An improvement of the batch-authentication and key agreement framework for P2P-based online social networks
Batch authentication is the way to authenticate multiple users simultaneously to provide better efficiency. In [1], three batch authentication protocols are proposed based on different primitives, to provide simultaneous authentication of multiple users in online social networks (OSNs). In this paper, we briefly introduce the original protocols, describe their security vulnerabilities and related attacks, and propose modifications to make them secure again.
A Dynamic Attribute-Based Authentication Scheme
Attribute-based authentication (ABA) is an approach to authenticate users by their attributes, so that users can get authenticated anonymously and their privacy can be protected. In ABA schemes, required attributes are represented by attribute trees, which can be combined with signature schemes to construct ABA schemes. Most attribute trees are built from top to down and can not change with attribute requirement changes. In this paper, we propose an ABA scheme based on down-to-top built attribute trees or dynamic attribute trees, which can change when attribute requirements change. Therefore, the proposed dynamic ABA scheme is more efficient in a dynamic environment by avoiding regenerating…
Formal Analysis and Model Checking of a Group Authentication Protocol by Scyther
Scyther [1] is designed to check the security and vulnerabilities of security protocols. In this paper, we use Scyther to analyze two discrete logarithm problem (DLP) based group authentication protocols proposed in [2]. These two protocols are claimed to satisfy several security requirements, but only part of them have been checked because of the properties and limitations of Scyther. Some positive results have been gained and show that the protocols provide mutual authentication and implicit key authentication and are secure against impersonation attack. An important innovation in this paper is that we have extended the expressing ability of Scyther by giving some reasonable assumption du…
Cryptographic Enforcement of Attribute-based Authentication
Doktorgradsavhandling, This dissertation investigates on the cryptographic enforcement about attributebased authentication (ABA) schemes. ABA is an approach to authenticate users via attributes, which are properties of users to be authenticated, environment conditions such as time and locations. By using attributes in place of users’ identity information, ABA can provide anonymous authentication, or more specifically, ABA enables to keep users anonymous from their authenticators. In addition, the property of least information leakage provides better protection for users’ privacy compared with public key based authentication approaches. These properties make it possible to apply ABA schemes …
Access Control Model for Cooperative Healthcare Environments: Modeling and Verification
Integrated use of electronic health records (EHRs) seem both promising and necessary in improving the quality and delivery of health services. This allows healthcare providers access to information they require to provide rapid patient care. Of course, when sensitive information is shared among a group of people within or across organizations, enforceable security and privacy control over the information flow is a key aspect. In this study, an access control model for cooperative healthcare environments is presented. A work-based access control (WBAC) model is proposed by introducing the concept of team role and modifying the user-role assignment model from previous work. Verification indic…
A general framework for group authentication and key exchange protocols
Published version of a chapter in the book: Foundations and Practice of Security. Also available from the publisher at: http://dx.doi.org/10.1007/978-3-319-05302-8_3 In this paper, we propose a novel framework for group authentication and key exchange protocols. There are three main advantages of our framework. First, it is a general one, where different cryptographic primitives can be used for different applications. Second, it works in a one-to-multiple mode, where a party can authenticate several parties mutually. Last, it can provide several security features, such as protection against passive adversaries and impersonate attacks, implicit key authentication, forward and backward securi…
Traceable hierarchical attribute-based authentication for the cloud
When data owners store their data on cloud servers, they may want to define the access requirements themselves, where attribute-based authentication (ABA) can be a good choice for the solution. In this paper, we propose a traceable hierarchical ABA (HABA) solution which fits two situations in the cloud. The first situation is when cloud users are organized in groups of a hierarchical structure and the access allowance can only be granted to users in a specific group. The second situation is that attributes are organized in a hierarchical structure with different priorities, such that only users who own the required attributes of a specific priority can be authenticated and access the data. …
An Efficient Traceable Attribute-Based Authentication Scheme with One-Time Attribute Trees
Attribute-based authentication (ABA) is a way to authenticate signers by means of attributes and it requests proof of possessing required attributes from the one to be authenticated. To achieve the property of traceability, required attributes should be combined with the signer’s attribute private keys in order to generate a signature. In some schemes, signers’ attribute keys are related to attribute trees, so changing attribute trees will cause the regeneration of all related attribute keys. In this paper, we propose an efficient traceable ABA scheme, where the generation of signers’ attribute keys is independent from attribute trees. Thus the same set of attribute keys can be used with a …