抗颠覆的基于身份的签名

IF 3.7 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Systems Architecture Pub Date : 2025-03-08 DOI:10.1016/j.sysarc.2025.103385

Mengdi Ouyang , Cuixiang Yang , Xiaojuan Liao , Fagen Li

{"title":"抗颠覆的基于身份的签名","authors":"Mengdi Ouyang , Cuixiang Yang , Xiaojuan Liao , Fagen Li","doi":"10.1016/j.sysarc.2025.103385","DOIUrl":null,"url":null,"abstract":"<div><div>Identity-based cryptography (IBC) resolves the issue of certificate management, establishing itself as an evolving industry standard. Identity-based signature (IBS), an essential element of IBC, ensures integrity and authentication, playing a crucial role in the domains of internet of things (IoT) and cloud computing. Nevertheless, the “Snowden” event exposed how attackers subverted cryptographic algorithms’ implementations to undermine security and conduct mass-surveillance. We explore a subversion attack (SA) model on IBS and define two properties including undetectability and strong key recoverability. Our SA enables a recovery of the master private key and a private key through any two successive signatures, posing a greater challenge. Cryptographic reverse firewalls (RFs) are the main countermeasures to resist SAs. However, existing works necessitate the storage of randomness corresponding to various identities and fail to resist bit-by-bit SA. To address the aforementioned issue, we formulate a system model and a security model for subversion-resistant identity-based signature (SR-IBS). Then, we establish an instance and prove SR-IBS’s security of existential unforgeability under chosen message attack (EUF-CMA) along with subversion resistance. Finally, we leverage pypbc library to conduct a comprehensive experiment analysis. The results indicate the execution difference between subverted IBS and pure one is around 2ms and RFs only add approximately 0.5% of overall execution across five different security level. SR-IBS provides subversion-resistant without increasing high computation burden.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"162 ","pages":"Article 103385"},"PeriodicalIF":3.7000,"publicationDate":"2025-03-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Subversion resistant identity-based signature\",\"authors\":\"Mengdi Ouyang , Cuixiang Yang , Xiaojuan Liao , Fagen Li\",\"doi\":\"10.1016/j.sysarc.2025.103385\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Identity-based cryptography (IBC) resolves the issue of certificate management, establishing itself as an evolving industry standard. Identity-based signature (IBS), an essential element of IBC, ensures integrity and authentication, playing a crucial role in the domains of internet of things (IoT) and cloud computing. Nevertheless, the “Snowden” event exposed how attackers subverted cryptographic algorithms’ implementations to undermine security and conduct mass-surveillance. We explore a subversion attack (SA) model on IBS and define two properties including undetectability and strong key recoverability. Our SA enables a recovery of the master private key and a private key through any two successive signatures, posing a greater challenge. Cryptographic reverse firewalls (RFs) are the main countermeasures to resist SAs. However, existing works necessitate the storage of randomness corresponding to various identities and fail to resist bit-by-bit SA. To address the aforementioned issue, we formulate a system model and a security model for subversion-resistant identity-based signature (SR-IBS). Then, we establish an instance and prove SR-IBS’s security of existential unforgeability under chosen message attack (EUF-CMA) along with subversion resistance. Finally, we leverage pypbc library to conduct a comprehensive experiment analysis. The results indicate the execution difference between subverted IBS and pure one is around 2ms and RFs only add approximately 0.5% of overall execution across five different security level. SR-IBS provides subversion-resistant without increasing high computation burden.</div></div>\",\"PeriodicalId\":50027,\"journal\":{\"name\":\"Journal of Systems Architecture\",\"volume\":\"162 \",\"pages\":\"Article 103385\"},\"PeriodicalIF\":3.7000,\"publicationDate\":\"2025-03-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Systems Architecture\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S1383762125000578\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Systems Architecture","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1383762125000578","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

摘要

基于身份的密码学（IBC）解决了证书管理问题，使自己成为一个不断发展的行业标准。基于身份的签名（Identity-based signature， IBS）是IBC的重要组成部分，可确保完整性和认证，在物联网（IoT）和云计算领域发挥着至关重要的作用。然而，“斯诺登”事件暴露了攻击者如何颠覆加密算法的实现，从而破坏安全并进行大规模监控。我们探索了一种基于IBS的颠覆攻击模型，并定义了不可检测性和强密钥可恢复性两个属性。我们的SA允许通过任意两个连续签名恢复主私钥和私钥，这带来了更大的挑战。加密反向防火墙（RFs）是抵御sa的主要对策。然而，现有的作品需要存储各种身份对应的随机性，无法抵抗逐位SA。为了解决上述问题，我们建立了一个基于身份的抗颠覆签名（SR-IBS）的系统模型和安全模型。然后建立实例，证明SR-IBS在选择消息攻击（EUF-CMA）和抗颠覆攻击下的存在不可伪造性安全性。最后，我们利用pypbc库进行全面的实验分析。结果表明，经过颠覆的IBS和纯IBS之间的执行差异约为2ms，而rf在五个不同的安全级别上只增加了大约0.5%的总执行。SR-IBS在不增加高计算负担的情况下提供抗颠覆性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Subversion resistant identity-based signature

Identity-based cryptography (IBC) resolves the issue of certificate management, establishing itself as an evolving industry standard. Identity-based signature (IBS), an essential element of IBC, ensures integrity and authentication, playing a crucial role in the domains of internet of things (IoT) and cloud computing. Nevertheless, the “Snowden” event exposed how attackers subverted cryptographic algorithms’ implementations to undermine security and conduct mass-surveillance. We explore a subversion attack (SA) model on IBS and define two properties including undetectability and strong key recoverability. Our SA enables a recovery of the master private key and a private key through any two successive signatures, posing a greater challenge. Cryptographic reverse firewalls (RFs) are the main countermeasures to resist SAs. However, existing works necessitate the storage of randomness corresponding to various identities and fail to resist bit-by-bit SA. To address the aforementioned issue, we formulate a system model and a security model for subversion-resistant identity-based signature (SR-IBS). Then, we establish an instance and prove SR-IBS’s security of existential unforgeability under chosen message attack (EUF-CMA) along with subversion resistance. Finally, we leverage pypbc library to conduct a comprehensive experiment analysis. The results indicate the execution difference between subverted IBS and pure one is around 2ms and RFs only add approximately 0.5% of overall execution across five different security level. SR-IBS provides subversion-resistant without increasing high computation burden.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of Systems Architecture 工程技术-计算机：硬件

CiteScore

8.70

自引率

15.60%

发文量

226

审稿时长

46 days

期刊介绍： The Journal of Systems Architecture: Embedded Software Design (JSA) is a journal covering all design and architectural aspects related to embedded systems and software. It ranges from the microarchitecture level via the system software level up to the application-specific architecture level. Aspects such as real-time systems, operating systems, FPGA programming, programming languages, communications (limited to analysis and the software stack), mobile systems, parallel and distributed architectures as well as additional subjects in the computer and system architecture area will fall within the scope of this journal. Technology will not be a main focus, but its use and relevance to particular designs will be. Case studies are welcome but must contribute more than just a design for a particular piece of software. Design automation of such systems including methodologies, techniques and tools for their design as well as novel designs of software components fall within the scope of this journal. Novel applications that use embedded systems are also central in this journal. While hardware is not a part of this journal hardware/software co-design methods that consider interplay between software and hardware components with and emphasis on software are also relevant here.