Mengdi Ouyang , Cuixiang Yang , Xiaojuan Liao , Fagen Li
{"title":"Subversion resistant identity-based signature","authors":"Mengdi Ouyang , Cuixiang Yang , Xiaojuan Liao , Fagen Li","doi":"10.1016/j.sysarc.2025.103385","DOIUrl":null,"url":null,"abstract":"<div><div>Identity-based cryptography (IBC) resolves the issue of certificate management, establishing itself as an evolving industry standard. Identity-based signature (IBS), an essential element of IBC, ensures integrity and authentication, playing a crucial role in the domains of internet of things (IoT) and cloud computing. Nevertheless, the “Snowden” event exposed how attackers subverted cryptographic algorithms’ implementations to undermine security and conduct mass-surveillance. We explore a subversion attack (SA) model on IBS and define two properties including undetectability and strong key recoverability. Our SA enables a recovery of the master private key and a private key through any two successive signatures, posing a greater challenge. Cryptographic reverse firewalls (RFs) are the main countermeasures to resist SAs. However, existing works necessitate the storage of randomness corresponding to various identities and fail to resist bit-by-bit SA. To address the aforementioned issue, we formulate a system model and a security model for subversion-resistant identity-based signature (SR-IBS). Then, we establish an instance and prove SR-IBS’s security of existential unforgeability under chosen message attack (EUF-CMA) along with subversion resistance. Finally, we leverage pypbc library to conduct a comprehensive experiment analysis. The results indicate the execution difference between subverted IBS and pure one is around 2ms and RFs only add approximately 0.5% of overall execution across five different security level. SR-IBS provides subversion-resistant without increasing high computation burden.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"162 ","pages":"Article 103385"},"PeriodicalIF":3.7000,"publicationDate":"2025-03-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Systems Architecture","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1383762125000578","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 0
Abstract
Identity-based cryptography (IBC) resolves the issue of certificate management, establishing itself as an evolving industry standard. Identity-based signature (IBS), an essential element of IBC, ensures integrity and authentication, playing a crucial role in the domains of internet of things (IoT) and cloud computing. Nevertheless, the “Snowden” event exposed how attackers subverted cryptographic algorithms’ implementations to undermine security and conduct mass-surveillance. We explore a subversion attack (SA) model on IBS and define two properties including undetectability and strong key recoverability. Our SA enables a recovery of the master private key and a private key through any two successive signatures, posing a greater challenge. Cryptographic reverse firewalls (RFs) are the main countermeasures to resist SAs. However, existing works necessitate the storage of randomness corresponding to various identities and fail to resist bit-by-bit SA. To address the aforementioned issue, we formulate a system model and a security model for subversion-resistant identity-based signature (SR-IBS). Then, we establish an instance and prove SR-IBS’s security of existential unforgeability under chosen message attack (EUF-CMA) along with subversion resistance. Finally, we leverage pypbc library to conduct a comprehensive experiment analysis. The results indicate the execution difference between subverted IBS and pure one is around 2ms and RFs only add approximately 0.5% of overall execution across five different security level. SR-IBS provides subversion-resistant without increasing high computation burden.
期刊介绍:
The Journal of Systems Architecture: Embedded Software Design (JSA) is a journal covering all design and architectural aspects related to embedded systems and software. It ranges from the microarchitecture level via the system software level up to the application-specific architecture level. Aspects such as real-time systems, operating systems, FPGA programming, programming languages, communications (limited to analysis and the software stack), mobile systems, parallel and distributed architectures as well as additional subjects in the computer and system architecture area will fall within the scope of this journal. Technology will not be a main focus, but its use and relevance to particular designs will be. Case studies are welcome but must contribute more than just a design for a particular piece of software.
Design automation of such systems including methodologies, techniques and tools for their design as well as novel designs of software components fall within the scope of this journal. Novel applications that use embedded systems are also central in this journal. While hardware is not a part of this journal hardware/software co-design methods that consider interplay between software and hardware components with and emphasis on software are also relevant here.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
