Privacy Enhanced Attribute based eSign
Computer Science & Information Technology (CS & IT) Computer Science Conference Proceedings (CSCP)
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
In recent years, Government of India has introduced many Aadhaar based online services. Although these initiatives helped India compete in digital revolution across world and were acclaimed by many, they have also raised some concerns about security especially the privacy aspects. One of the initiative in this direction is eSign which provides an online electronic signature service to its subscribers. Although most of the security aspects are addressed by eSign, some of the privacy aspects are yet to be addressed. This paper presents a scheme to implement privacy enhanced eSign using Attribute based Signatures (ABS). For the practical and efficient realization of the scheme, a token based approach is proposed.
Related papers
Using Privacy Enhancing and Fine-Grained Access Controlled eKYC to implement Privacy Aware eSign
eSign is an online electronic signature service which is recently gaining more prominence in India. eSign is based on two online services from UIDAI, viz. a viz., Aadhaar based authentication and retrieval of resident's eKYC information after taking his/her consent. With increased adoption of Aadhaar based services, privacy of user data has become more and more important. Present method of taking boolean consent from resident through non-UIDAI entity may not be acceptable for two main reasons, first is that the consent does not include in itself a proof from resident that the consent is indeed taken from him/her and second is that the resident may wish to have better privacy and fine grained access control rules to access his/her eKYC data. Bakshi et.el have introduced a mechanism to improve amortized performance of eSign using a digital access token. In this work, the digital access token is enhanced to include Privacy Enhancing and Fine-Grained Access Control (PEaFGAC) Statements for facilitating Privacy Aware eSign. These tokens can be used by other entities to access eKYC data of the resident with better access controls enforced by the resident. This paper briefly describes the present model of eSign, the earlier proposed model of eSign followed by the proposed model of Privacy Aware eSign. The proposed model of Privacy Aware eSign is also analyzed using BAN logic assuming Dolev-Yao security environment.
A Security of Attribute based Signature Scheme
European Journal of Scientific Research
In the attribute typed signature scheme the user can sign a document with any predicate that is satisfied by his attributes issued from the attribute agency. Based on this assumption, the signature shows not to an identity of a user signed the document, other than the demand concerning the attributes underlying signer possesses. In attribute based signature, participants cannot forge signature with attributes they are not have even by conspiring. Alternatively, an authorized signer stays anonymous without a concern of revocation and is identical between the participants whose attributes convincing a predicate specified in a signature. Attribute based signature is functional in various uses for example, in anonymous authentication and attribute typed message schemes. In this paper, we describe the characteristics of security of certain attribute typed signature scheme. Also, we illustrate multiple attacks in a presented threshold attribute typed signature scheme. We show that a schem...
Attribute-Based Signatures for Supporting Anonymous Certification
Computer Security – ESORICS 2016, 2016
This paper presents an anonymous certification (AC) scheme, built over an attribute based signature (ABS). After identifying properties and core building blocks of anonymous certification schemes, we identify ABS limitations to fulfill AC properties, and we propose a new system model along with a concrete mathematical construction based on standard assumptions and the random oracle model. Our solution has several advantages. First, it provides a data minimization cryptographic scheme, permitting the user to reveal only required information to any service provider. Second, it ensures unlinkability between the different authentication sessions, while preserving the anonymity of the user. Third, the derivation of certified attributes by the issuing authority relies on a non interactive protocol which provides an interesting communication overhead.
A New Approach for Electronic Signature
Proceedings of the 2nd International Conference on Information Systems Security and Privacy, 2016
There are many application contexts in which guaranteeing authenticity and integrity of documents is essential. In these cases, the typical solution relies on digital signature, which is based on the use of a PKI infrastructure and suitable devices (smart card or token USB). For several reasons, including certificate and device cost, many countries, such as the United States, the European Union, India, Brazil and Australia, have introduced the possibility to use simple generic electronic signature, which is less secure but reduces the drawbacks of digital signature.In this paper, we propose a new type of electronic signature that is based on the use of social networks. We formalize the proposal in a generic scenario and then, show a possible implementation on Twitter. Our proposal is proved to be secure, cheap and simple to adopt.
Enhanced Security of Attribute-Based Signatures
Cryptology and Network Security, 2018
Despite the recent advances in attribute-based signatures (ABS), no schemes have yet been considered under a strong privacy definition. We enhance the security of ABS by presenting a strengthened simulation-based privacy definition and the first attribute-based signature functionality in the framework of universal composability (UC). Additionally, we show that the UC definition is equivalent to our strengthened experiment-based security definitions. To achieve this we rely on a general unforgeability and a simulation-based privacy definition that is stronger than standard indistinguishability-based privacy. Further, we show that two extant concrete ABS constructions satisfy this simulation-based privacy definition and are therefore UC secure. The two concrete constructions are the schemes by Sakai et al. (PKC'16) and by Maji et al. (CT-RSA'11). Additionally, we identify the common feature that allows these schemes to meet our privacy definition, giving us further insights into the security requirements of ABS.
A Seminar Report On DIGITAL SIGNATURE ALGORITHM Submitted By Under the guidance of
People have traditionally used signatures as a means of informing others that the signature has read and understood a document. Digital signature in a document is bound to that document in such a way that altering the signed document or moving the signature to a different document invalidates the signature. This security eliminates the need for paper copies of documents and can speed the processes involving documents that require signatures. Digital Signatures are messages that identify and authenticate a particular person as the source of the electronic message, and indicate such persons approval of the information contained in the electronic message. Emerging applications like electronic commerce and secure communications over open networks have made clear the fundamental role of public key cryptosystem as unique security solutions. On the other hand, these solutions clearly expose the fact, that the protection of private keys is a security bottleneck in these sensitive applications. This problem is further worsened in the cases where a single and unchanged private key must be kept secret for very long time (such is the case of certification authority keys, and e-cash keys). They help users to achieve basic security building blocks such as identification, authentication, and integrity.
PIMA: A Privacy-preserving Identity management system based on an unlinkable MAlleable signature
Journal of Network and Computer Applications, 2022
This paper presents a privacy-preserving identity management system, referred to as Pima. The proposed system is built over a novel unlinkable malleable signature scheme, called UMS. Pima supports pseudonymity, as it is more in line with today's web service interactions than anonymity. The originality of the approach is manifold. First, Pima satisfies both users' and providers' basic security and privacy needs as it provides a user centric approach which permits the users to keep control over their revealed attributes, and the service providers to get attributes certified by an identity provider and associated with different pseudonymous sessions. Second, Pima helps service providers to comply with the data minimization principle required by the E.U. General Data Protection Regulation, through the enforcement of both sanitizable and redactable features. Third, the proposed signature scheme UMS fulfills main security and strong privacy requirements at a constant pairing computation overhead. Fourth, Pima's concrete construction is proven as secure under the generic group model. Fifth, the implementation results demonstrate high efficiency w.r.t. most closely related work, while considering resource-constrained devices, i.e., Android-10 smartphone.
Hidden identity-based signatures
IET Information Security, 2009
This paper introduces Hidden Identity-based Signatures (Hidden-IBS), a type of digital signatures that provide mediated signer-anonymity on top of Shamir's Identity-based signatures. The motivation of our new signature primitive is to resolve an important issue with the kind of anonymity offered by "group signatures" where it is required that either the group membership list is public or that the opening authority is dependent on the group manager for its operation. Contrary to this, Hidden-IBS do not require the maintenance of a group membership list and they enable an opening authority that is totally independent of the group manager. As we argue this makes Hidden-IBS much more attractive than group signatures for a number of applications. In this paper, we provide a formal model of Hidden-IBS as well as two efficient constructions that realize the new primitive. Our elliptic curve construction that is based on the SDH/DLDH assumptions produces signatures that are merely half a Kbyte long and can be implemented very efficiently.
An Introduction to Digital Signature Schemes
An Introduction to Digital Signature Schemes, 2010
Today, all types of digital signature schemes emphasis on secure and best verification methods. Different digital signature schemes are used in order for the websites, security organizations, banks and so on to verify user’s validity. Digital signature schemes are categorized to several types such as proxy, on-time, batch and so on. In this paper, different types of schemes are compared based on security level, efficiency, difficulty of algorithm and so on. Results show that best scheme depends on security, complexity and other important parameters. We tried simply to define the schemes and review them in practice.
A Review Of Ring Signature Schemes For Authentic And Anonymous Data Sharing
Data sharing becoming more and more challenging today there are number of environment like data authenticity, anonymity, availability, access control and efficiency. The concept of ring signature seems promising for data sharing system. A ring signature is a simplified group signature without any manager. It protects the anonymity of the signature producer. In this paper we review the state of the art of ring signature schemes in the literature and investigated their relationship with other existing schemes to improve ring signature like blind signature, threshold signature, identity-based (ID-based) ring signature and other to improve the security.
Related topics
Related papers
A New Approach to Keep the Privacy Information of the Signer in a Digital Signature Scheme
Information
In modern applications, such as Electronic Voting, e-Health, e-Cash, there is a need that the validity of a signature should be verified by only one responsible person. This is opposite to the traditional digital signature scheme where anybody can verify a signature. There have been several solutions for this problem, the first one is we combine a signature scheme with an encryption scheme; the second one is to use the group signature; and the last one is to use the strong designated verifier signature scheme with the undeniable property. In this paper, we extend the traditional digital signature scheme to propose a new solution for the aforementioned problem. Our extension is in the sense that only a designated verifier (responsible person) can verify a signer’s signature, and if necessary (in case the signer refuses to admit his/her signature) the designated verifier without revealing his/her secret key is able to prove to anybody that the signer has actually generated the signatu...
Attribute-Based Signatures with User-Controlled Linkability
Lecture Notes in Computer Science, 2014
In this paper, we introduce Attribute-Based Signatures with User-Controlled Linkability (ABS-UCL). Attribute-based signatures allow a signer who has enough credentials/attributes to anonymously sign a message w.r.t. some public policy revealing neither the attributes used nor his identity. User-controlled linkability is a new feature which allows a user to make some of his signatures directed at the same recipient linkable while still retaining anonymity. Such a feature is useful for many reallife applications. We give a general framework for constructing ABS-UCL and present an efficient instantiation of the construction that supports multiple attribute authorities.
Threshold attribute-based signatures and their application to anonymous credential systems
Progress in Cryptology–AFRICACRYPT …, 2009
Abstarct. Inspired by the recent developments in attribute-based encryption, in this paper we propose threshold attribute-based signatures (t-ABS). In a t-ABS, signers are associated with a set of attributes and verification of a signed document against a verification attribute set succeeds if the signer has a threshold number of (at least t) attributes in common with the verification attribute set. A t-ABS scheme enables a signature holder to prove possession of signatures by revealing only the relevant (to the verification attribute set) attributes of the signer, hence providing signer-attribute privacy for the signature holder. We define t-ABS schemes, formalize their security and propose two t-ABS schemes: a basic scheme that is selectively unforgeable and a second one that is existentially unforgeable, both provable in the standard model, assuming hardness of the computational Diffie-Hellman problem. We show that our basic t-ABS scheme can be augmented with two extra protocols that are used for efficiently issuing and verifying t-ABS signatures on committed values. We call the augmented scheme a threshold attribute based c-signature scheme (t-ABCS). We show how a t-ABCS scheme can be used to realize a secure threshold attribute-based anonymous credential system (t-ABACS) providing signer-attribute privacy. We propose a security model for t-ABACS and give a concrete scheme using t-ABCS scheme. Using the simulation paradigm, we prove that the credential system is secure if the t-ABCS scheme is secure.
ENHANCED IDENTITY-BASED SIGNCRYPTION SYSTEM
Transstellar, 2019
A combination of encryption and signature is a cryptosystem called traditional signcryption, wherein sender authentication is considered a key task to be verified by third party or judge. Without the knowledge of the sender, the judge can authenticate the message using the receiver decryption parameters and the process is called the signcryption scheme. The paper's objective is to analyse the security and confidentiality of message and then to integrate authentication, enforceability, forward secrecy, public verifiable along with packet mechanisms. In this study, using the SSL mechanism the information to be sent is split into various parts and are all parts collected at the receiver end. This mechanism proved to be resource efficient, producing high precise results compared to the previous one.
New Concept of Security E-document with Hybrid Methode : Biometric Signature and DSA (Digital Signature Algorithm)
2011
Exchange of electronic documents (e-documents) or documents in an e-mail on the internet has been widely used as a commercial transaction. To ensure e-document is still intact / authentic to the party verifier in transit on the network insecure one of them by giving digital signatures on edocuments. The purpose of this research is to create a new concept in the security of e-documents with a hybrid method: Biometric signatures and DSA (Digital Signature Algorithm) as one solution to the problem of key management and meet the needs non-singular signer. The input as key generator is the offline signature of one or more users for produce one or more digital signatures to a single e-document. Furthermore, edocuments, digital signatures and public key is transmitted over the internet via e-mail on verifier. Then the verifier to verify whether the results are valid or invalid.
A First Approach to Provide Anonymity in Attribute Certificates
Lecture Notes in Computer Science, 2004
This paper focus on two security services for internet applications: authorization and anonymity. Traditional authorization solutions are not very helpful for many of the Internet applications; however, attribute certificates proposed by ITU-T seems to be well suited and provide adequate solution. On the other hand, special attention is paid to the fact that many of the operations and transactions that are part of Internet applications can be easily recorded and collected. Consequently, anonymity has become a desirable feature to be added in many cases. In this work we propose a solution to enhance the X.509 attribute certificate in such a way that it becomes a conditionally anonymous attribute certificate. Moreover, we present a protocol to obtain such certificates in a way that respects users' anonymity by using a fair blind signature scheme. We also show how to use such certificates and describe a few cases where problems could arise, identifying some open problems.
e-Sign - An Online Digital Service: Evolving Trends use Cases
International Journal of Engineering Research and, 2020
Digital Signatures based on asymmetric crypto systems have been recognized as legally acceptable form of signing under the Information Technology Act, 2000. An electronic document signed using digital signature has the same acceptance as a handwritten signature. Cryptographic tokens are a widely used method for issuing Digital Signatures. However, issuance of a token requires various modes of verification based on identity and address proofs and the scheme is not scalable to billion people. For mass adoption of Digital Signature Certificate (DSC), a simple online service is desirable that allows one to have the ability to sign a document with ease. With that in consideration, an online scheme that uses the Electronic Know Your Customer (e-KYC) mechanisms from Aadhaar and provides the trust on documents in the form of digital signatures, eSign, is enabled by the Government of India since 2015. Various benefits that eSign provides include convenience and ease of operations to the signer, streamlined processes and reduction in the costs of operations largely associated with handling and storage of paper. Since the inception, eSign technology has been adopted by various sectors including e-Governance and Finance. Many more sectors are seen as potential use case for the technology.
A survey on digital signatures and its applications
The success rate of various electronic mechanisms such as E-Governance, E-Learning, E-Shopping, E-Voting, etc. is absolutely dependent on the security, authenticity and the integrity of the information that is being transmitted between the users of sending end and the users of receiving end. To attain all these parameters, these sensitive information must be digitally signed by its original sender which should be verified categorically by its intended receiver. Since digital signature schemes are basically various complex cryptographic algorithms which are embedded with the plain text message, the performance level of these E-services vary based on certain attributes like key size, block size, computational complexities, security parameters, application specific customizations, etc. In this paper the authors have made a thorough study of the industry standard digital signature schemes to obtain optimum security level for the electronic mechanisms and explored its probable applications in various domains.
Modern Credential Access Control Approach Based On Pseudonymous Signature
IJCSNS, 2007
Summary This paper proposes a modern credential access control approach which allows the organizations to provide their resources/services on the internet and grant access rights to users by employing Cryptographic Pseudonymous Signature. The concepts of Modern ...
Attribute-Based Signature with Policy-and-Endorsement Mechanism
Journal of Computer Science and Technology, 2010
In this paper a new signature scheme, called Policy-Endorsing Attribute-Based Signature, is developed to correspond with the existing Ciphertext-Policy Attribute-Based Encryption. This signature provides a policy-and-endorsement mechanism. In this mechanism a single user, whose attributes satisfy the predicate, endorses the message. This signature allows the signer to announce his endorsement using an access policy without having to reveal the identity of the signer. The security of this signature, selfless anonymity and existential unforgeability, is based on the Strong Diffie-Hellman assumption and the Decision Linear assumption in bilinear map groups.
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.