![Motivated by the practical needs in data sharing, we proposed a new notion called
forward secure ID-based ring signature. It allows an ID-based ring signature
scheme to have forward security. It is the first in the literature to have this feature
for ring signature in ID-based setting. Our scheme provides unconditional
anonymity and can be proven forward- secure unforgeable in the random oracle
model, assuming RSA problem is hard. Our scheme is very efficient and does not
require any pairing operations. The size of user secret key is just one integer, while
the key update process only requires an exponentiation. We believe our scheme
will be very useful in many other practical applications, especially to those require
user privacy and authentication, such as ad-hoc network, e-commerce activities
and smart grid. Our current scheme relies on the random oracle assumption to
prove its security. We consider a provably secure scheme with the same features in
the standard model as an open problem and our future research work
REFERENCES
[1] M. Abe, M. Ohkubo, and K. Suzuki, “1-out-of-n signatures from a variety of
keys,” in Proc. 8th Int. Conf. Theory Appl. Cryptol. Inform. Security: Adv.
Cryptol., 2002, vol. 2501, pp. 415–432.](https://image.slidesharecdn.com/cost-effectiveauthenticandanonymous-150511120133-lva1-app6891/85/Cost-Effective-Authentic-and-Anonymous-Data-Sharing-with-Forward-Security-9-320.jpg)
![[2] R. Anderson, “Two remarks on public-key cryptology,” Manuscript, Sep. 2000.
(Relevant material presented by the author in an invited lecture at the Fourth ACM
Conference on Computer and Communications Security, 1997.)
[3] G. Ateniese, J. Camenisch, M. Joye, and G. Tsudik, “A practical and provably
secure coalition-resistant group signature scheme,” in Proc. 20th Annu. Int.
Cryptol. Conf. Adv. Cryptol., 2000, vol. 1880, pp. 255–270.
[4] M. H. Au, J. K. Liu, T. H. Yuen, and D. S. Wong, “ID-based ring signature
scheme secure in the standard model,” in Proc. 1st Int. Workshop Security Adv.
Inform. Comput. Security, 2006, vol. 4266, pp. 1–16.
[5] A. K. Awasthi and S. Lal, “Id-based ring signature and proxy ring signature
schemes from bilinear pairings,” CoRR, vol. abs/cs/ 0504097, 2005.
[6] M. Bellare, D. Micciancio, and B. Warinschi, “Foundations of group
signatures: Formal definitions, simplified requirements and a construction based on
general assumptions,” in Proc. 22nd Int. Conf. Theory Appl. Cryptographic Techn.,
2003, vol. 2656, pp. 614–629.
[7] M. Bellare and S. Miner, “A forward-secure digital signature scheme,” in Proc.
19th Annu. Int. Cryptol. Conf., 1999, vol. 1666, pp. 431–448.
[8] J.-M. Bohli, N. Gruschka, M. Jensen, L. L. Iacono, and N. Marnau, Security
and privacy-enhancing multicloud architectures,” IEEE Trans. Dependable Sec.
Comput., vol. 10, no. 4, pp. 212–224, Jul. Aug. 2013.](https://image.slidesharecdn.com/cost-effectiveauthenticandanonymous-150511120133-lva1-app6891/85/Cost-Effective-Authentic-and-Anonymous-Data-Sharing-with-Forward-Security-10-320.jpg)
![[9] A. Boldyreva, “Efficient threshold signature, multisignature and blind signature
schemes based on the gap Diffie-Hellman group signature scheme,” in Proc. 6th
Int. Workshop Theory Practice PublicKey Cryptography: Public Key
Cryptography, 2003, vol. 567, pp. 31–46.
[10] D. Boneh, X. Boyen, and H. Shacham, “Short group signatures,” in
Proc.Annu.Int. Cryptol. Conf. Adv. Cryptol., 2004, vol. 3152, pp. 41–55.](https://image.slidesharecdn.com/cost-effectiveauthenticandanonymous-150511120133-lva1-app6891/85/Cost-Effective-Authentic-and-Anonymous-Data-Sharing-with-Forward-Security-11-320.jpg)
Cost-Effective Authentic and Anonymous Data Sharing with Forward Security
- 1. COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY Abstract—Data sharing has never been easier with the advances of cloud computing, and an accurate analysis on the shared data provides an array of benefits to both the society and individuals. Data sharing with a large number of participants must take into account several issues, including efficiency, data integrity and privacy of data owner. Ring signature is a promising candidate to construct an anonymous and authentic data sharing system. It allows a data owner to anonymously authenticate his data which can be put into the cloud for storage or analysis purpose. Yet the costly certificate verification in the traditional public key infrastructure (PKI) setting becomes a bottleneck for this solution to be scalable. Identity-based (ID-based) ring signature, which eliminates the process of certificate verification, can be used instead. In this paper, we further enhance the security of ID-based ring signature by providing forward security: If a secret key of any user has been compromised, all previous generated signatures that include this user still remain valid. This property is especially important to any large scale data sharing system, as it is impossible to ask all data owners to reauthenticate their data even if a secret key of one single user has been compromised. We provide a
- 2. concrete and efficient instantiation of our scheme, prove its security and provide an implementation to show its practicality. EXISTING SYSTEM: Data Authenticity. In the situation of smart grid, the statistic energy usage data would be misleading if it is forged by adversaries. While this issue alone can be solved using well established cryptographic tools (e.g., message authentication code or digital signatures), one may encounter additional difficulties when other issues are taken into account, such as anonymity and efficiency; _ Anonymity. Energy usage data contains vast information of consumers, from which one can extract the number of persons in the home, the types of electric utilities used in a specific time period, etc. Thus, it is critical to protect the anonymity of consumers in such applications, and any failures to do so may lead to the reluctance from the consumers to share data with others; and _ Efficiency. The number of users in a data sharing system could be HUGE (imagine a smart grid with a country size), and a practical system must reduce the computation and communication cost as much as possible. Otherwise it would lead to a waste of energy, which contradicts the goal of smart grid.
- 3. PROPOSED SYSTEM: We propose a new notion called forward secure ID-based ring signature, which is an essential tool for building cost-effective authentic and anonymous data sharing system: _ For the first time, we provide formal definitions on forward secure ID-based ring signatures; _ We present a concrete design of forward secure IDbased ring signature. No previous ID-based ring signature schemes in the literature have the property of forward security, and we are the first to provide this feature; _ We prove the security of the proposed scheme in the random oracle model, under the standard RSA assumption; and _ Our implementation is practical, in the following ways: 1) It is in ID-based setting. The elimination of the costly certificate verification process makes it scalable and especially suitable for big data analytic environment. 2) The size of a secret key is just one integer. 3) Key update process only requires an exponentiation. 4) We do not require any pairing in any stage.
- 4. Module 1 Authentication in cloud computing Module 2 Identity-Based Ring Signature The aforementioned three issues remind us a cryptographic primitive “identity- based ring signature”, an efficient solution on applications requiring data authenticity and anonymity. ID-Based Cryptosystem Identity-based (ID-based) cryptosystem, introduced by Shamir, eliminated the need for verifying the validity of public key certificates, the management of which is both time and cost consuming. In an ID-based cryptosystem, the public key of each user is easily computable from a string corresponding to this user’s publicly known identity (e.g., an email address, a residential address, etc.). A private key generator (PKG) then computes private keys from its master secret for users. This property avoids the need of certificates (which are necessary in traditional public-key infrastructure) and associates an implicit public key (user identity) to each user within the system. In order to verify an ID-based signature, different from the traditional public key based signature, one does not need to verify the certificate first. The elimination of the certificate
- 5. validation makes the whole verification process more efficient, which will lead to a significant save in communication and computation when a large number of users are involved (say, energy usage data sharing in smart-grid). Ring signature is a group-oriented signature with privacy protection on signature producer. A user can sign anonymously on behalf of a group on his own choice, while group members can be totally unaware of being conscripted in the group. Any verifier can be convinced that a message has been signed by one of the members in this group (also called the Rings), but the actual identity of the signer is hidden. Ring signatures could be used for whistle blowing, anonymous membership authentication for ad hoc groups and many other applications which do not want complicated group formation stage but require signer anonymity. There have been many different schemes proposed since the first appearance of ring signature in 1994 and the formal introduction in 2001. Module 3 Notions of Security The security of IDFSRS consists of two aspects: forward security and anonymity. Before giving their definition, we consider the following oracles which together model the ability of the adversaries in breaking the security of IDFSRS.
- 6. _ Extration Oracle (EO). On input an identity IDi and a time period t, the corresponding secret key ski;t 2 D for that time period is returned. _ Signing Oracle (SO). On input a time period t, a group size n, a set L of n user identities, a message m2M, a valid signature s is returned. Now we are ready to define the security of IDFSRS: 1) Forward Security. Forward security of IDFSRS scheme is defined in the following game between the simulator S and the adversary A in which A is given access to oracles EO and SO: a) S generates and gives A the system parameters param. b) A may query the oracles according to any adaptive strategy. c) A chooses a time t_, a group size n_ 2 N, a set L_ of n_ identities and a message m_ 2M. d) A may continue to query the oracles according to any adaptive strategy. e) A outputs a signature s_t _ Verifyðt_;L_;m_; s_t_Þ ¼ valid. _ None of the identities in L_ has been queried to EO with time t _ t_ as the time input parameter. (Unlimited query to EO with time t > t_ to be the time input parameter.)
- 7. _ ðt_;L_;m_Þ are not queried to SO. We denote Advfs A ð_Þ the probability of A winning the game. Module 4 Key Exposure in Big Data Sharing System The issue of key exposure is more severe in a ring signature scheme: if a ring member’s secret key is exposed, the adversary can produce valid ring signatures of any documents on behalf of that group. Even worse, the “group” can be defined by the adversary at will due to the spontaneity property of ring signature: The adversary only needs to include the compromised user in the “group” of his choice. As a result, the exposure of one user’s secret key renders all previously obtained ring signatures invalid (if that user is one of the ring members), since one cannot distinguish whether a ring signature is generated prior to the key exposure or by which user. Therefore, forward security is a necessary requirement that a big data sharing system must meet. Otherwise, it will lead to a huge waste of time and resource. While there are various designs of forward-secure digital signatures, adding forward security on ring signatures turns out to be difficult. As far as the
- 8. authors know, there are only two forward secure ring signature schemes. However, they are both in the traditional public key setting where signature verification involves expensive certificate check for every ring member. This is far below satisfactory if the size of the ring is huge, such as the users of a smart grid. To summarize, the design of ID-based ring signature with forward security, which is the fundamental tool for realizing cost-effective authentic and anonymous data sharing, is still an open problem. Module 5 Id-based forward secure Ring signature scheme This section is devoted to the description and analysis of our proposed ID-based forward secure ring signature scheme. The Design We assume that the identities and user secret keys are valid into T periods and makes the time intervals public. We also set the message spaceM ¼ f0; 1. CONCLUSION
- 9. Motivated by the practical needs in data sharing, we proposed a new notion called forward secure ID-based ring signature. It allows an ID-based ring signature scheme to have forward security. It is the first in the literature to have this feature for ring signature in ID-based setting. Our scheme provides unconditional anonymity and can be proven forward- secure unforgeable in the random oracle model, assuming RSA problem is hard. Our scheme is very efficient and does not require any pairing operations. The size of user secret key is just one integer, while the key update process only requires an exponentiation. We believe our scheme will be very useful in many other practical applications, especially to those require user privacy and authentication, such as ad-hoc network, e-commerce activities and smart grid. Our current scheme relies on the random oracle assumption to prove its security. We consider a provably secure scheme with the same features in the standard model as an open problem and our future research work REFERENCES [1] M. Abe, M. Ohkubo, and K. Suzuki, “1-out-of-n signatures from a variety of keys,” in Proc. 8th Int. Conf. Theory Appl. Cryptol. Inform. Security: Adv. Cryptol., 2002, vol. 2501, pp. 415–432.
- 10. [2] R. Anderson, “Two remarks on public-key cryptology,” Manuscript, Sep. 2000. (Relevant material presented by the author in an invited lecture at the Fourth ACM Conference on Computer and Communications Security, 1997.) [3] G. Ateniese, J. Camenisch, M. Joye, and G. Tsudik, “A practical and provably secure coalition-resistant group signature scheme,” in Proc. 20th Annu. Int. Cryptol. Conf. Adv. Cryptol., 2000, vol. 1880, pp. 255–270. [4] M. H. Au, J. K. Liu, T. H. Yuen, and D. S. Wong, “ID-based ring signature scheme secure in the standard model,” in Proc. 1st Int. Workshop Security Adv. Inform. Comput. Security, 2006, vol. 4266, pp. 1–16. [5] A. K. Awasthi and S. Lal, “Id-based ring signature and proxy ring signature schemes from bilinear pairings,” CoRR, vol. abs/cs/ 0504097, 2005. [6] M. Bellare, D. Micciancio, and B. Warinschi, “Foundations of group signatures: Formal definitions, simplified requirements and a construction based on general assumptions,” in Proc. 22nd Int. Conf. Theory Appl. Cryptographic Techn., 2003, vol. 2656, pp. 614–629. [7] M. Bellare and S. Miner, “A forward-secure digital signature scheme,” in Proc. 19th Annu. Int. Cryptol. Conf., 1999, vol. 1666, pp. 431–448. [8] J.-M. Bohli, N. Gruschka, M. Jensen, L. L. Iacono, and N. Marnau, Security and privacy-enhancing multicloud architectures,” IEEE Trans. Dependable Sec. Comput., vol. 10, no. 4, pp. 212–224, Jul. Aug. 2013.
- 11. [9] A. Boldyreva, “Efficient threshold signature, multisignature and blind signature schemes based on the gap Diffie-Hellman group signature scheme,” in Proc. 6th Int. Workshop Theory Practice PublicKey Cryptography: Public Key Cryptography, 2003, vol. 567, pp. 31–46. [10] D. Boneh, X. Boyen, and H. Shacham, “Short group signatures,” in Proc.Annu.Int. Cryptol. Conf. Adv. Cryptol., 2004, vol. 3152, pp. 41–55.