Biblio

In Indonesia, there have been many certificates forgery happened. The lack of security system for the certificate and the difficulty in verification process toward the authenticity certificate become the main factor of the certificate forgery cases happen. The aim of this research is to improve the security system such digital signature and QR code to authenticate the authenticity certificate and to facilitate the user in verify their certificate and also to minimize the certificate forgery cases. The aim of this research is to improve the security system such digital signature and QR code to authenticate the authenticity certificate and to facilitate the user in verify their certificate and also to minimize the certificate forgery cases. The application is built in web system to facilitate the user to access it everywhere and any time. This research uses Research and Development method for problem analysis and to develop application using Software Development Life Cycle method with waterfall approach. Black box testing is chosen as testing method for each function in this system. The result of this research is creatcate application that’s designed to support the publishing and the verification of the electronic authenticity certificate by online. There are two main schemes in system: the scheme in making e-certificate and the scheme of verification QR Code. There is the electronic professional certificate application by applying digital signature and QR Code. It can publish e-certificate that can prevent from criminal action such certificate forgery, that’s showed in implementation and can be proven in test.

In quantum cryptography research area, quantum digital signature is an important research field. To provide a better privacy for users in constructing quantum digital signature, the stronger anonymity of quantum digital signatures is required. Quantum ring signature scheme focuses on anonymity in certain scenarios. Using quantum ring signature scheme, the quantum message signer hides his identity into a group. At the same time, there is no need for any centralized organization when the user uses the quantum ring signature scheme. The group used to hide the signer identity can be immediately selected by the signer himself, and no collaboration between users.Since the quantum finite automaton signature scheme is very efficient quantum digital signature scheme, based on it, we propose a new quantum ring signature scheme. We also showed that the new scheme we proposed is of feasibility, correctness, anonymity, and unforgeability. And furthermore, the new scheme can be implemented only by logical operations, so it is easy to implement.

The signcryption technique was first proposed by Y. Zheng, where two cryptographic operations digital signature and message encryption are made combinedly. We cryptanalyze the technique and observe that the signature and encryption become vulnerable if the forged public keys are used. This paper proposes an improvement using modified DSS (Digital Signature Standard) version of ElGamal signature and DHP (Diffie-Hellman key exchange protocol), and shows that the vulnerabilities in both the signature and encryption methods used in Zheng's signcryption are circumvented. DHP is used for session symmetric key establishment and it is combined with the signature in such a way that the vulnerabilities of DHP can be avoided. The security and performance analysis of our signcryption technique are provided and found that our scheme is secure and designed using minimum possible operations with comparable computation cost of Zheng's scheme.

With the rapid development of Internet of Things technology and sensor networks, large amount of data is facing security challenges in the transmission process. In the process of data transmission, the standardization and authentication of data sources are very important. A digital signature scheme based on bilinear pairing problem is designed. In this scheme, by signing the authorization mechanism, the management node can control the signature process and distribute data. The use of private key segmentation mechanism can reduce the performance requirements of sensor nodes. The reasonable combination of timestamp mechanism can ensure the time limit of signature and be verified after the data is sent. It is hoped that the implementation of this scheme can improve the security of data transmission on the Internet of things environment.

In this paper, we extend the existing classification of signature models by Cao. To do so, we present a new signature classification framework and migrate the original classification to build an easily extendable faceted signature classification. We propose 20 new properties, 7 property families, and 1 signature classification type. With our classification, theoretically, up to 11 541 420 signature classes can be built, which should cover almost all existing signature schemes.

Although many digital signature algorithms are available nowadays, the speed of signing and/or verifying a digital signature is crucial for different applications. Some algorithms are fast for signing but slow for verification, but others are the inverse. Research efforts for an algorithm being fast in both signing and verification is essential. The traditional GOST algorithm has the shortest signing time but longest verification time compared with other DSA algorithms. Hence an improvement in its signature verification time is sought in this work. A modified GOST digital signature algorithm variant is developed improve the signature verification speed by reducing the computation complexity as well as benefiting from its efficient signing speed. The obtained signature verification execution speed for this variant was 1.5 time faster than that for the original algorithm. Obviously, all parameters' values used, such as public and private key, random numbers, etc. for both signing and verification processes were the same. Hence, this algorithm variant will prove suitable for applications that require short time for both, signing and verification processes. Keywords— Discrete Algorithms, Authentication, Digital Signature Algorithms DSA, GOST, Data Integrity

In cyberspace, a digital signature is a mathematical technique that plays a significant role, especially in validating the authenticity of digital messages, emails, or documents. Furthermore, the digital signature mechanism allows the recipient to trust the authenticity of the received message that is coming from the said sender and that the message was not altered in transit. Moreover, a digital signature provides a solution to the problems of tampering and impersonation in digital communications. In a real-life example, it is equivalent to a handwritten signature or stamp seal, but it offers more security. This paper proposes a scheme to enable users to digitally sign their communications by validating their identity through users’ mobile devices. This is done by utilizing the user’s ambient Wi-Fi-enabled devices. Moreover, the proposed scheme depends on something that a user possesses (i.e., Wi-Fi-enabled devices), and something that is in the user’s environment (i.e., ambient Wi-Fi access points) where the validation process is implemented, in a way that requires no effort from users and removes the "weak link" from the validation process. The proposed scheme was experimentally examined.

With the emergence of quantum computers, traditional digital signature schemes based on problems such as large integer solutions and discrete logarithms will no longer be secure, and it is urgent to find effective digital signature schemes that can resist quantum attacks. Lattice cryptography has the advantages of computational simplicity and high security. In this paper, we propose an identity-based digital signature scheme based on the rejection sampling algorithm. Unlike most schemes that use a common Gaussian distribution, this paper uses a bimodal Gaussian distribution, which improves efficiency. The identity-based signature scheme is more convenient for practical application than the traditional certificate-based signature scheme.

An oblivious signature is a digital signature with some property. The oblivious signature scheme has two parties, the signer and the receiver. First, the receiver can choose one and get one of n valid signatures without knowing the signer’s private key. Second, the signer does not know which signature is chosen by the receiver. In this paper, we propose the oblivious signature which is combined with blind signature and zero-knowledge set membership. The property of blind signature makes sure that the signer does not know the message of the signature by the receiver chosen, on the other hand, the property of the zero-knowledge set membership makes sure that the message of the signature by the receiver chosen is one of the set original messages.

The Digital Signature Algorithm (DSA) is a representative of a family of digital signature algorithms that are known to have a number of subliminal channels for covert data transmission. The capacity of these channels stretches from several bits (narrowband channels) to about 256 or so bits (a broadband channel). There are a couple of methods described in the literature to prevent the usage of the broadband channel with the help of a warden. In the present paper, we discuss some weaknesses of the known methods and suggest a solution that is free of the weaknesses and eliminates the broadband covert channel. Our solution also requires a warden who does not participate in signature generation and is able to check any signed message for the absence of the covert communication.

Modern digital signature schemes can provide more guarantees than the standard notion of (strong) unforgeability, such as offering security even in the presence of maliciously generated keys, or requiring to know a message to produce a signature for it. The use of signature schemes that lack these properties has previously enabled attacks on real-world protocols. In this work we revisit several of these notions beyond unforgeability, establish relations among them, provide the first formal definition of non re-signability, and a transformation that can provide these properties for a given signature scheme in a provable and efficient way.Our results are not only relevant for established schemes: for example, the ongoing NIST PQC competition towards standardizing post-quantum signature schemes has six finalists in its third round. We perform an in-depth analysis of the candidates with respect to their security properties beyond unforgeability. We show that many of them do not yet offer these stronger guarantees, which implies that the security guarantees of these post-quantum schemes are not strictly stronger than, but instead incomparable to, classical signature schemes. We show how applying our transformation would efficiently solve this, paving the way for the standardized schemes to provide these additional guarantees and thereby making them harder to misuse.

Signcryption is a sophisticated cryptographic tool that combines the benefits of digital signature and data encryption in a single step, resulting in reduced computation and storage cost. However, the existing signcryption techniques do not account for a scenario in which a company must escrow an employee's private encryption key so that the corporation does not lose the capacity to decrypt a ciphertext when the employee or user is no longer available. To circumvent the issue of non-repudiation, the private signing key does not need to be escrowed. As a result, this paper presents an implicit certificate-based signcryption technique with private encryption key escrow, which can assist an organization in preventing the loss of private encryption. A certificate, or more broadly, a digital signature, protects users' public encryption and signature keys from man-in-the-middle attacks under our proposed approach.

SM9 is an identity-based cryptography algorithm published by the State Cryptography Administration of China. With SM9, a user's private key for signing is generated by a central system called key generation center (KGC). When the owner of the private key wants to shirk responsibility by denying that the signature was generated by himself, he can claim that the operator of KGC forged the signature using the generated private key. To address this issue, in this paper, two schemes of SM9 digital signature with non-repudiation are proposed. With the proposed schemes, the user's private key for signing is collaboratively generated by two separate components, one of which is deployed in the private key service provider's site while the other is deployed in the user's site. The private key can only be calculated in the user's site with the help of homomorphic encryption. Therefore, only the user can obtain the private key and he cannot deny that the signature was generated by himself. The proposed schemes can achieve the non-repudiation of SM9 digital signature.

Summary form only given. We discuss information-theoretic methods to prove the security of cryptosystems. We study what is called, unconditionally secure (or information-theoretically secure) cryptographic schemes in search for a system that can provide long-term security and that does not impose limits on the adversary's computational power.

This article is focused on industrial networks and their security. An industrial network typically works with older devices that do not provide security at the level of today's requirements. Even protocols often do not support security at a sufficient level. It is necessary to deal with these security issues due to digitization. It is therefore required to provide other techniques that will help with security. For this reason, it is possible to deploy additional elements that will provide additional security and ensure the monitoring of the network, such as the Intrusion Detection System. These systems recognize identified signatures and anomalies. Methods of detecting security incidents by detecting anomalies in network traffic are described. The proposed methods are focused on detecting DoS attacks in the industrial Modbus protocol and operations performed outside the standard interval in the Distributed Network Protocol 3. The functionality of the performed methods is tested in the IDS system Zeek.

Technology advancement also increases the risk of a computer's security. As we can have various mechanisms to ensure safety but still there have flaws. The main concerned area is user authentication. For authentication, various biometric applications are used but once authentication is done in the begging there was no guarantee that the computer system is used by the authentic user or not. The intrusion detection system (IDS) is a particular procedure that is used to identify intruders by analyzing user behavior in the system after the user logged in. Host-based IDS monitors user behavior in the computer and identify user suspicious behavior as an intrusion or normal behavior. This paper discusses how an expert system detects intrusions using a set of rules as a pattern recognized engine. We propose a PIDE (Pattern Based Intrusion Detection) model, which is verified previously implemented SBID (Statistical Based Intrusion Detection) model. Experiment results indicate that integration of SBID and PBID approach provides an extensive system to detect intrusion.

As an important type of cloud data, digital provenance is arousing increasing attention on improving system performance. Currently, provenance has been employed to provide cues regarding access control and to estimate data quality. However, provenance itself might also be sensitive information. Therefore, provenance might be encrypted and stored in the Cloud. In this paper, we provide a mechanism to classify cloud documents by searching specific keywords from their encrypted provenance, and we prove our scheme achieves semantic security. In term of application of the proposed techniques, considering that files are classified to store separately in the cloud, in order to facilitate the regulation and security protection for the files, the classification policies can use provenance as conditions to determine the category of a document. Such as the easiest sample policy goes like: the documents have been reviewed twice can be classified as “public accessible”, which can be accessed by the public.

Preserving medical data is of utmost importance to stake holders. There are not many laws in India about preservation, usability of patient records. When data is transmitted across the globe there are chances of data getting tampered intentionally or accidentally. Tampered data loses its authenticity for diagnostic purpose, research and various other reasons. This paper proposes an authenticity based ECDSA algorithm by signature verification to identify the tampering of medical image files and alerts by the rules of authenticity. The algorithm can be used by researchers, doctors or any other educated person in order to maintain the authenticity of the record. Presently it is applied on medical related image files like DICOM. However, it can support any other medical related image files and still preserve the authenticity.

Zero-day Web attacks are arguably the most serious threats to Web security, but are very challenging to detect because they are not seen or known previously and thus cannot be detected by widely-deployed signature-based Web Application Firewalls (WAFs). This paper proposes ZeroWall, an unsupervised approach, which works with an existing WAF in pipeline, to effectively detecting zero-day Web attacks. Using historical Web requests allowed by an existing signature-based WAF, a vast majority of which are assumed to be benign, ZeroWall trains a self-translation machine using an encoder-decoder recurrent neural network to capture the syntax and semantic patterns of benign requests. In real-time detection, a zero-day attack request (which the WAF fails to detect), not understood well by self-translation machine, cannot be translated back to its original request by the machine, thus is declared as an attack. In our evaluation using 8 real-world traces of 1.4 billion Web requests, ZeroWall successfully detects real zero-day attacks missed by existing WAFs and achieves high F1-scores over 0.98, which significantly outperforms all baseline approaches.

This paper presents an overhead analysis of the use of digital signature mechanisms in the Message Queue Telemetry Transport (MQTT) protocol for three classes of constrained-device. Because the resources provided by constrained-devices are very limited, the purpose of this overhead analysis is to help find out the advantages and disadvantages of each class of constrained-devices after a security mechanism has been applied, namely by applying a digital signature mechanism. The objective of using this digital signature mechanism is for providing integrity, that if the payload sent and received in its destination is still original and not changed during the transmission process. The overhead analysis aspects performed are including analyzing decryption time, signature verification performance, message delivery time, memory and flash usage in the three classes of constrained-device. Based on the overhead analysis result, it can be seen that for decryption time and signature verification performance, the Class-2 device is the fastest one. For message delivery time, the smallest time needed for receiving the payload is Class-l device. For memory usage, the Class-2 device is providing the biggest available memory and flash.

The exchange of data has expanded utilizing the web nowadays, but it is not dependable because, during communication on the cloud, any malicious client can alter or steal the information or misuse it. To provide security to the data during transmission is becoming hot research and quite challenging topic. In this work, our proposed algorithm enhances the security of the keys by increasing its complexity, so that it can't be guessed, breached or stolen by the third party and hence by this, the data will be concealed while sending between the users. The proposed algorithm also provides more security and authentication to the users during cloud communication, as compared to the previously existing algorithm.

The use of public key cryptosystems ranges from securely encrypting bitcoin transactions and creating digital signatures for non-repudiation. The cryptographic systems security of public key depends on the complexity in solving mathematical problems. Quantum computers pose a threat to the current day algorithms used. This research presents analysis of two Hash-based Signature Schemes (MSS and W-OTS) and provides a comparative analysis of them. The comparisons are based on their efficiency as regards to their key generation, signature generation and verification time. These algorithms are compared with two classical algorithms (RSA and ECDSA) used in bitcoin transaction security. The results as shown in table II indicates that RSA key generation takes 0.2012s, signature generation takes 0.0778s and signature verification is 0.0040s. ECDSA key generation is 0.1378s, signature generation takes 0.0187s, and verification time for the signature is 0.0164s. The W-OTS key generation is 0.002s. To generate a signature in W-OTS, it takes 0.001s and verification time for the signature is 0.0002s. Lastly MSS Key generation, signature generation and verification has high values which are 16.290s, 17.474s, and 13.494s respectively. Based on the results, W-OTS is recommended for bitcoin transaction security because of its efficiency and ability to resist quantum computer attacks on the bitcoin network.

We all are living in the digital era, where the maximum of the information is available online. The digital world has made the transfer of information easy and provides the basic needs of security like authentication, integrity, nonrepudiation, etc. But, with the improvement in security, cyber-attacks have also increased. Security researchers have provided many techniques to prevent these cyber-attacks; one is a Digital Signature (DS). The digital signature uses cryptographic key pairs (public and private) to provide the message's integrity and verify the sender's identity. The private key used in the digital signature is confidential; if attackers find it by using various techniques, then this can result in an attack. This paper presents a brief introduction about the digital signature and how it is vulnerable to a man-in-the-middle attack. Further, it discusses a technique to prevent this attack in the digital signature.

Data Transmission in network security is one of the most vital issues in today's communication world. The outcome of the suggested method is outlined over here. Enhanced security can be achieved by this method. The vigorous growth in the field of information communication has made information transmission much easier. But this type of advancement has opened up many possibilities of information being snooped. So, day-by-day maintaining of information security is becoming an inseparable part of computing and communication. In this paper, the authors have explored techniques that blend cryptography & steganography together. In steganography, information is kept hidden behind a cover image. In this paper, approaches for information hiding using both cryptography & steganography is proposed keeping in mind two considerations - size of the encrypted object and degree of security. Here, signature image information is kept hidden into cover image using private key of sender & receiver, which extracts the information from stego image using a public key. This approach can be used for message authentication, message integrity & non-repudiation purpose.

When using digital signatures, we need to deal with the problem of fairness of information exchange. To solve this problem, Chen, etc. introduced a new conception which is named concurrent signatures in Eurocrypt'04. Using concurrent signatures scheme, two entities in the scheme can generate two ambiguous signatures until one of the entities releases additional information which is called keystone. After the keystone is released, the two ambiguous signatures will be bound to their real signers at the same time. In order to provide a method to solve the fairness problem of quantum digital signatures, we propose a new quantum concurrent signature scheme. The scheme we proposed does not use a trusted third party in a quantum computing environment, and has such advantages as no need to conduct complex quantum operations and easy to implement by a quantum circuit. Quantum concurrent signature improves the theory of quantum cryptography, and it also provides broad prospects for the specific applications of quantum cryptography.