Cryptanalysis and improvement of an elliptic curve based signcryption scheme for firewalls

In network security, firewall is a security system that observes and controls the network traffic based on some predefined rules. A firewall sets up a barrier between internal network and another outside unsecured network, such as the Internet. A number of signcryption schemes for firewall are proposed over the years, many of them are proved to have security flaws. In this paper, an elliptic curve based signcryption scheme for firewalls is analyzed. It is observed that the scheme is not secure and has many security flaws. Anyone who knows the public parameters, can modify the message without the knowledge of sender and receiver. The claimed security attributes of non-repudiation, unforgeability, integrity and authentication are compromised. After successful cryptanalysis of this scheme, we proposed a modified version of the scheme.

[1]  Ren-Junn Hwang,et al.  An efficient signcryption scheme with forward secrecy based on elliptic curve , 2005, Appl. Math. Comput..

[2]  Xiaoyuan Yang,et al.  ECGSC: Elliptic Curve Based Generalized Signcryption , 2006, UIC.

[3]  Yuliang Zheng,et al.  Digital Signcryption or How to Achieve Cost(Signature & Encryption) << Cost(Signature) + Cost(Encryption) , 1997, CRYPTO.

[4]  Daniel Vogel,et al.  Evaluating authentication options for mobile health applications in younger and older adults , 2018, PloS one.

[5]  Cong Yan,et al.  Enhancing and identifying cloning attacks in online social networks , 2013, ICUIMC '13.

[6]  Gustav Svensson Auditing the Human Factor as a Part of Setting up an Information Security Management System , 2013 .

[7]  Steven Furnell,et al.  Man-At-The-End attacks: Analysis, taxonomy, human aspects, motivation and future directions , 2015, J. Netw. Comput. Appl..

[8]  Mohsen Toorani,et al.  Cryptanalysis of an Elliptic Curve-based Signcryption Scheme , 2010, Int. J. Netw. Secur..

[9]  Roayat Ismail,et al.  A new efficient publicly verifiable signcryption scheme and its multiple recipients variant for firewalls implementation , 2008, 2009 National Radio Science Conference.

[10]  Fan Wu,et al.  A Robust and Energy Efficient Authentication Protocol for Industrial Internet of Things , 2018, IEEE Internet of Things Journal.

[11]  C. Pandu Rangan,et al.  An Efficient Identity-Based Signcryption Scheme for Multiple Receivers , 2009, IWSEC.

[12]  Hideki Imai,et al.  How to Construct Efficient Signcryption Schemes on Elliptic Curves , 1998, Inf. Process. Lett..

[13]  Ming Tang,et al.  Power analysis based reverse engineering on the secret round function of block ciphers , 2014, Concurr. Comput. Pract. Exp..

[14]  Hassan M. Elkamchouchi,et al.  Elliptic Curve Signcryption with Encrypted Message Authentication and Forward Secrecy , 2009 .

[15]  Robert H. Deng,et al.  A Signcryption Scheme with Signature Directly Verifiable by Public Key , 1998, Public Key Cryptography.

[16]  Xian Wang,et al.  An efficient certificateless aggregate signature with conditional privacy-preserving for vehicular sensor networks , 2015, Inf. Sci..

[17]  Farhan Ahmad,et al.  An efficient elliptic curve based signcryption scheme for firewalls , 2013, 2013 2nd National Conference on Information Assurance (NCIA).

[18]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[19]  Yuliang Zheng,et al.  Encrypted Message Authentication by Firewalls , 1999, Public Key Cryptography.

[20]  Fan Wu,et al.  A Robust ECC-Based Provable Secure Authentication Protocol With Privacy Preserving for Industrial Internet of Things , 2018, IEEE Transactions on Industrial Informatics.

[21]  Xuanwu Zhou,et al.  Improved Signcryption Scheme with Public Verifiability , 2009, 2009 Pacific-Asia Conference on Knowledge Engineering and Software Engineering.

[22]  Paolo Falcarin,et al.  Guest Editors' Introduction: Software Protection , 2011, IEEE Software.

[23]  Xiong Li,et al.  Anonymous mutual authentication and key agreement scheme for wearable sensors in wireless body area networks , 2017, Comput. Networks.