Certificateless cryptography

Abstract: The deployment of cloud storage services has significant benefits in managing data for users. However, it also causes many security concerns, and one of them is data integrity. Public verification techniques can enable a user to employ a third-party auditor to verify the data integrity on behalf of her/him, whereas existing public verification schemes are vulnerable to procrastinating auditors who may not perform verifications on time. Furthermore, most of public verification schemes are constructed on the public key infrastructure (PKI), and thereby suffer from certificate management problem. In this paper, we propose a c ertificateless p ublic v erification scheme against p rocrastinating a uditors (CPVPA) by using blockchain technology . The key idea is to require auditors to record each verification result into a transaction on a blockchain. Because transactions on the blockchain are time-sensitive, the verification can be time-stamped after the transaction is recorded into the blockchain, which enables users to check whether auditors perform the verifications at the prescribed time. Moreover, CPVPA is built on certificateless cryptography, and is free from the certificate management problem. We present rigorous security proofs to demonstrate the security of CPVPA, and conduct a comprehensive performance evaluation to show that CPVPA is efficient.

Abstract: Wireless body area networks (WBANs) consist of many small low-power sensors, through which users could monitor the real-time parameters of patients' physiology remotely. This capability could improve medical care and the monitoring of patients. WBAN devices typically have limited computing, storage, power, and communication capabilities. These limitations restrict the applications that WBANs can support. To enhance the capabilities of WBANs, the concept of cloud-assisted WBANs has been introduced recently. By using cloud computing technologies, cloud-assisted WBANs can provide more efficient processing of patients' physiology parameters and support richer services. In cloud-assisted WBANs, the data of patients' physiology are stored in the cloud. The integrity of the data is very important because these data will be used to provide a medical diagnosis and other medical treatments. To address the issue of integrity in cloud-assisted WBANs, we propose an efficient certificateless public auditing (CLPA) scheme. A security analysis of our proposed CLPA scheme shows that it is provably secure against two types of adversaries (i.e., a type-I adversary can replace users' public keys, and a type-II adversary can access the master key) in an environment of certificateless cryptography. A detailed performance analysis demonstrates that the proposed CLPA scheme yields better performance over a previously proposed CLPA scheme.

Abstract: Certificateless cryptography inherits a solution to the certificate management problem in public-key encryption from identity-based techniques, whilst removing the secret key escrow functionality inherent to the identity-based setting. Signcryption schemes achieve confidentiality and authentication simultaneously by combining public-key encryption and digital signatures, offering better overall performance and security. In this paper, we introduce the notion of certificateless signcryption and present an efficient construction which guarantees security under insider attacks, and therefore provides forward secrecy and non-repudiation.

Abstract: “Certificateless Public Key Cryptography” has very appealing features, namely it does not require any public key certification (cf traditional Public Key Cryptography) nor having key escrow problem (cf Identity-Based Cryptography) Unfortunately, construction of Certificateless Public Key Encryption (CLPKE) schemes has so far depended on the use of Identity-Based Encryption, which results in the bilinear pairing-based schemes that need costly operations In this paper, we consider a relaxation of the original model of CLPKE and propose a new CLPKE scheme that does not depend on the bilinear pairings We prove that in the random oracle model, our scheme meets the strong security requirements of the new model of CLPKE such as security against public key replacement attack and chosen ciphertext attack, assuming that the standard Computational Diffie-Hellman problem is intractable