Results 1 -
9 of
9
Separable identity-based ring signatures: Theoretical foundations for fighting phishing attacks
, 2005
"... Email phishing attacks are one of today’s most common and costly forms of digital identity theft, where an adversary tricks a user into revealing their personal information by impersonating an established company. Such attacks could be mitigated with digitally-signed emails, if these signatures did ..."
Abstract
-
Cited by 15 (1 self)
- Add to MetaCart
(Show Context)
Email phishing attacks are one of today’s most common and costly forms of digital identity theft, where an adversary tricks a user into revealing their personal information by impersonating an established company. Such attacks could be mitigated with digitally-signed emails, if these signatures did not: (1) destroy the traditional repudiability of email, and (2) require the unrealistic, widespread adoption of a Public-Key Infrastructure (PKI). In order to overcome these obstacles, we introduce, define, and implement separable (a.k.a. crossdomain) identity-based ring signatures (SIBR, pronounced “cyber, ” signatures). The ring structure of these signatures provides repudiability. With identity-based public keys, a full PKI is no longer required. Separability allows ring constructions across different identity-based master key domains. Together, these properties make SIBR signatures a practical solution to the email spoofing problem. Our construction yields a number of interesting components. First, we present several novel proofs of knowledge of bilinear map pre-images. We then present new identity-based identification (IBI) and signature (IBS) schemes based on these proofs. We note how our constructions share system parameters with the existing identity-based encryption schemes of Boneh-Franklin and Waters, thereby forming complete identity-based cryptosystems. We finally construct the first SIBR signature schemes by transforming our new signature schemes and certain other signature schemes.
Providing Privacy through Plausibly Deniable Search
- In SDM
, 2009
"... Query-based web search is an integral part of many people’s daily activities. Most do not realize that their search history can be used to identify them (and their interests). In July 2006, AOL released an anonymized search query log of some 600K randomly selected users. While valuable as a research ..."
Abstract
-
Cited by 13 (2 self)
- Add to MetaCart
(Show Context)
Query-based web search is an integral part of many people’s daily activities. Most do not realize that their search history can be used to identify them (and their interests). In July 2006, AOL released an anonymized search query log of some 600K randomly selected users. While valuable as a research tool, the anonymization was insufficient: individuals were identified from the contents of the queries alone [2]. Government requests for such logs increases the concern. To address this problem, we propose a client-centered approach of plausibly deniable search. Each user query is substituted with a standard, closely-related query intended to fetch the desired results. In addition, a set of k-1 cover queries are issued; these have characteristics similar to the standard query but on unrelated topics. The system ensures that any of these k queries will produce the same set of k queries, giving k possible topics the user could have been searching for. We use a Latent Semantic Indexing (LSI) based approach to generate queries, and evaluate on the DMOZ [10] webpage collection to show effectiveness of the proposed approach. 1
Deniable Internet Key Exchange
, 2007
"... In this work, we develop a family of protocols for deniable Internet Key-Exchange (IKE) with the following properties: • Highly practical efficiency, and conceptual simplicity and clarity. • Forward and concurrent (non-malleable) deniability against adversaries with arbitrary auxiliary inputs, and b ..."
Abstract
-
Cited by 3 (0 self)
- Add to MetaCart
In this work, we develop a family of protocols for deniable Internet Key-Exchange (IKE) with the following properties: • Highly practical efficiency, and conceptual simplicity and clarity. • Forward and concurrent (non-malleable) deniability against adversaries with arbitrary auxiliary inputs, and better privacy protection of players ’ roles. • Provable security in the Canetti-Krawczyk post-specified-peer model, and maintenance of essential security properties not captured by the Canetti-Krawczyk security model. • Compatibility with the widely deployed and standardized SIGMA (i.e., the basis of IKEv2) and (H)MQV protocols, when parties possess DL public-keys. Our protocols could potentially serve, in part, as either the underlying basis or a useful alternative for the next generation of IKE (i.e., IKEv3) of IPsec (in particular, when deniability is desired). In view of the wide deployment and use of IKE and increasing awareness of privacy protection (especially for E-commerce over Internet), this work is naturally of practical interest.
Cryptanalysis on Improved Chou et al.’s ID-Based Deniable Authentication Protocol
"... A deniable authentication protocol enables the protocol participants to authenticate their respective peers, while able to deny their participation after the protocol execution. This protocol can be extremely useful in some practical applications such as online negotiation, online shopping and elect ..."
Abstract
-
Cited by 2 (0 self)
- Add to MetaCart
A deniable authentication protocol enables the protocol participants to authenticate their respective peers, while able to deny their participation after the protocol execution. This protocol can be extremely useful in some practical applications such as online negotiation, online shopping and electronic voting. Recently, we have improved a deniable authentication scheme proposed by Chou et al. due to its vulnerability to the key compromise impersonation attack in our previous report. However, we have later discovered that our previous enhanced protocol is vulnerable to the insider KCI attack and key replicating attack. In this paper, we will again secure this protocol against these attacks and demonstrate its heuristic security analysis. 1.
Chameleon-Based Deniable Authenticated Key Agreement Protocol
"... Abstract: As a useful means of safeguarding privacy of communications, deniable authentication has received much attention. A Chameleon-based deniable authenticated key agreement protocol is presented in this paper. The protocol has following properties. Any one of the two participants can’t present ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract: As a useful means of safeguarding privacy of communications, deniable authentication has received much attention. A Chameleon-based deniable authenticated key agreement protocol is presented in this paper. The protocol has following properties. Any one of the two participants can’t present a digital proof to convince a third party that a claimed agreement has really taken place. Once a forgery occurs, the original entity can present a digital proof to disclose the forgery.
Deniable Authentication on the Internet
"... Abstract. Deniable authentication is a technique that allows one party to send messages to another while the latter can not prove to a third party the fact of communication. In this paper, we first formalize a natural notion of deniable security and naturally extend the basic authenticator theorem b ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract. Deniable authentication is a technique that allows one party to send messages to another while the latter can not prove to a third party the fact of communication. In this paper, we first formalize a natural notion of deniable security and naturally extend the basic authenticator theorem by Bellare et al. [2] to the setting of deniable authentication. Of independent interest, this extension is achieved by defining a deniable MT-authenticator via a game. This game is essentially borrowed from the notion of universal composition [8] although we do not assume any result or background about it. Then we construct two deniable MT-authenticators: uncontrollable random oracle based and the PKI based, both of which are just 3-round protocols. The second construction assumes the receiver owns a secret key. Such a setup assumption is very popular in the real world. (Without this assumption), all the previous protocols do not have a widely satisfiable performance when applied in the Internet-like environment. Finally, as our application, we obtain key exchange protocols that is deniably secure in the real world. 1
Universally Composable Security Concurrent Deniable Authentication Based on Witness Indistinguishable
"... ..."
(Show Context)
Invisible Designated Confirmer Signatures without Random Oracles
, 2006
"... We construct the first O(1)-size designated confirmer signatures (DCS) with security in the state-of-the-art model of Camenisch and Michels, Eurocrypt 2000, without random oracles. In particular, we achieve the security notion called the "invisibility of signature" therein. ..."
Abstract
- Add to MetaCart
We construct the first O(1)-size designated confirmer signatures (DCS) with security in the state-of-the-art model of Camenisch and Michels, Eurocrypt 2000, without random oracles. In particular, we achieve the security notion called the "invisibility of signature" therein.
