Skip to main content
placeholder image

Malicious KGC attacks in certificateless cryptography

Conference Paper


Download full-text (Open Access)

Abstract


  • Identity-based cryptosystems have an inherent key escrow issue, that is, the Key Generation Center (KGC) always knows user secret key. If the KGC is malicious, it can always impersonate the user. Certificateless cryptography, introduced by Al-Riyami and Paterson in 2003, is intended to solve this problem. However, in all the previously proposed certificateless schemes, it is always assumed that the malicious KGC starts launching attacks (so-called Type II attacks) only after it has generated a master public/secret key pair honestly. In this paper, we propose new security models that remove this assumption for both certificateless signature and encryption schemes. Under the new models, we show that a class of certificateless encryption and signature schemes proposed previously are insecure. These schemes still suffer from the key escrow problem. On the other side, we also give new proofs to show that there are two generic constructions, one for certificateless signature and the other for certificateless encryption, proposed recently that are secure under our new models.

UOW Authors


  •   Au, Man Ho Allen (external author)
  •   Chen, Jing (external author)
  •   Liu, Joseph K. (external author)
  •   Mu, Yi (external author)
  •   Wong, Duncan S. (external author)
  •   Yang, Guomin

Publication Date


  • 2007

Citation


  • Au, M. Ho., Chen, J., Liu, J. K., Mu, Y., Wong, D. S. & Yang, G. (2007). Malicious KGC attacks in certificateless cryptography. Proceedings of the 2nd ACM symposium on Information, computer and communications security (pp. 302-311). New York: ACM press.

Ro Full-text Url


  • http://ro.uow.edu.au/cgi/viewcontent.cgi?article=1941&context=eispapers

Ro Metadata Url


  • http://ro.uow.edu.au/eispapers/932

Start Page


  • 302

End Page


  • 311

Place Of Publication


  • New York

Abstract


  • Identity-based cryptosystems have an inherent key escrow issue, that is, the Key Generation Center (KGC) always knows user secret key. If the KGC is malicious, it can always impersonate the user. Certificateless cryptography, introduced by Al-Riyami and Paterson in 2003, is intended to solve this problem. However, in all the previously proposed certificateless schemes, it is always assumed that the malicious KGC starts launching attacks (so-called Type II attacks) only after it has generated a master public/secret key pair honestly. In this paper, we propose new security models that remove this assumption for both certificateless signature and encryption schemes. Under the new models, we show that a class of certificateless encryption and signature schemes proposed previously are insecure. These schemes still suffer from the key escrow problem. On the other side, we also give new proofs to show that there are two generic constructions, one for certificateless signature and the other for certificateless encryption, proposed recently that are secure under our new models.

UOW Authors


  •   Au, Man Ho Allen (external author)
  •   Chen, Jing (external author)
  •   Liu, Joseph K. (external author)
  •   Mu, Yi (external author)
  •   Wong, Duncan S. (external author)
  •   Yang, Guomin

Publication Date


  • 2007

Citation


  • Au, M. Ho., Chen, J., Liu, J. K., Mu, Y., Wong, D. S. & Yang, G. (2007). Malicious KGC attacks in certificateless cryptography. Proceedings of the 2nd ACM symposium on Information, computer and communications security (pp. 302-311). New York: ACM press.

Ro Full-text Url


  • http://ro.uow.edu.au/cgi/viewcontent.cgi?article=1941&context=eispapers

Ro Metadata Url


  • http://ro.uow.edu.au/eispapers/932

Start Page


  • 302

End Page


  • 311

Place Of Publication


  • New York