Fuzzy Identity-Based Identification Scheme
Syh-yuan Tan2009, Communications in Computer and Information Science
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
We present a new type of Identity-Based Identification (IBI), namely Fuzzy Identity-Based Identification (FIBI). FIBI is an extension of traditional IBI where the identity (ID) is viewed as a set of values. In FIBI, identification is considered successful if and only if the ID set presented by the prover overlaps the verifier's ID set for certain distance metric d. The proposed scheme is secure against impersonation under passive attack based on the discrete logarithm assumption, and is secure against concurrent attack based on the one-more discrete logarithm assumption. We provide the security proof in the fuzzy selective-ID security model.
Related papers
A new framework for the design and analysis of identity-based identification schemes
Theoretical Computer Science, 2008
Constructing an identification scheme is one of the fundamental problems in cryptography, and is very useful in practice. An identity-based identification (IBI) scheme allows a prover to identify himself to a public verifier who knows only the claimed identity of the prover and some public information. In this paper, we propose a new framework for both the design and analysis of IBI schemes. Our approach works in an engineering way. We first identify an IBI scheme as the composition of two building blocks, and then show that, with different security properties of these building blocks, the corresponding IBI schemes can achieve security against impersonation under different levels of attacks, namely, passive attack (id-imp-pa), active attack (id-imp-aa) or concurrent attack (id-imp-ca). In particular, we show that an id-imp-pa secure IBI scheme can be built if there exists a trapdoor weakone-more relation and an honest verifier zero-knowledge proof with special soundness, while an id-imp-aa and id-imp-ca secure IBI scheme can be built if there exists a trapdoor strong-one-more relation and a Witness Dualism proof with Special Soundness (WD-SS). This new framework can capture IBI construction techniques that are not captured by other known frameworks. It also helps to construct new and efficient schemes. We demonstrate this by proposing two new IBI schemes, one achieving id-imp-pa, and the other one achieving both id-imp-aa and id-imp-ca, and neither of them can be captured by existing frameworks. 371 of attack, corresponding security models are normally formalized into two stages. In stage one, the adversary obtains communication transcripts between the prover and an honest verifier, or plays the role of a (possibly malicious) verifier while communicating with the prover for a number of times. In stage two, given the information collected in stage one, the adversary's goal is to impersonate the prover, that is, to make an honest verifier accept it as the prover.
An Efficient and Provable Secure Identity-Based Identification Scheme in the Standard Model
We present an efficient and provable secure identity-based identification scheme in the standard model. Our proposed scheme is secure against impersonation under passive attack based on the Computational Diffie-Hellman assumption, and secure under active and concurrent attacks based on the One-More Computational Diffie-Hellman assumption.
Security Upgrade for a K-Resilient Identity-Based Identification Scheme in the Standard Model
In 2010, proposed an identity-based identification (IBI) scheme in the standard model which was resilient to a coalition of attackers conspiring together to break the scheme. They argued that the scheme was desirable due to its proof in the standard model, which is still rare in existing literature. Also desirable was that the proposed scheme was designed without bilinear pairings, which costs greatly in terms of operation costs, thereby allowing the scheme to run more efficiently. However, the proof of security for the proposed scheme was only against impersonation under passive attacks, where the adversary is only allowed to eavesdrop on conversations between honest parties during the identification protocol. In this paper, we upgrade the security proof to prove that the scheme is also secure against impersonation under active and concurrent attacks, showing that the scheme is still secure even if the adversary is to interact with honest parties during the attack.
A k-Resilient Identity-Based Identification Scheme in the Standard Model
An identification scheme allows one party to prove himself or herself (the prover) to another party (the verifier) without revealing any information regarding his or her secret. The traditional public key cryptography setting utilizes certificates to bind a user with his public key, but certificate management has since become a problem on its own. An identity-based identification scheme does away with the certificate management problem by binding a user's public key to his or her identity string. In this paper, we present a k-resilient identity-based identification (IBI) scheme. We provide a reductionist proof of security approach to prove that our scheme is secure up to k-number of passive malicious attackers by assuming the discrete logarithm problem is intractable. Our proof of security is in the standard model -we do not assume that random oracles exist.
An Improved Efficient Provable Secure Identity-Based Identification Scheme in the Standard Model
In 2008, Chin et al. proposed an efficient and provable secure identity-based identification scheme in the standard model. However, we discovered a subtle flaw in the security proof which renders the proof of security useless. While no weakness has been found in the scheme itself, a scheme that is desired would be one with an accompanying proof of security. In this paper, we provide a fix to the scheme to overcome the problem without affecting the efficiency as well as a new proof of security. In particular, we show that only one extra pre-computable pairing operation should be added into the commitment phase of the identification protocol to fix the proof of security under the same hard problems.
An ID-based cryptographic mechanisms based on GDLP and IFP
Information Processing Letters, 2012
In 1984, Shamir introduced the concept of an identity-based cryptosystem. In this system, each user needs to visit a key authentication center (KAC) and identify himself before joining a communication network. Once a user is accepted, the KAC will provide him with a secret key. In this way, if a user wants to communicate with others, he only needs to know the identity of his communication partner and the public key of the KAC. There is no public file required in this system. However, Shamir did not succeed in constructing an identity-based cryptosystem, but only in constructing an identity-based signature scheme. In this paper, we propose an ID-based cryptosystem under the security assumptions of the generalized discrete logarithm problem and integer factorization problem. We consider the security against a conspiracy of some entities in the proposed system and show the possibility of establishing a more secure system.
Identity Based Encryption and Identity Based Signature Scheme : A Research on Security Schemes 1333
2019
1330 Published By: Blue Eyes Intelligence Engineering & Sciences Publication Retrieval Number: F12700486S419/19©BEIESP DOI: 10.35940/ijitee.F1270.0486S419 Abstract— In computer based system, key for the problem of identification, authentication and secrecy can be found in the field of cryptography. Dependence on public key infrastructure and to receive certificates signed by Certificate Authority (CA) to authenticate oneself for exchange of encrypted messages is one of the most significant limitation for the widespread adoption of Public Key Cryptography (PKC) as this process is time engrossing and error prone. Identity based cryptography (IBC) aspires to reduce the certificate and key management overhead of PKC. IBC’s important primordial is Identity-based Encryption (IBE). IBE provided emergent for perception of Identity based signature (IBS) schemes. In this paper, overview of IBE and IBS schemes has been given. Also, a survey on various IBE and IBS schemes has been performed to ...
Security Improvement of Two Dynamic ID-based Authentication Schemes by Sood-Sarje-Singh
Journal of Applied Research and Technology, 2013
In 2010, Sood-Sarje-Singh proposed two dynamic ID-based remote user authentication schemes. The first scheme is a security improvement of Liao et al.'s scheme and the second scheme is a security improvement of Wang et al.'s scheme. In both cases, the authors claimed that their schemes can resist many attacks. However, we find that both schemes have security flaws. In addition, their schemes require a verification table and time-synchronization, making the schemes unfeasible and unsecured for electronic services. In order to remedy the security flaws of Sood et al.'s schemes, we propose a robust scheme which resists the well-known attacks and achieves all the desirable security goals.
Improved identity-based identification using correcting codes
Computing Research Repository, 2009
In this paper, a new identity-based identification scheme based on error-correcting codes is proposed.
Secure Transaction System Using ID Based Cryptography
2013
Today more and more number of clients are using online transactions, and so online transaction systems are becoming more desirable targets for security attacks. To maintain the clients trust and confidence in the security of their online transaction application, financial firm must identify how attackers compromise accounts and develop methods to protect them. Towards this purpose, we present a modified model to authenticate clients for online transaction transactions through utilizing Identity-Based Cryptography techniques in conjunction with the one-time ID concept for the purpose of increasing security. Identity-based public key encryption facilitates easy introduction of public key cryptography which allows an entity's public key to be derived from an arbitrary id value, such as name or email address or birthdate. The main practical benefit of identity-based cryptography is in greatly reducing the need for, and reliance on, public key certificates. Although some interesting ...
Related topics
Related papers
On the security of a modified Beth identity-based identification scheme
In their seminal work for identity-based identification (IBI) schemes in 2004, Bellare et al. left open the question of whether the Beth identification scheme, and consequently the derived IBI scheme, can be proven secure against active and concurrent attackers. In 2008, Crescenzo answered the question in the positive by presenting a modified version of the Beth identification scheme as well as the corresponding derived IBI scheme. In this paper, we show that while the modified version of the Beth identification scheme proposed by Crescenzo is secure, an attack exists on the corresponding Beth-IBI scheme.
Cryptanalysis of two identiflcation schemes based on an ID-based cryptosystem
2005
Two identification schemes based on the Maurer-Yacobi ID-based cryptosystem are analysed and shown to suffer from serious security problems.
Cryptanalysis of two identification schemes based on an ID-based cryptosystem
IEE Proceedings - Communications, 2005
Two identification schemes based on the Maurer-Yacobi ID-based cryptosystem are analysed and shown to suffer from serious security problems.
Java Implementation for Identity-Based Identification
There are a lot of papers on cryptography implementation but mostly on encryption and signature schemes.
Hierarchical Identity-Based Identification Schemes
Hierarchical identity-based cryptography was introduced with the purpose of reducing the burden of a single Private Key Generator (PKG) and to limit damage to only domains whose lower-level PKGs are compromised. However, until now only security models and concrete schemes for hierarchical identity-based encryption and signature schemes are found in literature. In this paper, we propose the initial idea for hierarchical identity-based identification (HIBI) schemes. We provide the formal definition and security model for HIBI schemes and then proceed to propose a concrete HIBI scheme secure against passive attacks in the random oracle model under the Computational Diffie-Hellman assumption. We also prove the HIBI scheme secure against active and concurrent attacks in the random oracle model under the One-More Computational Diffie-Hellman assumption.
Security Proofs for Identity-Based Identification and Signature Schemes
Journal of Cryptology, 2009
This paper provides either security proofs or attacks for a large number of identity-based identification and signature schemes defined either explicitly or implicitly in existing literature. Underlying these is a framework that on the one hand helps explain how these schemes are derived, and on the other hand enables modular security analyses, thereby helping to understand, simplify and unify previous work. We also analyze a generic folklore construction that in particular yields identity-based identification and signature schemes without random oracles.
New constructions of fuzzy identity-based encryption
Proceedings of the 2nd ACM symposium on Information, computer and communications security - ASIACCS '07, 2007
In this paper we construct two new fuzzy identity-based encryption (IBE) schemes in the random oracle model. Not only do our schemes provide public parameters whose size is independent of the number of attributes in each identity (used as public key) but they also have useful structures which result in more efficient key extraction and/or encryption than the random oracle version of Sahai and Water's fuzzy IBE scheme, considered recently by Pirretti et al. We prove that the confidentiality of the proposed schemes is relative to the Bilinear Decisional Bilinear Diffie-Hellman problem.
Twin-Schnorr: A Security Upgrade for the Schnorr Identity-Based Identification Scheme
The Scientific World Journal, 2015
Most identity-based identification (IBI) schemes proposed in recent literature are built using pairing operations. This decreases efficiency due to the high operation costs of pairings. Furthermore, most of these IBI schemes are proven to be secure against impersonation under active and concurrent attacks using interactive assumptions such as the one-more RSA inversion assumption or the one-more discrete logarithm assumption, translating to weaker security guarantees due to the interactive nature of these assumptions. The Schnorr-IBI scheme was first proposed through the Kurosawa-Heng transformation from the Schnorr signature. It remains one of the fastest yet most secure IBI schemes under impersonation against passive attacks due to its pairing-free design. However, when required to be secure against impersonators under active and concurrent attacks, it deteriorates greatly in terms of efficiency due to the protocol having to be repeated multiple times. In this paper, we upgrade the Schnorr-IBI scheme to be secure against impersonation under active and concurrent attacks using only the classical discrete logarithm assumption. This translates to a higher degree of security guarantee with only some minor increments in operational costs. Furthermore, because the scheme operates without pairings, it still retains its efficiency and superiority when compared to other pairing-based IBI schemes.
An efficient user identification scheme based on ID-based cryptosystem
Computer Standards & Interfaces, 2004
Tseng-Jan modified a non-interactive public key distribution system and also proposed several applications based on the Maurer-Yacobi scheme. In their scheme, a user can prove his identity to another user without revealing his secret key. They use a challenge-response-type interactive protocol to achieve their objective. However, in wireless environment, waiting for a corresponding response from the other is time-wasting and consumes the battery of the mobile device. The ability of computing and the capacity of the battery of a mobile device are limited. Therefore, we propose an efficient scheme based on ID-based cryptosystem that is more suitable to be applied in the mobile environment.
On the realization of fuzzy identity‐based identification scheme using fingerprint biometrics
Security and Communication Networks, 2012
Fuzzy identity-based identification (FIBI) scheme is a recently proposed cryptographic identification protocol. The scheme utilizes user biometric trait as public keys. The authentication is deemed success in the presence of the genuine query biometric together with the valid private key. Because of the fuzziness nature of biometrics, FIBI does not correct the errors on the query biometric with respect to the public key; instead, it tolerates the errors using Lagrange polynomial interpolation. Therefore, FIBI requires the ...
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.