Certificate-based encryption resilient to key leakage

Certificate-based encryption (CBE) is an important class of public key encryption but the existing schemes are secure only under the premise that the decryption key (or private key) and master secret key are absolutely secret. In fact, a lot of side channel attacks and cold boot attacks can leak secret information of a cryptographic system. In this case, the security of the cryptographic system is destroyed, so a new model called leakage-resilient (LR) cryptography is introduced to solve this problem. While some traditional public key encryption and identity-based encryption with resilient-leakage schemes have been constructed, as far as we know, there is no leakage-resilient scheme in certificate-based cryptosystems. This paper puts forward the first certificate-based encryption scheme which can resist not only the decryption key leakage but also the master secret key leakage. Based on composite order bilinear group assumption, the security of the scheme is proved by using dual system encryption. The relative leakage rate of key is close to 1/3.

Efficient escrow-free identity-based signature

The notion of identity-based signature scheme (IBS) has been proven useful in some scenarios where relying on the validity of the certificates is impractical. Nevertheless, one remaining inherent problem that hinders the adoption of this cryptographic primitive in practice is due to the key escrow problem, where the private key generator (PKG) can always impersonate the user in the system. In 2010, Yuen et al. proposed the notion of IBS that does not suffer from the key escrow problem. Nevertheless, their approach relies on the judge who will later blame the malicious PKG when such a dispute occurs, assuming that the PKG is willing to collaborate. Although the approach is attractive, but unfortunately it is impractical since the malicious PKG may just refuse to collaborate when such an incident happens. In this paper, we propose a new escrow-free IBS, which enjoys three main advantages, namely key escrow free, practical and very efficient. We present a generic intuition as well as an efficient instantiation. In our approach, there is no judge involvement required, as the public can determine the malicious behaviour of PKG when such an incident happens. Further, the signature size of our instantiation is only two group elements, which outperforms the existing constructions in the literature.

Short designated verifier signature scheme and its identity-based variant

The notion of strong designated verifier signature was put forth by Jakobsson, Sako and Impagliazzo in 1996, but the formal definition was defined recently by Saeednia, Kremer and Markowitch in 2003 and revisited by Laguil- laumie and Vergnaud in 2004. In this paper, we firstly propose the notion of short strong designated verifier sig- nature scheme, and extend it to the short identity-based strong designated verifier scheme. Then, we propose the first construction of short strong designated verifier sig- nature scheme. We also extend our scheme to construct a short identity-based strong designated verifier signature scheme. The size of the signature of our schemes is the shortest compared to any existing schemes reported in the literature. We provide formal security proofs for our schemes based on the random oracle model. Finally, we also discuss an extension of our scheme to construct a short strong designated verifier signature without random oracle.

A provably secure construction of certificate-based encryption from certificateless encryption

Certificate-based encryption (CBE) and certificateless encryption (CLE) are proposed to lessen the certificate management problem in a traditional public-key encryption setting. Although they are two different notions, CBE and CLE are closely related and possess several common features. The encryption in CBE and CLE does not require authenticity verification of the recipient's public key. The decryption in both notions requires two secrets that are generated by the third party and the public key owner, respectively. Recently a generic conversion from CLE to CBE was given, but unfortunately its security proof is flawed. This paper provides an elaborate security model of CBE, based on which a provably secure generic construction of CBE from CLE is proposed. A concrete instantiation is also presented to demonstrate the application of our generic construction.

Securely outsourcing attribute-based encryption with checkability

Attribute-Based Encryption (ABE) is a promising cryptographic primitive which significantly enhances the versatility of access control mechanisms. Due to the high expressiveness of ABE policies, the computational complexities of ABE key-issuing and decryption are getting prohibitively high. Despite that the existing Outsourced ABE solutions are able to offload some intensive computing tasks to a third party, the verifiability of results returned from the third party has yet to be addressed. Aiming at tackling the challenge above, we propose a new Secure Outsourced ABE system, which supports both secure outsourced key-issuing and decryption. Our new method offloads all access policy and attribute related operations in the key-issuing process or decryption to a Key Generation Service Provider (KGSP) and a Decryption Service Provider (DSP), respectively, leaving only a constant number of simple operations for the attribute authority and eligible users to perform locally. In addition, for the first time, we propose an outsourced ABE construction which provides checkability of the outsourced computation results in an efficient way. Extensive security and performance analysis show that the proposed schemes are proven secure and practical. © 2013 IEEE.

A secure cloud computing based framework for big data information management of smart grid

Smart grid is a technological innovation that improves efficiency, reliability, economics, and sustainability of electricity services. It plays a crucial role in modern energy infrastructure. The main challenges of smart grids, however, are how to manage different types of front-end intelligent devices such as power assets and smart meters efficiently; and how to process a huge amount of data received from these devices. Cloud computing, a technology that provides computational resources on demands, is a good candidate to address these challenges since it has several good properties such as energy saving, cost saving, agility, scalability, and flexibility. In this paper, we propose a secure cloud computing based framework for big data information management in smart grids, which we call 'Smart-Frame.' The main idea of our framework is to build a hierarchical structure of cloud computing centers to provide different types of computing services for information management and big data analysis. In addition to this structural framework, we present a security solution based on identity-based encryption, signature and proxy re-encryption to address critical security issues of the proposed framework.

A strong provably secure IBE scheme without bilinear map

Identity-based encryption (IBE) allows one party to send ciphered messages to another using an arbitrary identity string as an encryption key. Since IBE does not require prior generation and distribution of keys, it greatly simplifies key management in public-key cryptography. According to the Menezes-Okamoto-Vanstone (MOV) reduction theory, the IBE scheme based on bilinear map loses the high efficiency of elliptic curve because of the requirement of large security parameters. Therefore, it is important to build a provably secure IBE scheme without bilinear map. To this end, this paper proposes an improved IBE scheme that is different from the previous schemes because this new scheme does not use symmetric encryption algorithm. Furthermore, it can be proven to be secure against adaptively chosen identity and chosen plaintext attacks in the standard model. Elaborated security and performance analysis demonstrate that this new scheme outperforms the previous ones in terms of the time complexity for encryption and decryption.

Certificate-based signature : security model and efficient construction

In Eurocrypt 2003, Gentry introduced the notion of certificate-based encryption. The merit of certificate-based encryption lies in the following features: (1) providing more efficient public-key infrastructure (PKI) that requires less infrastructure, (2) solving the certificate revocation problem, and (3) eliminating third-party queries in the traditional PKI. In addition, it also solves the inherent key escrow problem in the identity-based cryptography. In this paper, we first introduce a new attack called the “Key Replacement Attack” in the certificate-based system and refine the security model of certificate-based signature. We show that the certificate-based signature scheme presented by Kang, Park and Hahn in CT-RSA 2004 is insecure against key replacement attacks. We then propose a new certificate-based signature scheme, which is shown to be existentially unforgeable against adaptive chosen message attacks under the computational Diffie-Hellman assumption in the random oracle model. Compared with the certificate-based signature scheme in CT-RSA 2004, our scheme enjoys shorter signature length and less operation cost, and hence, our scheme outperforms the existing schemes in the literature.

Obtain confidentiality or/and authenticity in Big Data by ID-based generalized signcryption

Recently, the Big Data paradigm has received considerable attention since it gives a great opportunity to mine knowledge from massive amounts of data. However, the new mined knowledge will be useless if data is fake, or sometimes the massive amounts of data cannot be collected due to the worry on the abuse of data. This situation asks for new security solutions. On the other hand, the biggest feature of Big Data is "massive", which requires that any security solution for Big Data should be "efficient". In this paper, we propose a new identity-based generalized signcryption scheme to solve the above problems. In particular, it has the following two properties to fit the efficiency requirement. (1) It can work as an encryption scheme, a signature scheme or a signcryption scheme as per need. (2) It does not have the heavy burden on the complicated certificate management as the traditional cryptographic schemes. Furthermore, our proposed scheme can be proven-secure in the standard model. © 2014 Elsevier Inc. All rights reserved.

Research designs and scientific identity in marketing journals: review and evaluation

Purpose - This research is based upon the assumption that the empirical research designs and the scientific identity of a journal are related. The objective is to review and evaluate the empirical research design of papers to determine the scientific identity of a selection of academic marketing journals. Design/methodology/approach – The journal sample consists of the Australasian Marketing Journal (AMJ), the European Journal of Marketing (EJM) and the Journal of Marketing (JM). The review and evaluation considers a six-year period, namely 2000-2005. The content analysis consisted of 811 papers. Findings – The scientific identity of JM may be seen as built upon quantitative research designs and the North American paradigm of research values. The scientific identity of AMJ is based upon a mix of empirical research designs and the Australian paradigm of research values. The scientific identity of EJM is also based upon a mix of empirical research designs, but a multi-continental paradigm of research values. Research limitations/implications – The leading continental journals in marketing maintain a scientific identity based upon the continental paradigm of research values. If it is driven to the extremes, a paradigmatic myopia and inertia of research designs may evolve that limit the scientific identity to be dogmatic and narrow-focused rather than variable and broad-focused. Originality/value – A cross-continental eview and evaluation of research designs and scientific identity of academic marketing journals is presented.

Certificate-based signatures: New definitions and a generic construction from certificateless signatures

Certificate-based encryption was introduced in Eurocrypt’03 to solve the certificate management problem in public key encryption. Recently, this idea has been extended to certificate-based signatures. To date, several new schemes and security models of certificate-based signatures have been proposed. In this paper, we first introduce a new security model of certificate-based signatures. Our model is not only more elaborated when compared with the existing ones, but also defines several new types of adversaries in certificate-based signatures. We then investigate the relationship between certificate-based signatures and certificateless signatures, by proposing a generic construction of certificate-based signatures from certificateless signatures. Our generic construction is secure (in the random oracle model) under the security model defined in this paper, assuming the underlying certificateless signatures satisfying certain security notions.

A concrete certificateless signature scheme without pairings

Certificateless public key cryptography was introduced to avoid the inherent key escrow problem in identity-based cryptography, and eliminate the use of certificates in traditional PKI. Most cryptographic schemes in certificateless cryptography are built from bilinear mappings on elliptic curves which need costly operations. Despite the investigation of certificateless public key encryption without pairings, certificateless signature without pairings received much less attention than what it deserves. In this paper, we present a concrete pairing-free certificateless signature scheme for the first time. Our scheme is more computationally efficient than others built from pairings. The new scheme is provably secure in the random oracle model assuming the hardness of discrete logarithm problem.

Certificate-based signatures revisited

Certificate-based encryption was introduced in Eurocrypt '03 to solve the certificate management problem in public key encryption. Recently, this idea was extended to certificate-based signatures. Several new schemes and security models of certificate-based signature by comparing it with digital signatures in other popular public key systems. We introduce a new security model of certificate-based signature, which defines several new types of adversaries against certificate-based signature, which defines several new types of adversaries against certificate-based signatures, along with the security model of certificate-based signatures against them. The new model is clearer and more elaborated compared with other existing ones. We then investigate the relationship between certificate-based signatures and certificate-less signatures, and propose a generic construction of certificate-based signatures and certificate less signatures, and propose a generic construction of certificate-based signatures. We prove that the generic construction is secure (in the random oracle model) against all types of adversaries defined in this paper, assuming the underlying certificateless signatures satisfying certain security notions. Based on our generic construction, we are able to construct new certificate-based signatures schemes, which are more effiecient in comparison with other schemes with similar security levels

Franchisee-based brand equity: The role of brand relationship quality and brand citizenship behavior

Despite the evidence that brand management is core to the success of franchising businesses, limited empirical work has focused on branding in such business-to-business (B2B) exchanges. Integrating social exchange theory and the identity-based brand management framework, this study proposes that brand relationship quality is crucial in promoting franchisee brand citizenship behavior that can enhance brand equity attributable to franchisees, thereby advancing a model of '. franchisee-based brand equity' (FBBE). Survey results from 352 franchisees in franchised B2B exchanges suggest that brand relationship quality promotes brand citizenship behavior, thereby enhancing FBBE. Additionally, moderated mediation analysis indicates that the indirect effect of brand relationship quality on FBBE via brand citizenship behavior is stronger when franchisor competence is high. However, franchisor-franchisee relationship duration has no moderating effects on these relationships. The findings of this study have implications for franchising practitioners that are interested in understanding the role of brand relationship management in promoting franchisee brand citizenship behavior and FBBE.

Anonymous credential-based access control scheme for clouds

In the cloud, data is usually stored in ciphertext for security. Attribute-based encryption (ABE) is a popular solution for allowing legal data users to access encrypted data, but it has high overhead and is vulnerable to data leakage. The authors propose an anonymous authorization credential and Lagrange interpolation polynomial-based access control scheme in which an access privilege and one secret share are applied for reconstructing the user's decryption key. Because the credential is anonymously bounded with its owner, only the legal authorized user can access and decrypt the encrypted data without leaking any private information.