Blind Signature Scheme with Anonymous Verification

Huang, Ren-Shang

01 September 2010

In an anonymous credential system, when a credential has been shown for verification, none can identify the owner of the credential and link the relationship between any two credentials. The unlinkability is the crucial feature for any anonymous credential system. In 2002, Jan Camenisch and Anna Lysyanskaya proposed a signature scheme (CL signature) which allows users to demonstrate their credentials without revealing their identity information. However, CL signature is compounded of a lot of zero-knowledge proof technologies which cause inefficiency for CL signatures. Such heavy computation requirements may limit the scope which CL signatures can be applied to. In this thesis, we propose a new blind signature scheme based on ElGamal signatures and design an anonymous verification procedure which is more efficient than the CL signature scheme. Finally, we also implement our proposed protocols.

Blind Signature

ElGamal Signature

Anonymous Verification

Cryptography

The Choice of the Parameters of Digital Signature and It's Applications

Zhang, Zhi-Kai

08 August 2004

Digital signature is widely used to implement many secure protocols. A digital signature has three parameters. They are the message, the key pair, and the signature. In general, the message is given. The key pair is chosen randomly by the signer. The signature is computed from the message and the key pair. But in some cases, we can choose the value of one of the parameters, this may make it possible to other applications such as blind signatures or subliminal channels. There are some researches to discuss the relations between the parameters and the applications of the digital signatures. In this research, we will propose three new schemes as examples of this technique. The first one is a fair blind signature scheme. The other two are subliminal channel schemes. These three new schemes have some important properties. The concept of this research may help the future researches to find new applications of the digital signature. Meanwhile, these new schemes can show that how the concept can help us to develop or improve applications.

Fair Blind Signature

Subliminal Channel

Digital Signature

Date Attachable Offline Electronic Cash Scheme

Hau, Hoi-tung

03 August 2011

With the convenience of mobile network, people can do different kinds of activities, such as payments, shopping, auctions, and so on, whenever and wherever. Electronic commerce (e-commerce) has become so popular that the number of people using these online services has been increasing enormously in recent years. Hence, the security issues of e-commerce and the rights of users in transaction have raised our concerns. Electronic cash (e-cash) is definitely one of the most popular research topics among e-commerce area. It is very important that e-cash has to be able to hold the anonymity and accuracy in order to preserve the privacy and rights of customers. There are two types of e-cash in general, which are online e-cash and offline e-cash. Both systems have their own pros and cons, and they can be used to construct various applications. In this thesis, we propose a provably secure and efficient offline e-cash scheme with date attachability based on blind signature technique, where expiration date and deposit date can be embedded in an e-cash, simultaneously. With the help of expiration date, the bank can manage the huge database much more easily against unlimited growth, and the deposit date cannot be forged so that users are able to calculate the amount of interests they can receive in the future correctly. Furthermore, our scheme maintains the properties of e-cash, which are anonymity control, double-spending checking and unforgeability. We also provide security analysis and formal proofs in this thesis.

Blind Signature

Offline Electronic Cash

Electronic Payment

Anonymity

Electronic Commerce

Strong Privacy Preserving Communication Protocol for VANETs

Huang, Shih-wei

23 August 2011

Vehicular ad hoc networks (VANETs) are instances of mobile ad hoc networks with the aim to enhance the safety and efficiency of road traffic. The basic idea is to allow arbitrary vehicles to broadcast ad hoc messages (e.g. traffic accidents) to other vehicles and remind drivers to change their route immediately or slow down to avoid dangers. However, some concerns of security and privacy are also raised in this environment. Messages should be signed and verified before they are trusted while the real identities of vehicles should not be revealed to guarantee the source privacy, but it still has to be traceable to prevent any abuse of VANETs (e.g. sending a fake message). Many related works have been presented in the literature so far. They can be generally divided into two constructions, where one is based on pseudonymous authentication and the other is based on group signatures. However, both of the two constructions have some drawbacks. Consequently, in this thesis, we come up with a provably secure and strong privacy preserving protocol based on the blind signature technique to guarantee privacy and fulfill other essential security requirements in the vehicular communication environment. Besides, compared with other similar works, we offer an efficient tracing mechanism to trace and revoke the vehicles abusing the VANETs. In addition, considering the real environment, we also provide simulation results to show that our scheme is more practical, efficient and suitable for VANETs under a real city street scenario with high vehicle density. Finally, we also demonstrate the security of the proposed protocol by formal proofs.

Blind Signature

Vehicular Communication

Privacy Preservation

Authentication

Anonymity

Uncoercible Anonymous Electronic Voting System

Sun, Wei-zhe

25 July 2006

Due to convenience and efficiency, electronic voting (e-voting) techniques gradually replace traditional paper-based voting activities in some developed countries. A secure anonymous e-voting system has to satisfy many properties, such as completeness, tally correctness, and uncoercibility, where the uncoercibility property is the most difficult one to be achieved. Since each voter can obtain a voting receipt in an electronic voting system, coercion and bribe (vote-buying and vote-selling are included) become more and more serious in electronic voting environments than traditional paper-based voting environments. Unfortunately, most of the solutions, like receipt-freeness or untappable channels, proposed in the literature, are impractical owing to lack of efficiency or too complicated to be implemented. It will make uncoercible e-voting systems unacceptable by the people. In order to cope with the drawbacks of the previous schemes, this thesis will present a generic idea, which is independent of the underlying cryptographic components, on electronic voting to achieve the uncoercibility property and other requirements. The proposed method is an efficient and quite practical solution to match the current environments of electronic voting.

Uncoercibility

Cryptography

Information security

Blind signature

Anonymous electronic voting

EFFICIENT AND SCALABLE NETWORK SECURITY PROTOCOLS BASED ON LFSR SEQUENCES

Chakrabarti, Saikat

01 January 2008

The gap between abstract, mathematics-oriented research in cryptography and the engineering approach of designing practical, network security protocols is widening. Network researchers experiment with well-known cryptographic protocols suitable for different network models. On the other hand, researchers inclined toward theory often design cryptographic schemes without considering the practical network constraints. The goal of this dissertation is to address problems in these two challenging areas: building bridges between practical network security protocols and theoretical cryptography. This dissertation presents techniques for building performance sensitive security protocols, using primitives from linear feedback register sequences (LFSR) sequences, for a variety of challenging networking applications. The significant contributions of this thesis are: 1. A common problem faced by large-scale multicast applications, like real-time news feeds, is collecting authenticated feedback from the intended recipients. We design an efficient, scalable, and fault-tolerant technique for combining multiple signed acknowledgments into a single compact one and observe that most signatures (based on the discrete logarithm problem) used in previous protocols do not result in a scalable solution to the problem. 2. We propose a technique to authenticate on-demand source routing protocols in resource-constrained wireless mobile ad-hoc networks. We develop a single-round multisignature that requires no prior cooperation among nodes to construct the multisignature and supports authentication of cached routes. 3. We propose an efficient and scalable aggregate signature, tailored for applications like building efficient certificate chains, authenticating distributed and adaptive content management systems and securing path-vector routing protocols. 4. We observe that blind signatures could form critical building blocks of privacypreserving accountability systems, where an authority needs to vouch for the legitimacy of a message but the ownership of the message should be kept secret from the authority. We propose an efficient blind signature that can serve as a protocol building block for performance sensitive, accountability systems. All special forms digital signatures—aggregate, multi-, and blind signatures—proposed in this dissertation are the first to be constructed using LFSR sequences. Our detailed cost analysis shows that for a desired level of security, the proposed signatures outperformed existing protocols in computation cost, number of communication rounds and storage overhead.

Authentication

digital signature

signature aggregation

blind signature

LFSR sequences

Computer Engineering

Engineering

Towards Internet Voting in the State of Qatar

Al-Hamar, Jassim Khalid

January 2011

Qatar is a small country in the Middle East which has used its oil wealth to invest in the country's infrastructure and education. The technology for Internet voting now exists or can be developed, but are the people of Qatar willing to take part in Internet voting for national elections?. This research identifies the willingness of government and citizens to introduce and participate in Internet voting (I-voting) in Qatar and the barriers that may be encountered when doing so. A secure I voting model for the Qatar government is then proposed that address issues of I-voting which might arise due to the introduction of such new technology. Recommendations are made for the Qatar government to assist in the introduction of I-voting. The research identifies the feasibility of I-voting and the government s readiness and willingness to introduce it. Multiple factors are examined: the voting experience, educational development, telecommunication development, the large number of Internet users, Qatar law which does not bar the use of I-voting and Qatar culture which supports I-voting introduction. It is shown that there is a willingness amongst both the people and the government to introduce I-voting, and there is appropriate accessibility, availability of IT infrastructure, availability of Internet law to protect online consumers and the existence of the e government project. However, many Qataris have concerns of security, privacy, usability, transparency and other issues that would need to be addressed before any voting system could be considered to be a quality system in the eyes of the voters. Also, the need to consider the security threat associated on client-side machines is identified where a lack of user awareness on information security is an important factor. The proposed model attempts to satisfy voting principles, introducing a secure platform for I-voting using best practices and solutions such as the smart card, Public Key Infrastructure (PKI) and digital certificates. The model was reviewed by a number of experts on Information Technology, and the Qatari culture and law who found that the system would, generally, satisfy voting principles, but pointed out the need to consider the scalability of the model, the possible cyber-attacks and the risks associated with voters computers. which could be reduced by enhancing user awareness on security and using secure operating systems or Internet browsers. From these findings, a set of recommendations were proposed to encourage the government to introduce I-voting which consider different aspects of I-voting, including the digital divide, e-literacy, I voting infrastructure, legal aspects, transparency, security and privacy. These recommendations were also reviewed by experts who found them to be both valuable and effective. Since literature on Internet voting in Qatar is sparse, empirical and non-empirical studies were carried out in a variety of surveys, interviews and experiments. The research successfully achieved its aim and objectives and is now being considered by the Qatari Government.

320

基於模糊簽章之電子投票系統 / An e-voting system based on oblivious signatures

陳淵順, Chen, Yuan Shun

Unknown Date

近期電子投票系統被廣泛討論，許多國家也開始實行電子投票系統來取代傳統紙本投票。而一套完整的電子投票系統欲取代傳統紙本投票，此系統就必須滿足傳統紙本投票的需求，有完善的機制用以保護投票者在進行投票時的隱私性，保證投票者的身分及選票內容不被其他人得知，並維持整個投票過程的完整性、可驗證性及公平性等等的需求，系統的穩定性也是必須要考量的因素。 本篇論文主要針對投票者的隱私性及如何減輕投票者的負擔進行討論，我們提出了參考愛沙尼亞國家的電子投票系統的優點做結合，設計出一個改良的基於模糊簽章的電子投票系統。 / Electronic voting systems have been widely investigated in recent years since they are very convenient for voters. Many countries have begun to implement electronic voting system to replace the traditional voting system. In order to replace the traditional voting system, an e-voting system must satisfy all the security requirements of those in a traditional voting system. Those security requirements are, firstly, to have a sound mechanism to protect a voter’s privacy, and to ensure that the identity of a voter or the content of a ballot will not be leaked to others. Moreover, it must maintain the integrity, verifiability and fairness during the entire voting process. To keep the system stable during the voting process is also an important factor that must be considered. This thesis is a research on designing a secure electronic voting system. Based on some existing electronic voting systems, we design an improved system to enhance the privacy protection of voters on one hand and to reduce the loading of voters on the other hand. In detail, our scheme is modified from the existing e-voting system of Estonian state, and we proposed an improved e-voting system which uses the oblivious signatures as a building block.

盲簽章

密碼學

電子投票

資訊安全

模糊簽章

Blind Signature

Cryptography

Electronic Voting

Information Security

Oblivious Signatures

免憑證代理簽名及其代理盲簽名擴張 / Certificateless proxy signature and its extension to blind signature

陳力瑋

Unknown Date

在傳統的公開金鑰簽章系統中，用戶的公鑰需要一個可信第三方(Trusted Third Party-TTP)發給憑證來保證其可靠性。其後Shamir提出基於使用者身分的簽名機制(ID-Based Signature)　儘管不需要憑證，但此種系統的概念中，TTP仍然扮演著強大的角色，隨之而來的是金鑰託管(Key Escrow)的問題。而在2003年時提出的免憑證簽章系統Certificateless Signature Scheme(CL-S)概念中，不僅不需要憑證也同時解決了Key Escrow的問題。本篇文章便是基於CL-S的概念下，發展出一套免憑證的可代理簽章系統(CL-Proxy Signature)。並且可利用簡單的方式使我們的系統擴張成為一個支援盲簽名(Blind Signature)的免憑證代理盲簽章系統。 / Traditional public key cryptosystem (PKC) requires a Trusted-Third-Party(TTP) for the management of certificates of users’ public keys. To solve this problem, Shamir introduced the concept of ID based signature scheme. Although the ID based signature scheme doesn't require the certificate management, TTP still plays an important role here. In addition, ID-based schemes have the key escrow problem. In 2003, a certificateless signature scheme has been introduced. In a certificateless signature scheme, certificates are not required on one hand and can solve the key escrow problem on the other hand. In this paper, based on the concept of certificateless, we introduce a certificateless proxy signature scheme. A remarkable feature of our scheme is that it can be extended into a certificateless proxy blind signature.

免憑證簽章系統

代理簽章系統

盲簽章系統

Certificateless signature

Proxy signature

Blind signature

Networking And Security Solutions For Vanet Initial Deployment Stage

Aslam, Baber

01 January 2012

Vehicular ad hoc network (VANET) is a special case of mobile networks, where vehicles equipped with computing/communicating devices (called "smart vehicles") are the mobile wireless nodes. However, the movement pattern of these mobile wireless nodes is no more random, as in case of mobile networks, rather it is restricted to roads and streets. Vehicular networks have hybrid architecture; it is a combination of both infrastructure and infrastructure-less architectures. The direct vehicle to vehicle (V2V) communication is infrastructure-less or ad hoc in nature. Here the vehicles traveling within communication range of each other form an ad hoc network. On the other hand, the vehicle to infrastructure (V2I) communication has infrastructure architecture where vehicles connect to access points deployed along roads. These access points are known as road side units (RSUs) and vehicles communicate with other vehicles/wired nodes through these RSUs. To provide various services to vehicles, RSUs are generally connected to each other and to the Internet. The direct RSU to RSU communication is also referred as I2I communication. The success of VANET depends on the existence of pervasive roadside infrastructure and sufficient number of smart vehicles. Most VANET applications and services are based on either one or both of these requirements. A fully matured VANET will have pervasive roadside network and enough vehicle density to enable VANET applications. However, the initial deployment stage of VANET will be characterized by the lack of pervasive roadside infrastructure and low market penetration of smart vehicles. It will be economically infeasible to initially install a pervasive and fully networked iv roadside infrastructure, which could result in the failure of applications and services that depend on V2I or I2I communications. Further, low market penetration means there are insufficient number of smart vehicles to enable V2V communication, which could result in failure of services and applications that depend on V2V communications. Non-availability of pervasive connectivity to certification authorities and dynamic locations of each vehicle will make it difficult and expensive to implement security solutions that are based on some central certificate management authority. Nonavailability of pervasive connectivity will also affect the backend connectivity of vehicles to the Internet or the rest of the world. Due to economic considerations, the installation of roadside infrastructure will take a long time and will be incremental thus resulting in a heterogeneous infrastructure with non-consistent capabilities. Similarly, smart vehicles will also have varying degree of capabilities. This will result in failure of applications and services that have very strict requirements on V2I or V2V communications. We have proposed several solutions to overcome the challenges described above that will be faced during the initial deployment stage of VANET. Specifically, we have proposed:  A VANET architecture that can provide services with limited number of heterogeneous roadside units and smart vehicles with varying capabilities.  A backend connectivity solution that provides connectivity between the Internet and smart vehicles without requiring pervasive roadside infrastructure or large number of smart vehicles.  A security architecture that does not depend on pervasive roadside infrastructure or a fully connected V2V network and fulfills all the security requirements. v  Optimization solutions for placement of a limited number of RSUs within a given area to provide best possible service to smart vehicles. The optimal placement solutions cover both urban areas and highways environments

Wireless network

mobile wireless network

manet

vehicular network

vanet

initial deployment

roadside unit

one way satellite

security

privacy

blind signature

optimization

binary interger programming

pseudonym

Computer Sciences

Engineering