than other authentication schemes and is more suitable for smart meter authentication. Full article

Internet applications rely on Secure Socket Layer (SSL)/Transport Security Layer (TSL) certifications to establish secure communication. However, the centralized nature of certificate authorities (CAs) poses a risk, as malicious third parties could exploit the CA to issue fake certificates to malicious web servers, potentially compromising the privacy and integrity of user data. In this paper, we demonstrate how the utilization of decentralized certificate verification with blockchain technology can effectively address and mitigate such attacks. We present a decentralized public key infrastructure (PKI) based on a distributed trust model, e.g., Web of Trust (WoT) and blockchain technologies, to overcome vulnerabilities like single points of failure and to prevent tampering with existing certificates. In addition, our infrastructure establishes a trusted key-ring network that decouples the authentication process from CAs in order to enhance secure certificate issuance and accelerate the revocation process. Furthermore, as a proof of concept, we present the implementation of our proposed system in the Ethereum blockchain, confirming that the proposed framework meets the five identified requirements. Our experimental results demonstrate the effectiveness of our proposed system in practice, albeit with additional overhead compared to conventional PKIs. Full article

Personal privacy protection has been extensively investigated. The privacy protection of face recognition applications combines face privacy protection with face recognition. Traditional face privacy-protection methods encrypt or perturb facial images for protection. However, the original facial images or parameters need to be restored during recognition. In this paper, it is found that faces can still be recognized correctly when only some of the high-order and local feature information from faces is retained, while the rest of the information is fuzzed. Based on this, a privacy-preserving face recognition method combining random convolution and self-learning batch normalization is proposed. This method generates a privacy-preserved scrambled facial image and an image fuzzy degree that is close to an encryption of the image. The server directly recognizes the scrambled facial image, and the recognition accuracy is equivalent to that of the normal facial image. The method ensures the revocability and irreversibility of the privacy preserving of faces at the same time. In this experiment, the proposed method is tested on the LFW, Celeba, and self-collected face datasets. On the three datasets, the proposed method outperforms the existing face privacy-preserving recognition methods in terms of face visual information elimination and recognition accuracy. The recognition accuracy is >99%, and the visual information elimination is close to an encryption effect. Full article

Applying chameleon hash functions to redactable blockchains is still challenging work. Most redactable blockchain solutions using this technique have potential problems, such as too weak decentralization performance and trapdoors with exposure risks. In addition, quantum computing also threatens the security of blockchain systems. The above two issues imply that the development of redactable blockchains is still constrained, and that quantum-resistance will be requirements for blockchain applications. Therefore, we constructed a chameleon hash function over lattices while utilizing a hierarchical identity mechanism to manage trapdoors and assign edit permissions. This variant of the chameleon hash function can support trapdoor updates and quantum-resistant performance, namely a hierarchical identity-based chameleon hash with revocable subkey (HIBCH-RS). We demonstrated the safety performance of HIBCH-RS by defining its safety concepts of collision resistance. Our HIBCH-RS scheme provides a solution for implementing a redactable blockchain with identity encryption and post-quantum cryptography. Finally, this quantum-resistant redactable blockchain was implemented on the Hyperledger Fabric blockchain platform. Full article

Revocable attribute-based encryption (RABE) provides greater flexibility and fine-grained access control for data sharing. However, the revocation process for most RABE schemes today is performed by the cloud storage provider (CSP). Since the CSP is an honest and curious third party, there is no guarantee that the plaintext data corresponding to the new ciphertext after revocation is the same as the original plaintext data. In addition, most attribute-based encryption schemes suffer from issues related to key escrow. To overcome the aforementioned issues, we present an efficient RABE scheme that supports data integrity while also addressing the key escrow issue. We demonstrate the security for our system, which is reduced to the decisional q-parallel bilinear Diffie-Hellman exponent (q-PBDHE) assumption and discrete logarithm (DL) assumption. The performance analysis illustrates that our scheme is efficient. Full article

The emerging cloud storage technology has significantly improved efficiency and productivity in the traditional electronic healthcare field. However, it has also brought about many security concerns. Ciphertext policy attribute-based encryption (CP-ABE) holds immense potential in achieving fine-grained access control, providing robust security for electronic healthcare data in the cloud. However, current CP-ABE schemes still face issues such as inflexible attribute revocation, relatively lower computational capabilities, and key management. To address these issues, this paper introduces a revocable and traceable undeniable ciphertext policy attribute-based encryption scheme (MA-RUABE). MA-RUABE not only enables fast and accurate data traceability, effectively preventing malicious user key leakage, but also includes a direct revocation feature, significantly enhancing computational efficiency. Furthermore, the introduction of a multi-permission mechanism resolves the issue of centralization of power caused by single-attribute permissions. Furthermore, a security analysis demonstrates that our system ensures resilience against chosen plaintext attacks. Experimental results demonstrate that MA-RUABE incurs lower computational overhead, effectively enhancing system performance and ensuring data-sharing security in cloud-based electronic healthcare systems. Full article