Obfuscatable Anonymous Authentication Scheme for Mobile Crowd Sensing

Mobile crowd sensing (MCS) is a rapidly developing technique for information collection from the users of mobile devices. This technique deals with participants’ personal information such as their identities and locations, thus raising significant security and privacy concerns. Accordingly, anonymous authentication schemes have been widely considered for preserving participants’ privacy in MCS. However, mobile devices are easy to lose and vulnerable to device capture attacks, which enables an attacker to extract the private authentication key of a mobile application and to further invade the user's privacy by linking sensed data with the user's identity. To address this issue, we have devised a special anonymous authentication scheme where the authentication request algorithm can be obfuscated into an unintelligible form and thus the authentication key is not explicitly used. This scheme not only achieves authenticity and unlinkability for participants, but also resists impersonation, replay, denial-of-service, man-in-the-middle, collusion, and insider attacks. The scheme's obfuscation algorithm is the first obfuscator for anonymous authentication, and it satisfies the average-case secure virtual black-box property. The scheme also supports batch verification of authentication requests for improving efficiency. Performance evaluations on a workstation and smart phones have indicated that our scheme works efficiently on various devices.

[1]  Zongjian He,et al.  An efficient anonymous authentication protocol using batch operations for VANETs , 2016, Multimedia Tools and Applications.

[2]  Panagiotis Papadimitratos,et al.  SPPEAR: security & privacy-preserving architecture for participatory-sensing applications , 2014, WiSec '14.

[3]  Bo Zhang,et al.  Secure Obfuscation of Encrypted Verifiable Encrypted Signatures , 2011, ProvSec.

[4]  Ryo Nishimaki,et al.  Verifiably encrypted signatures with short keys based on the decisional linear problem and obfuscation for encrypted VES , 2013, Des. Codes Cryptogr..

[5]  Elaine Shi,et al.  Predicate Privacy in Encryption Systems , 2009, IACR Cryptol. ePrint Arch..

[6]  Yael Tauman Kalai,et al.  On the impossibility of obfuscation with auxiliary input , 2005, 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05).

[7]  Brent Waters,et al.  Full-Domain Subgroup Hiding and Constant-Size Group Signatures , 2007, Public Key Cryptography.

[8]  Hung-Yu Chien,et al.  ABAKA: An Anonymous Batch Authenticated and Key Agreement Scheme for Value-Added Services in Vehicular Ad Hoc Networks , 2011, IEEE Transactions on Vehicular Technology.

[9]  Nir Bitansky,et al.  On the impossibility of approximate obfuscation and applications to resettable cryptography , 2013, STOC '13.

[10]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[11]  Jun Zhang,et al.  Robust Anonymous Authentication Scheme for Telecare Medical Information Systems , 2013, Journal of Medical Systems.

[12]  Sherali Zeadally,et al.  Anonymous Authentication for Wireless Body Area Networks With Provable Security , 2017, IEEE Systems Journal.

[13]  Dan Boneh,et al.  Evaluating 2-DNF Formulas on Ciphertexts , 2005, TCC.

[14]  Yun-kyung Lee,et al.  Anonymous Authentication System Using Group Signature , 2009, 2009 International Conference on Complex, Intelligent and Software Intensive Systems.

[15]  Feng-Hao Liu,et al.  Re-encryption, Functional Re-encryption, and Multi-hop Re-encryption: A Framework for Achieving Obfuscation-Based Security and Instantiations from Lattices , 2014, Public Key Cryptography.

[16]  Panagiotis Papadimitratos,et al.  Security, Privacy, and Incentive Provision for Mobile Crowd Sensing Systems , 2016, IEEE Internet of Things Journal.

[17]  Tony Q. S. Quek,et al.  Resilience of DoS Attacks in Designing Anonymous User Authentication Protocol for Wireless Sensor Networks , 2017, IEEE Sensors Journal.

[18]  Qin Liu,et al.  An Obfuscatable Designated Verifier Signature Scheme , 2017, IEEE Transactions on Emerging Topics in Computing.

[19]  Ashok Kumar Das,et al.  A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks , 2016, Peer-to-Peer Netw. Appl..

[20]  Satoshi Hada,et al.  Secure Obfuscation for Encrypted Signatures , 2010, EUROCRYPT.

[21]  Hung-Ming Chen,et al.  An Efficient and Secure Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems , 2012, Journal of Medical Systems.

[22]  Chao Li,et al.  Secure Obfuscation of a Two-Step Oblivious Signature , 2012 .

[23]  Vinod Vaikuntanathan,et al.  Functional Re-encryption and Collusion-Resistant Obfuscation , 2012, TCC.

[24]  Pardeep Kumar,et al.  E-SAP: Efficient-Strong Authentication Protocol for Healthcare Applications Using Wireless Medical Sensor Networks , 2012, Sensors.

[25]  Manik Lal Das,et al.  Two-factor user authentication in wireless sensor networks , 2009, IEEE Transactions on Wireless Communications.

[26]  Hongfei Fan,et al.  An Obfuscatable Aggregatable Signcryption Scheme for Unattended Devices in IoT Systems , 2017, IEEE Internet of Things Journal.

[27]  Emiliano Miluzzo,et al.  A survey of mobile phone sensing , 2010, IEEE Communications Magazine.

[28]  Cheng-Chi Lee,et al.  Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks , 2013, Multimedia Systems.

[29]  Yang Shi,et al.  Secure Obfuscation for Encrypted Group Signatures , 2015, PloS one.

[30]  Guy N. Rothblum,et al.  On Best-Possible Obfuscation , 2007, TCC.

[31]  Huijia Lin,et al.  Indistinguishability Obfuscation from SXDH on 5-Linear Maps and Locality-5 PRGs , 2017, CRYPTO.

[32]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[33]  Abhi Shelat,et al.  Securely Obfuscating Re-Encryption , 2007, Journal of Cryptology.

[34]  Vinod Vaikuntanathan,et al.  Indistinguishability Obfuscation from DDH-Like Assumptions on Constant-Degree Graded Encodings , 2016, 2016 IEEE 57th Annual Symposium on Foundations of Computer Science (FOCS).

[35]  Nikos Komninos,et al.  The lord of the sense: A privacy preserving reputation system for participatory sensing applications , 2014, 2014 IEEE Symposium on Computers and Communications (ISCC).

[36]  Wei Cheng,et al.  Enabling Reputation and Trust in Privacy-Preserving Mobile Sensing , 2014, IEEE Transactions on Mobile Computing.

[37]  Juho Kim,et al.  A Security-Performance-Balanced User Authentication Scheme for Wireless Sensor Networks , 2012, Int. J. Distributed Sens. Networks.

[38]  Yael Tauman Kalai,et al.  Protecting Obfuscation against Algebraic Attacks , 2014, EUROCRYPT.

[39]  Peilin Hong,et al.  A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks , 2013, J. Netw. Comput. Appl..

[40]  Brent Waters,et al.  Anonymous Hierarchical Identity-Based Encryption (Without Random Oracles) , 2006, CRYPTO.

[41]  Wei-Kuan Shih,et al.  A Robust Mutual Authentication Protocol for Wireless Sensor Networks , 2010 .

[42]  Dennis Hofheinz,et al.  Obfuscation for Cryptographic Purposes , 2007, Journal of Cryptology.

[43]  Liqun Chen,et al.  Lightweight Anonymous Authentication with TLS and DAA for Embedded Mobile Devices , 2010, ISC.

[44]  Jianfeng Ma,et al.  An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks , 2015, Peer-to-Peer Netw. Appl..

[45]  Zheng Yan,et al.  Anonymous Authentication on Trust in Pervasive Social Networking Based on Group Signature , 2017, IEEE Access.