A certificateless signature scheme and a certificateless public auditing scheme with authority trust level 3+

Many certificateless cryptosystems have been proposed for cloud security applications. These applications have to face the inherent issues of dealing with low authority trust levels, especially when the cloud server takes charge of doing the role of the key generation center (KGC), that is the authority to trust. This paper focuses on popular authority trust problems in certificateless signatures and proposes a public cloud auditing scheme with high trust level. In current cloud security applications based on certificateless cryptography, the level of trust can at most detect and prove that the authority is guilty but can never punish it for its malicious behavior; precisely, in those settings where malicious servers have to be punished, an external arbitrator becomes necessary. We develop a novel notion of enhanced authority trust level, that we call 3+, where even if KGCs can impersonate any entity, still there is no way to avoid an immediate penalty for its malicious behavior. First, we construct a certificateless signature scheme with authority trust level 3+, then we prove its security in the random oracle model, illustrating some benefits in applications made for clouds. In particular, we propose a certificateless homomorphic authenticable signature scheme and a cloud public auditing scheme. Our proposed trust level 3+ sensibly boosts the trustworthiness and acceptability of such cloud computation environments by its ordinary customers.

[1]  Kyung Sup Kwak,et al.  Certificateless Remote Anonymous Authentication Schemes for WirelessBody Area Networks , 2014, IEEE Transactions on Parallel and Distributed Systems.

[2]  Sid Stamm,et al.  Certified Lies: Detecting and Defeating Government Interception Attacks against SSL (Short Paper) , 2011, Financial Cryptography.

[3]  Yi Mu,et al.  Certificateless Signatures: New Schemes and Security Models , 2012, Comput. J..

[4]  Gwoboa Horng,et al.  Strongly Secure Certificateless Signature: Cryptanalysis and Improvement of two Schemes , 2015, J. Inf. Sci. Eng..

[5]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[6]  Yi Mu,et al.  Malicious KGC attacks in certificateless cryptography , 2007, ASIACCS '07.

[7]  Kenneth G. Paterson,et al.  Certificateless Public Key Cryptography , 2003 .

[8]  Alexander W. Dent,et al.  A survey of certificateless encryption schemes and security models , 2008, International Journal of Information Security.

[9]  Xiaojun Zhang,et al.  SCLPV: Secure Certificateless Public Verification for Cloud-Based Cyber-Physical-Social Systems Against Malicious Auditors , 2015, IEEE Transactions on Computational Social Systems.

[10]  Fenghua Li,et al.  Certificateless public auditing for data integrity in the cloud , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).

[11]  Hu Xiong,et al.  Cost-Effective Scalable and Anonymous Certificateless Remote Authentication Protocol , 2014, IEEE Transactions on Information Forensics and Security.

[12]  Kenneth G. Paterson,et al.  Certificateless Encryption Schemes Strongly Secure in the Standard Model , 2008, Public Key Cryptography.

[13]  Xiaotie Deng,et al.  Certificateless signature: a new security model and an improved generic construction , 2007, Des. Codes Cryptogr..

[14]  Zhiguang Qin,et al.  Revocable and Scalable Certificateless Remote Authentication Protocol With Anonymity for Wireless Body Area Networks , 2015, IEEE Transactions on Information Forensics and Security.

[15]  Guomin Yang,et al.  Certificateless cryptography with KGC trust level 3 , 2011, Theor. Comput. Sci..

[16]  Joseph K. Liu,et al.  Self-Generated-Certificate Public Key Cryptography and certificateless signature/encryption scheme in the standard model: extended abstract , 2007, ASIACCS '07.

[17]  Xinwen Zhang,et al.  CL-PRE: a certificateless proxy re-encryption scheme for secure data sharing with public cloud , 2012, ASIACCS '12.

[18]  Yi Liu,et al.  Efficient and secure certificateless signature scheme in the standard model , 2017, Int. J. Commun. Syst..

[19]  Pil Joong Lee,et al.  Generic Construction of Certificateless Signature , 2004, ACISP.

[20]  Sherali Zeadally,et al.  Certificateless Public Auditing Scheme for Cloud-Assisted Wireless Body Area Networks , 2018, IEEE Systems Journal.

[21]  Futai Zhang,et al.  A Revocable Certificateless Signature Scheme , 2014, J. Comput..

[22]  Marc Girault,et al.  Self-Certified Public Keys , 1991, EUROCRYPT.

[23]  Kefei Chen,et al.  Generic Construction of Certificate-Based Encryption from Certificateless Encryption Revisited , 2015, Comput. J..