Abstract
Many certificateless cryptosystems have been proposed for cloud security applications. These applications have to face the inherent issues of dealing with low authority trust levels, especially when the cloud server takes charge of doing the role of the key generation center (KGC), that is the authority to trust. This paper focuses on popular authority trust problems in certificateless signatures and proposes a public cloud auditing scheme with high trust level. In current cloud security applications based on certificateless cryptography, the level of trust can at most detect and prove that the authority is guilty but can never punish it for its malicious behavior; precisely, in those settings where malicious servers have to be punished, an external arbitrator becomes necessary. We develop a novel notion of enhanced authority trust level, that we call 3+, where even if KGCs can impersonate any entity, still there is no way to avoid an immediate penalty for its malicious behavior. First, we construct a certificateless signature scheme with authority trust level 3+, then we prove its security in the random oracle model, illustrating some benefits in applications made for clouds. In particular, we propose a certificateless homomorphic authenticable signature scheme and a cloud public auditing scheme. Our proposed trust level 3+ sensibly boosts the trustworthiness and acceptability of such cloud computation environments by its ordinary customers.
Similar content being viewed by others
References
Al-Riyami SS, Paterson KG (2003) Certificateless public key cryptography. Advances in cryptology—ASIACRYPT 2003. LNCS 2894. Springer, Berlin, pp 452–473
Au MH, Chen J, Liu JK, Mu Y, Wong DS, Yang G (2007) Malicious kgc attack in certificateless cryptography. In: Proceedings of the 2nd ACM symposium on information. ACM, computer and communications security, pp 302–311
Chen YC, Tso R, Horng G, Fan CI, Hsu RH (2015) Strongly secure certificateless signature: cryptanalysis and improvement of two schemes. J Inf Sci Eng 31(1):297–314
Dan B, Franklin M (2003) Identity-based encryption from the weil pairing. Siam J Comput 32(3):213–229
Dent A, Libert B, Paterson KG (2008) Certificateless encryption schemes strongly secure in the standard model. Public key cryptography—PKC 2008. LNCS 4939. Springer, Berlin
Dent AW (2008) A survey of certificateless encryption schemes and security models. Int J Inf Secur 7(5):349–377
Gao W, Wang G, Wang X, Chen K (2015) Generic construction of certificate-based encryption from certificateless encryption revisited. Comput J 58(10):2747–2757
Girault M (1991) Self-certified public keys. Advances in cryptology—EUROCRYPT’ 91. LNCS 547. Springer, Berlin, pp 490–497
He D, Zeadally S, Wu L (2015) Certificateless public auditing scheme for cloud-assisted wireless body area networks. IEEE Syst J. doi:10.1109/JSYST.2015.2428620
Hu BC, Wong DS, Zhang Z, Deng X (2007) Certificateless signature: a new security model and an improved generic construction. Des Codes Cryptogr 42(2):109–126
Huang X, Mu Y, Susilo W, Wong DS, Wu W (2012) Certificateless signatures: new schemes and security models. Comput J 55(4):457–474
Liu J, Zhang Z, Chen X, Kwak KS (2014) Certificateless remote anonymous authentication schemes for wirelessbody area networks. IEEE Trans Parallel Distrib Syst 25(2):332–342
Liu JK, Au MH, Susilo W (2007) Self-generated-certificate public key cryptography and certificateless signature/encryption scheme in the standard model. In: Proceedings of the 2nd ACM symposium on information. ACM, computer and communications security, pp 273–283
Pang L, Hu Y, Liu Y, Xu K, Li H (2015) Efficient and secure certificateless signature scheme in the standard model. Int J Commun Syst 9(11):4353–4362
Soghoian C, Stamm S (2011) Certified lies: detecting and defeating government interception attacks against ssl (short paper). Financial cryptography and data security. LNCS 7035. Springer, Berlin, pp 250–259
Sun Y, Zhang F, Shen L (2014) A revocable certificateless signature scheme. J Comput 9(8):1843–1850
Vivek SS (2015) Stateful certificateless public key encryption with application in public cloud. In: Proceedings of innovative security solutions for information technology and communications–SECITC 2015, Springer, Berlin, LNCS 9522, pp 130–149
Wang B, Li B, Li H, Li F (2013) Certificateless public auditing for data integrity in the cloud. In: 2013 IEEE conference on communications and network security (CNS), pp 136–144
Wang XA, Huang X, Yang X (2008) Further observations on certificateless public key encryption. In: 4th international conference on information security and cryptology, Springer, Berlin, LNCS 5487, pp 217–239
Xiong H (2014) Cost-effective scalable and anonymous certificateless remote authentication protocol. IEEE Trans Inf Forensics Secur 9(12):2327–2339
Xiong H, Qin Z (2015) Revocable and scalable certificateless remote authentication protocol with anonymity for wireless body area networks. IEEE Trans Inf Forensics Secur 10(7):1442–1455
Xu L, Wu X, Zhang X (2012) Cl-pre: a certificateless proxy re-encryption scheme for secure data sharing with public cloud. In: Proceedings of the 7th ACM symposium on information, computer and communications security, pp 87–88
Yang G, Tan CH (2011) Certificateless cryptography with kgc trust level 3. Theor Comput Sci 412(39):5446–5457
Yum DH, Lee PJ (2004) Generic construction of certificateless signature. ACISP 2004. LNCS 3108. Springer, Berlin, pp 200–211
Zhang Y, Xu C, Yu S, Li H (2015) Sclpv: secure certificateless public verification for cloud-based cyber-physical-social systems against malicious auditors. IEEE Trans Comput Soc Syst 2(4):159–170
Acknowledgements
Funding was provided by National Natural Science Foundation of China (Grant nos. 61202475, 61472114, 61133014), National Natural Science Foundation of China (CN) (Grant no. 61502218) and Guangzhou Mobile Internet Security and Disaster Recovery Key Laboratory Construction Project (Grant no. 2014sy000022).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Li, F., Xie, D., Gao, W. et al. A certificateless signature scheme and a certificateless public auditing scheme with authority trust level 3+. J Ambient Intell Human Comput 15, 1317–1326 (2024). https://doi.org/10.1007/s12652-017-0553-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-017-0553-x