Anling Zhang’s research while affiliated with Shanxi University and other places

In recent years, terminal-edge-cloud frame-work is very popular since it combines the storage ability of cloud servers with the advantages of timely response of edge nodes. How to realize the secure and fast data transmission from the terminal device to the edge node under the premise of weak computational ability and limited storage space for terminal devices, how to ensure that the original data can be securely obtained by authorized users, and how to efficiently audit the integrity of data in the cloud storage are still challenging issues. Although Zhang et al. designed a data sharing scheme, which is based on blockchain and hybrid encryption model, and simultaneously considers these issues, the security and performance of this scheme can be greatly improved. The reason lies in that the storage of symmetric key on blockchain will result in its potential leakage once one entity among the Chain becomes dishonest. Therefore, this article proposes a new data sharing protocol. In our protocol, lightweight symmetric encryption is first used to securely transmit data between terminal devices and edge nodes. Secondly, the edge node uses CPABE technology to encrypt the original data collected by the terminal device. Only authorized users who meet the access policy can correctly recover the data, thus ensuring the fine-grained access control. In addition, in the integrity audit process of stored data, authentication based on homomorphic signatures is adopted to achieve efficient auditing based on third-party auditors. Finally, simulation of the entire data sharing system reveals that our proposed protocol is relatively efficient and competitive in future IoT applications.

The interconnecting of the biomedical sensors (in healthcare system) with cloud for the internet-of-medical-things (IoMT) technology has great potential to ameliorate people's living conditions. The privacy-preserving of personal health information (PHI) and the mutual authentication between the sensors and other entities are two main factors that affect the further applications of cloud-centric IoMT technology. In the recent work [ IEEE IoT Journal, vol. 7(10), 10650-10659, 2020 ], Kumar and Chand applied identity-based aggregate signcryption scheme to the smart healthcare system (KC-system, for short), which provides privacy-preserving of PHI and the mutual authentication function, simultaneously. However, in this paper, we carefully analyze the security of KCsystem and find out that the critical authentication keys of entities can be easily recovered from their communication contents. In other words, the mutual authentication function of KC-system can be easily broken. Moreover, the recovering of the keys will lead to the tedious processes, including obtaining partial private key (from network manager) and requesting for key-protection (from key-protection servers), become completely useless. Finally, we remark that it seems to be hard to remedy the current KC-system so that it is immune to our attack.

Related-key attack (RKA) is a kind of side-channel attack considered for kinds of cryptographic primitives, such as public key encryption, digital signature, pseudorandom functions etc. However, we note that the RKA-security seems to be not considered for identity-based signature (IBS), which is an important primitive for identity-based cryptography and proposed by Shamir in 1984. In this paper, for the first time, we introduce the RKA security into IBS schemes and try to define the security model for it. More specifically, we consider the RKA occurs in the users’ signing key or the master key of the key-generation center (KGC), which derives two kinds of RKA securities for IBS. Meanwhile, we illustrate that the most efficient Schnorr-like IBS scheme proposed by Galindo and Garcia is RKA-insecure by launching a simple RKA. However, a slight modification of it yields a RKA-secure IBS scheme, for which we give the detailed security proof in the random oracle. Finally, the performance analysis shows that the modified scheme is still extremely efficient but has higher security.

Recently, Esfahani, Mantas, and Rodriguez proposed a homomorphic message authentication code (MAC) scheme for the random linear network coding (RLNC) to resist tag pollution attacks (TPAs), and also presented the security analysis in 6. As Esfahani et al. said, their scheme is based on the null space properties of 9 and the main contribution lies in adding the process of swapping when generating the tags for data packets. However, in this paper, we first point out that Esfahani et al.’s swapping technique is not essential for the TPA security, because the underlying non-swapping homomorphic MAC scheme has been secure against TPA and the process of swapping only improves the TPA security with a non-negligible factor. More importantly, we find that the security proof of Esfahani et al. is incorrect and misguided. In particular, according to Esfahani et al. suggestion, one should enlarge the number of neighbor nodes to reduce the probability of TPA. However, this study suggests contrary proof in Esfahani et al.’s work by presenting the precise proof for the proposed homomorphic MAC scheme.

Recently, Lin et al. proposed a new primitive: Identity-based (IB) homomorphic signature scheme, IEEE Access, 6(2018), pp. 20632-20639, and presented an ingenious implement by using any IB-signature scheme as building block. In this paper, we consider a new type attack on their scheme: Related-key attack (RKA), which is introduced by Bellare and Kohno in 2003, and widely considered for kinds of cryptographic primitives. Specifically, for the first time, we define the RKA security of IB-homomorphic signature scheme. By modifying the signing secret key as its linear form, we prove that Lin et al.’s IB-homomorphic signature scheme is not RKA secure. But a slight modification of it yields a RKA secure one under the original assumptions. We also present the security proof in detail. However, we remark that the reason why RKA on Lin et al.’s scheme can be successful lies in that RKA is outside of their security model. Finally, the numerical analysis and experimental results demonstrate that our modified scheme does not distinctly decrease the computational efficiency of Lin et al.’s scheme.

In this letter, we prove that the Kurosawa-Desmedt (KD) scheme [10], which belongs to the hybrid framework, is KDM-CCA secure w.r.t. an ensemble proposed by Qin et al. in [12] under the decisional Diffie-Hellman assumption. Since our proof does not rely on the random oracle model, we partially answer the question presented by Davies and Stam in [7], where they hope to achieve the KDM-CCA security for hybrid encryption scheme in the standard model (i.e. not random oracle model). Moreover, our result may also make sense in practice since KD-scheme is (almost) the most efficient CCA secure scheme.