Certificateless onion routing

Onion routing protocols allow users to establish anonymous channels to preserve their privacy over a public network. Several protocols implementing this primitive have been proposed in recent years, and TOR, a real-life implementation, provides an onion routing service to thousands of users over the internet. This paper presents Certificateless Onion Routing a new approach to the problem. Starting from the identity based solution (PB-OR) of Kate et al. [23], we adopt the certificateless setting introduced by Al-Riyami and Paterson [2]. Such a setting is particularly well suited in practice as it retains the good aspects of identity based cryptography (no PKI is required) and traditional public key cryptography (there is no key escrow). Next, we present a novel certificateless anonymous key-agreement (KA) protocol and we show how to turn it into a very efficient (and provably secure!) certificateless onion routing protocol. When compared with Tor and PB-OR, our protocol offers better performances, especially when current security levels (i.e. 128 bits) are considered. In particular, our scheme significantly improves the computational costs required from each router. In this sense our solution is up to 7 times faster than PB-OR and up to 11 times faster than Tor.

[1]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[2]  Ian Goldberg,et al.  Pairing-Based Onion Routing with Improved Forward Secrecy , 2010, TSEC.

[3]  Kenneth G. Paterson,et al.  Certiflcateless Public Key Cryptography , 2003 .

[4]  Alexander W. Dent,et al.  A survey of certificateless encryption schemes and security models , 2008, International Journal of Information Security.

[5]  Paul F. Syverson,et al.  Onion routing , 1999, CACM.

[6]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[7]  Rosario Gennaro,et al.  Making the Diffie-Hellman Protocol Identity-Based , 2010, CT-RSA.

[8]  Bernhard Plattner,et al.  Introducing MorphMix: peer-to-peer based anonymous Internet usage with collusion detection , 2002, WPES '02.

[9]  Rosario Gennaro,et al.  Securing Threshold Cryptosystems against Chosen Ciphertext Attack , 1998, EUROCRYPT.

[10]  Paul F. Syverson,et al.  Hiding Routing Information , 1996, Information Hiding.

[11]  Paul F. Syverson,et al.  Anonymous connections and onion routing , 1998, IEEE J. Sel. Areas Commun..

[12]  David Cash,et al.  The Twin Diffie-Hellman Problem and Applications , 2008, EUROCRYPT.

[13]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[14]  Robert Tappan Morris,et al.  Tarzan: a peer-to-peer anonymizing network layer , 2002, CCS '02.

[15]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[16]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[17]  Ian Goldberg On the Security of the Tor Authentication Protocol , 2006, Privacy Enhancing Technologies.

[18]  Hugo Krawczyk,et al.  HMQV: A High-Performance Secure Diffie-Hellman Protocol , 2005, CRYPTO.

[19]  Jan Camenisch,et al.  A Formal Treatment of Onion Routing , 2005, CRYPTO.

[20]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[21]  Dan Boneh,et al.  Short Signatures Without Random Oracles and the SDH Assumption in Bilinear Groups , 2008, Journal of Cryptology.

[22]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[23]  Hugo Krawczyk,et al.  Universally Composable Notions of Key Exchange and Secure Channels , 2002, EUROCRYPT.

[24]  Paul F. Syverson,et al.  Improving Efficiency and Simplicity of Tor Circuit Establishment and Hidden Services , 2007, Privacy Enhancing Technologies.

[25]  David Cash,et al.  The Twin Diffie–Hellman Problem and Applications , 2009, Journal of Cryptology.

[26]  Bodo Möller,et al.  Provably Secure Public-Key Encryptionfor Length-Preserving Chaumian Mixes , 2003, CT-RSA.

[27]  Paul Syverson,et al.  Onion Routing for Anonymous and Private Internet Connections , 1999 .

[28]  Kenneth G. Paterson,et al.  Certificateless Public Key Cryptography , 2003 .

[29]  Ian Goldberg,et al.  Pairing-Based Onion Routing , 2007, Privacy Enhancing Technologies.

[30]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[31]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[32]  Mihir Bellare,et al.  The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES , 2001, CT-RSA.

[33]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[34]  Vincent Rijmen,et al.  ECRYPT yearly report on algorithms and keysizes , 2009 .

[35]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.