DiVerify: Hardening Identity-Based Software Signing with Programmable Diverse-Context Scopes
- URL: http://arxiv.org/abs/2406.15596v2
- Date: Tue, 02 Sep 2025 18:38:20 GMT
- Title: DiVerify: Hardening Identity-Based Software Signing with Programmable Diverse-Context Scopes
- Authors: Chinenye L. Okafor, Trishank Kuppusamy, James C. Davis, Santiago Torres-Arias,
- Abstract summary: State-of-the-art identity-based code signing schemes have a major shortcoming.<n>They fail to provide verifiable information about the context in which a signature is generated.<n>We propose a diverse identity verification approach that reduces reliance on a single source of verification.
- Score: 11.521573335215239
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Code signing enables software developers to digitally sign their code using cryptographic keys, thereby associating the code with a specific key. This key is then linked to an identity (e.g., through an identity provider), allowing users to establish trust in the origin of the signature and verify both the code's origin and integrity. However, this code-identity binding is only as trustworthy as the mechanisms enforcing it. State-of-the-art identity-based code signing schemes have a major shortcoming: they fail to provide verifiable information about the context in which a signature is generated. If an identity verification server is compromised or the signing client behaves maliciously, the resulting signature may falsely suggest a trustworthy origin, despite the absence of actual developer intent. To address these issues, we propose a diverse identity verification approach that reduces reliance on a single source of verification and enforces stronger guarantees around the signing process itself. By combining multiple identity signals with verifiable execution environments, our system improves confidence that signatures reflect the intent of a legitimate user, produced under expected conditions. Signing in our DiVerify prototype incurs only a few kilobytes of additional storage - less than 0.4% of the average package size in widely used ecosystems like PyPI, and signing complete in under 100ms on a typical deployment.
Related papers
- Binding Agent ID: Unleashing the Power of AI Agents with accountability and credibility [46.323590135279126]
BAID (Binding Agent ID) is a comprehensive identity infrastructure establishing verifiable user-code binding.<n>We implement and evaluate a complete prototype system, demonstrating the practical feasibility of blockchain-based identity management and zkVM-based authentication protocol.
arXiv Detail & Related papers (2025-12-19T13:01:54Z) - Quantum-Safe Identity Verification using Relativistic Zero-Knowledge Proof Systems [3.8435472626703473]
Identity verification is essential in sectors like finance, healthcare, and online services to ensure security and prevent fraud.<n>Current password/PIN-based identity solutions are susceptible to phishing or skimming attacks.<n>We explore identity verification through graph coloring-based relativistic zero-knowledge proofs.
arXiv Detail & Related papers (2025-07-18T18:59:19Z) - Privacy-Preserving Biometric Verification with Handwritten Random Digit String [49.77172854374479]
Handwriting verification has stood as a steadfast identity authentication method for decades.<n>However, this technique risks potential privacy breaches due to the inclusion of personal information in handwritten biometrics such as signatures.<n>We propose using the Random Digit String (RDS) for privacy-preserving handwriting verification.
arXiv Detail & Related papers (2025-03-17T03:47:25Z) - Got Ya! -- Sensors for Identity Management Specific Security Situational Awareness [0.0]
Security situational awareness refers to identifying, mitigating, and preventing digital cyber threats.
We propose a security situational awareness approach specifically to identity management.
We focus on protocol-specifics and identity-related sources in a general concept.
arXiv Detail & Related papers (2025-03-06T10:03:45Z) - Formal Verification of Permission Voucher [1.4732811715354452]
The Permission Voucher Protocol is a system designed for secure and authenticated access control in distributed environments.
The analysis employs the Tamarin Prover, a state-of-the-art tool for symbolic verification, to evaluate key security properties.
Results confirm the protocol's robustness against common attacks such as message tampering, impersonation, and replay.
arXiv Detail & Related papers (2024-12-18T14:11:50Z) - Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
We propose Authenticated Cyclic Redundancy Integrity Check (ACRIC)
ACRIC preserves backward compatibility without requiring additional hardware and is protocol agnostic.
We show that ACRIC offers robust security with minimal transmission overhead ( 1 ms)
arXiv Detail & Related papers (2024-11-21T18:26:05Z) - Quantum digital signature based on single-qubit without a trusted third-party [45.41082277680607]
We propose a novel quantum digital signature protocol without a trusted third-party.
We prove that the protocol has information-theoretical unforgeability.
arXiv Detail & Related papers (2024-10-17T09:49:29Z) - Practical Privacy-Preserving Identity Verification using Third-Party Cloud Services and FHE (Role of Data Encoding in Circuit Depth Management) [0.0]
Governments seek to outsource national digital identity verification systems to third-party cloud services.
This leads to increased concerns regarding the privacy of users' personal data.
We propose a privacy-preserving digital identity (ID) verification protocol where the third-party cloud services process the identity data encrypted.
arXiv Detail & Related papers (2024-08-15T08:12:07Z) - Excavating Vulnerabilities Lurking in Multi-Factor Authentication Protocols: A Systematic Security Analysis [2.729532849571912]
Single-factor authentication (SFA) protocols are often bypassed by side-channel and other attack techniques.
To alleviate this problem, multi-factor authentication (MFA) protocols have been widely adopted recently.
arXiv Detail & Related papers (2024-07-29T23:37:38Z) - Towards Credential-based Device Registration in DApps for DePINs with ZKPs [46.08150780379237]
We propose a credential-based device registration (CDR) mechanism that verifies device credentials on the blockchain.
We present a general system model, and technically evaluate CDR using zkSNARKs with Groth16 and Marlin.
arXiv Detail & Related papers (2024-06-27T09:50:10Z) - Attribute-Based Authentication in Secure Group Messaging for Distributed Environments [2.254434034390528]
Messaging Layer security (MLS) and its underlying Continuous Group Key Agreement protocol allow a group of users to share a cryptographic secret in a dynamic manner.
The use of digital certificates for authentication in a group goes against the group members' privacy.
We provide an alternative method of authentication in which the solicitors, instead of revealing their identity, only need to prove possession of certain attributes.
arXiv Detail & Related papers (2024-05-20T14:09:28Z) - Biometrics-Based Authenticated Key Exchange with Multi-Factor Fuzzy Extractor [19.129363889273904]
We propose a novel multi-factor fuzzy extractor that integrates both a user's secret (e.g., a password) and a user's biometrics.
We then employ this multi-factor fuzzy extractor to construct personal identity credentials which can be used in a new multi-factor authenticated key exchange protocol.
arXiv Detail & Related papers (2024-05-19T05:50:28Z) - A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure.
This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus.
We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
arXiv Detail & Related papers (2024-01-19T14:52:04Z) - Revocable Quantum Digital Signatures [57.25067425963082]
We define and construct digital signatures with revocable signing keys from the LWE assumption.
In this primitive, the signing key is a quantum state which enables a user to sign many messages.
Once the key is successfully revoked, we require that the initial recipient of the key loses the ability to sign.
arXiv Detail & Related papers (2023-12-21T04:10:07Z) - HFORD: High-Fidelity and Occlusion-Robust De-identification for Face
Privacy Protection [60.63915939982923]
Face de-identification is a practical way to solve the identity protection problem.
The existing facial de-identification methods have revealed several problems.
We present a High-Fidelity and Occlusion-Robust De-identification (HFORD) method to deal with these issues.
arXiv Detail & Related papers (2023-11-15T08:59:02Z) - Incorporating Zero-Knowledge Succinct Non-interactive Argument of Knowledge for Blockchain-based Identity Management with off-chain computations [0.8621608193534839]
A novel blockchain-based fingerprint authentication system is proposed that integrates zk-SNARKs.
The proposed method has the potential to provide a secure and efficient solution for blockchain-based identity management.
arXiv Detail & Related papers (2023-10-30T11:24:05Z) - Redactable and Sanitizable Signature Schemes: Applications and
Limitations for use in Decentralized Digital Identity Systems [8.501327327617313]
Redactable signature schemes and sanitizable signature schemes are methods that permit modification of a given digital message and retain a valid signature.
We propose implementing these protocols on a digital credential and compare them against other privacy-enhancing techniques to assess their suitability.
arXiv Detail & Related papers (2023-10-26T10:28:25Z) - FedSOV: Federated Model Secure Ownership Verification with Unforgeable
Signature [60.99054146321459]
Federated learning allows multiple parties to collaborate in learning a global model without revealing private data.
We propose a cryptographic signature-based federated learning model ownership verification scheme named FedSOV.
arXiv Detail & Related papers (2023-05-10T12:10:02Z) - CATFL: Certificateless Authentication-based Trustworthy Federated
Learning for 6G Semantic Communications [12.635921154497987]
Federated learning (FL) provides an emerging approach for collaboratively training semantic encoder/decoder models of semantic communication systems.
Most existing studies on trustworthy FL aim to eliminate data poisoning threats that are produced by malicious clients.
A certificateless authentication-based trustworthy federated learning framework is proposed, which mutually authenticates the identity of clients and server.
arXiv Detail & Related papers (2023-02-01T06:26:44Z) - Secure access system using signature verification over tablet PC [62.21072852729544]
We describe a highly versatile and scalable prototype for Web-based secure access using signature verification.
The proposed architecture can be easily extended to work with different kinds of sensors and large-scale databases.
arXiv Detail & Related papers (2023-01-11T11:05:47Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.