Related papers: Attribute-Based Authentication in Secure Group Messaging for Distributed Environments

Attribute-Based Authentication in Secure Group Messaging for Distributed Environments

URL: http://arxiv.org/abs/2405.12042v1
Date: Mon, 20 May 2024 14:09:28 GMT
Title: Attribute-Based Authentication in Secure Group Messaging for Distributed Environments
Authors: David Soler, Carlos Dafonte, Manuel Fernández-Veiga, Ana Fernández Vilas, Francisco J. Nóvoa,
Abstract summary: Messaging Layer security (MLS) and its underlying Continuous Group Key Agreement protocol allow a group of users to share a cryptographic secret in a dynamic manner. The use of digital certificates for authentication in a group goes against the group members' privacy. We provide an alternative method of authentication in which the solicitors, instead of revealing their identity, only need to prove possession of certain attributes.
Score: 2.254434034390528
License: http://creativecommons.org/licenses/by-nc-nd/4.0/
Abstract: Messaging Layer security (MLS) and its underlying Continuous Group Key Agreement (CGKA) protocol allows a group of users to share a cryptographic secret in a dynamic manner, such that the secret is modified in member insertions and deletions. Although this flexibility makes MLS ideal for implementations in distributed environments, a number of issues need to be overcome. Particularly, the use of digital certificates for authentication in a group goes against the group members' privacy. In this work we provide an alternative method of authentication in which the solicitors, instead of revealing their identity, only need to prove possession of certain attributes, dynamically defined by the group, to become a member. Instead of digital certificates, we employ Attribute-Based Credentials accompanied with Selective Disclosure in order to reveal the minimum required amount of information and to prevent attackers from linking the activity of a user through multiple groups. We formally define a CGKA variant named Attribute-Authenticated Continuous Group Key Agreement (AA-CGKA) and provide security proofs for its properties of Requirement Integrity, Unforgeability and Unlinkability. We also provide guidelines for an integration of our construction in MLS.

Related papers

DiVerify: Diversifying Identity Verification in Next-Generation Software Signing [6.367742522528132]
Code signing enables software developers to digitally sign their code using cryptographic keys, thereby associating the code to their identity. Next-generation software signing such as Sigstore and OpenPubKey simplify code signing by providing streamlined mechanisms to verify and link signer identities to the public key. We introduce Diverse Identity Verification (DiVerify) scheme, which strengthens the security guarantees of next-generation software signing by leveraging threshold identity validations and scope mechanisms.
arXiv Detail & Related papers (2024-06-21T18:53:52Z)
Biometrics-Based Authenticated Key Exchange with Multi-Factor Fuzzy Extractor [19.129363889273904]
We propose a novel multi-factor fuzzy extractor that integrates both a user's secret (e.g., a password) and a user's biometrics. We then employ this multi-factor fuzzy extractor to construct personal identity credentials which can be used in a new multi-factor authenticated key exchange protocol.
arXiv Detail & Related papers (2024-05-19T05:50:28Z)
DID Link: Authentication in TLS with Decentralized Identifiers and Verifiable Credentials [0.0]
This article presents DID Link, a novel authentication scheme for TLS 1.3. It empowers entities to authenticate in a TLS-compliant way with self-issued X.509 certificates that are equipped with ledger-anchored DIDs. A prototypical implementation shows comparable TLS handshake durations of DID Link if verification material is cached and reasonable prolongations if it is obtained from a ledger.
arXiv Detail & Related papers (2024-05-13T08:03:32Z)
A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure. This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus. We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
arXiv Detail & Related papers (2024-01-19T14:52:04Z)
HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs) TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks. We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
arXiv Detail & Related papers (2024-01-17T00:56:23Z)
Combining Decentralized IDentifiers with Proof of Membership to Enable Trust in IoT Networks [44.99833362998488]
The paper proposes and discusses an alternative (mutual) authentication process for IoT nodes under the same administration domain. The main idea is to combine the Decentralized IDentifier (DID)-based verification of private key ownership with the verification of a proof that the DID belongs to an evolving trusted set.
arXiv Detail & Related papers (2023-10-12T09:33:50Z)
FedSOV: Federated Model Secure Ownership Verification with Unforgeable Signature [60.99054146321459]
Federated learning allows multiple parties to collaborate in learning a global model without revealing private data. We propose a cryptographic signature-based federated learning model ownership verification scheme named FedSOV.
arXiv Detail & Related papers (2023-05-10T12:10:02Z)
FedGT: Identification of Malicious Clients in Federated Learning with Secure Aggregation [69.75513501757628]
FedGT is a novel framework for identifying malicious clients in federated learning with secure aggregation. We show that FedGT significantly outperforms the private robust aggregation approach based on the geometric median recently proposed by Pillutla et al.
arXiv Detail & Related papers (2023-05-09T14:54:59Z)
Model Barrier: A Compact Un-Transferable Isolation Domain for Model Intellectual Property Protection [52.08301776698373]
We propose a novel approach called Compact Un-Transferable Isolation Domain (CUTI-domain) CUTI-domain acts as a barrier to block illegal transfers from authorized to unauthorized domains. We show that CUTI-domain can be easily implemented as a plug-and-play module with different backbones.
arXiv Detail & Related papers (2023-03-20T13:07:11Z)
Unified Singular Protocol Flow for OAuth (USPFO) Ecosystem [2.3526458707956643]
We propose a new approach for OAuth ecosystem that combines different client and grant types into a unified singular protocol flow for OAuth (USPFO) USPFO aims to reduce the vulnerabilities associated with implementing and configuring different client types and grant types. It provides built-in protections against known OAuth 2.0 vulnerabilities such as client impersonation, token (or code) thefts and replay attacks through integrity, authenticity, and binding audience.
arXiv Detail & Related papers (2023-01-29T17:22:02Z)
A Group Key Establishment Scheme [1.4091801425319967]
Group authentication is a method of confirming that a set of users belong to a group. Unlike the standard authentication schemes where one central authority authenticates users one by one, group authentication can handle the authentication process at once for all members of the group.
arXiv Detail & Related papers (2021-09-30T12:04:55Z)

This list is automatically generated from the titles and abstracts of the papers in this site.