Malicious KGC attacks in certificateless cryptography

Man Ho Au, Yi Mu, Jing Chen, Duncan S. Wong, Joseph K. Liu, Guomin Yang

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

169 Citations (Scopus)

Abstract

Identity-based cryptosystems have an inherent key escrow issue, that is, the Key Generation Center (KGC) always knows user secret key. If the KGC is malicious, it can always impersonate the user. Certificateless cryptography, introduced by Al-Riyami and Paterson in 2003, is intended to solve this problem. However, in all the previously proposed certificateless schemes, it is always assumed that the malicious KGC starts launching attacks (so-called Type II attacks) only after it has generated a master public/secret key pair honestly. In this paper, we propose new security models that remove this assumption for both certificateless signature and encryption schemes. Under the new models, we show that a class of certificateless encryption and signature schemes proposed previously are insecure. These schemes still suffer from the key escrow problem. On the other side, we also give new proofs to show that there are two generic constructions, one for certificateless signature and the other for certificateless encryption, proposed recently that are secure under our new models.

Original languageEnglish
Title of host publicationProceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07
Place of PublicationNew York NY USA
PublisherAssociation for Computing Machinery (ACM)
Pages302-311
Number of pages10
ISBN (Print)1595935746, 9781595935748
DOIs
Publication statusPublished - 2007
Externally publishedYes
EventACM Symposium on Information, Computer and Communications Security, ASIACCS '07 - Singapore, Singapore
Duration: 20 Mar 200722 Mar 2007
Conference number: 2nd

Conference

ConferenceACM Symposium on Information, Computer and Communications Security, ASIACCS '07
Abbreviated titleASIACCS '07
CountrySingapore
CitySingapore
Period20/03/0722/03/07

Cite this

Au, M. H., Mu, Y., Chen, J., Wong, D. S., Liu, J. K., & Yang, G. (2007). Malicious KGC attacks in certificateless cryptography. In Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07 (pp. 302-311). New York NY USA: Association for Computing Machinery (ACM). https://doi.org/10.1145/1229285.1266997
Au, Man Ho ; Mu, Yi ; Chen, Jing ; Wong, Duncan S. ; Liu, Joseph K. ; Yang, Guomin. / Malicious KGC attacks in certificateless cryptography. Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07. New York NY USA : Association for Computing Machinery (ACM), 2007. pp. 302-311
@inproceedings{f8def0e7db9c4fc4a2b6d1d9fea22d47,
title = "Malicious KGC attacks in certificateless cryptography",
abstract = "Identity-based cryptosystems have an inherent key escrow issue, that is, the Key Generation Center (KGC) always knows user secret key. If the KGC is malicious, it can always impersonate the user. Certificateless cryptography, introduced by Al-Riyami and Paterson in 2003, is intended to solve this problem. However, in all the previously proposed certificateless schemes, it is always assumed that the malicious KGC starts launching attacks (so-called Type II attacks) only after it has generated a master public/secret key pair honestly. In this paper, we propose new security models that remove this assumption for both certificateless signature and encryption schemes. Under the new models, we show that a class of certificateless encryption and signature schemes proposed previously are insecure. These schemes still suffer from the key escrow problem. On the other side, we also give new proofs to show that there are two generic constructions, one for certificateless signature and the other for certificateless encryption, proposed recently that are secure under our new models.",
author = "Au, {Man Ho} and Yi Mu and Jing Chen and Wong, {Duncan S.} and Liu, {Joseph K.} and Guomin Yang",
year = "2007",
doi = "10.1145/1229285.1266997",
language = "English",
isbn = "1595935746",
pages = "302--311",
booktitle = "Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07",
publisher = "Association for Computing Machinery (ACM)",
address = "United States of America",

}

Au, MH, Mu, Y, Chen, J, Wong, DS, Liu, JK & Yang, G 2007, Malicious KGC attacks in certificateless cryptography. in Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07. Association for Computing Machinery (ACM), New York NY USA, pp. 302-311, ACM Symposium on Information, Computer and Communications Security, ASIACCS '07, Singapore, Singapore, 20/03/07. https://doi.org/10.1145/1229285.1266997

Malicious KGC attacks in certificateless cryptography. / Au, Man Ho; Mu, Yi; Chen, Jing; Wong, Duncan S.; Liu, Joseph K.; Yang, Guomin.

Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07. New York NY USA : Association for Computing Machinery (ACM), 2007. p. 302-311.

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

TY - GEN

T1 - Malicious KGC attacks in certificateless cryptography

AU - Au, Man Ho

AU - Mu, Yi

AU - Chen, Jing

AU - Wong, Duncan S.

AU - Liu, Joseph K.

AU - Yang, Guomin

PY - 2007

Y1 - 2007

N2 - Identity-based cryptosystems have an inherent key escrow issue, that is, the Key Generation Center (KGC) always knows user secret key. If the KGC is malicious, it can always impersonate the user. Certificateless cryptography, introduced by Al-Riyami and Paterson in 2003, is intended to solve this problem. However, in all the previously proposed certificateless schemes, it is always assumed that the malicious KGC starts launching attacks (so-called Type II attacks) only after it has generated a master public/secret key pair honestly. In this paper, we propose new security models that remove this assumption for both certificateless signature and encryption schemes. Under the new models, we show that a class of certificateless encryption and signature schemes proposed previously are insecure. These schemes still suffer from the key escrow problem. On the other side, we also give new proofs to show that there are two generic constructions, one for certificateless signature and the other for certificateless encryption, proposed recently that are secure under our new models.

AB - Identity-based cryptosystems have an inherent key escrow issue, that is, the Key Generation Center (KGC) always knows user secret key. If the KGC is malicious, it can always impersonate the user. Certificateless cryptography, introduced by Al-Riyami and Paterson in 2003, is intended to solve this problem. However, in all the previously proposed certificateless schemes, it is always assumed that the malicious KGC starts launching attacks (so-called Type II attacks) only after it has generated a master public/secret key pair honestly. In this paper, we propose new security models that remove this assumption for both certificateless signature and encryption schemes. Under the new models, we show that a class of certificateless encryption and signature schemes proposed previously are insecure. These schemes still suffer from the key escrow problem. On the other side, we also give new proofs to show that there are two generic constructions, one for certificateless signature and the other for certificateless encryption, proposed recently that are secure under our new models.

UR - http://www.scopus.com/inward/record.url?scp=84876300178&partnerID=8YFLogxK

U2 - 10.1145/1229285.1266997

DO - 10.1145/1229285.1266997

M3 - Conference Paper

SN - 1595935746

SN - 9781595935748

SP - 302

EP - 311

BT - Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07

PB - Association for Computing Machinery (ACM)

CY - New York NY USA

ER -

Au MH, Mu Y, Chen J, Wong DS, Liu JK, Yang G. Malicious KGC attacks in certificateless cryptography. In Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07. New York NY USA: Association for Computing Machinery (ACM). 2007. p. 302-311 https://doi.org/10.1145/1229285.1266997