Central bank digital currencies require the implementation of eKYC to verify whether a trading customer is eligible online. When an organization issues an ID proof of a customer for eKYC, that proof is usually achieved in practice by a hierarchy of issuers. However, the customer wants to disclose only part of the issuer's chain and documents to the trading partner due to privacy concerns. In this research, delegatable anonymous credential (DAC) and zero-knowledge range proof (ZKRP) allow customers to arbitrarily change parts of the delegation chain and message body to range proofs expressed in inequalities. That way, customers can protect the privacy they need with their own control. Zero-knowledge proof is applied to prove the inequality between two time stamps by the time stamp server (signature presentation, public key revocation, or non-revocation) without disclosing the signature content and stamped time. It makes it possible to prove that the registration information of the national ID card is valid or invalid while keeping the user's personal information anonymous. This research aims to contribute to the realization of a sustainable financial system based on self-sovereign identity management with privacy-enhanced PKI.

In this paper, we propose homomorphic encryption based device owner equality verification (HE-DOEV), a new method to verify whether the owners of two devices are the same. The proposed method is expected to be used for credential sharing among devices owned by the same user. Credential sharing is essential to improve the usability of devices with hardware-assisted trusted environments, such as a secure element (SE) and a trusted execution environment (TEE), for securely storing credentials such as private keys. In the HE-DOEV method, we assume that the owner of every device is associated with a public key infrastructure (PKI) certificate issued by an identity provider (IdP), where a PKI certificate is used to authenticate the owner of a device. In the HE-DOEV method, device owner equality is collaboratively verified by user devices and IdPs that issue PKI certificates to them. The HE-DOEV method verifies device owner equality under the condition where multiple IdPs can issue PKI certificates to user devices. In addition, it can verify the equality of device owners without disclosing to others any privacy-related information such as personally identifiable information and long-lived identifiers managed by an entity. The disclosure of privacy-related information is eliminated by using homomorphic encryption. We evaluated the processing performance of a server needed for an IdP in the HE-DOEV method. The evaluation showed that the HE-DOEV method can provide a DOEV service for 100 million users by using a small-scale system in terms of the number of servers.

To accomplish secure communication in vehicular networks, public key infrastructure (PKI) can be employed. However, traditional PKI systems are not suitable because a unique certificate is assigned to each vehicle and thus no anonymity is guaranteed. In the combinatorial certificate schemes, each vehicle is assigned multiple certificates from a shared certificate pool and each certificate in the pool is assigned to multiple vehicles to achieve a level of anonymity. When a certificate assigned to a misbehaving vehicle is revoked, a certificate replacement procedure is executed to all vehicles sharing the certificate. To replace the revoked certificate, a randomized certificate replacement scheme probabilistically assigns different certificates to different vehicles, which can reduce collateral damage caused by repeatedly misusing a certificate and its replacement certificates. Unfortunately, previous randomized certificate replacement schemes allow unbounded collateral damage; a finite number of certificate replacements cannot detect the misbehaving vehicle with certainty. To address this problem, we propose a new randomized certificate replacement scheme with bounded collateral damage.

Current Public Key Infrastructures suffer from a scaling problem, and some may have security problems, even given the topological simplification of bridge certification authorities. This paper analyzes the security problems in Bridge Certificate Authorities (BCA) model by using the concept of "impersonation risk," and proposes a new modified BCA model, which enhances its security, but is a bit more complex incertification path building and implementation than the existing one.

Today, TLS is widely used for achieving a secure communication system. And TLS is used PKI for server authentication and/or client authentication. However, its PKI environment, which is called as "multiple trust anchors environment," causes the problem that the verifier has to maintain huge number of CA certificates in the ubiquitous network because the increase of terminals connected to the network brings the increase of CAs. However, most of terminals in the ubiquitous network will not have enough memory to hold such huge number of CA certificates. Therefore, another PKI environment, "cross certification environment", is useful for the ubiquitous network. But, because current TLS is designed for the multiple trust anchors model, TLS cannot work efficiently on the cross-certification model. This paper proposes a TLS implementation method to support the cross certification model efficiently. Our proposal reduces the size of exchanged messages between the TLS client and the TLS server during the handshake process. Therefore, our proposal is suitable for implementing TLS in the terminals that do not have enough computing power and memory in ubiquitous network.

In this paper, we propose a leakage-resilient and proactive authenticated key exchange (called LRP-AKE) protocol for credential services which provides not only a higher level of security against leakage of stored secrets but also secrecy of private key with respect to the involving server. And we show that the LRP-AKE protocol is provably secure in the random oracle model with the reduction to the computational Diffie-Hellman problem. In addition, we discuss about some possible applications of the LRP-AKE protocol.

In this paper, we first briefly discuss the newly emerging Secured JPEG (JPSEC) standard for security services for JPEG 2000 compressed images. We then propose our novel approach for applying authentication to JPEG 2000 images in a scalable manner. Our authentication technique can be used for source authentication, nonrepudiation and integrity verification for the received possibly transcoded JPEG 2000 images in such a way that it is possible to authenticate different resolutions or different qualities extracted or received from a JPEG 2000 encoded image. Three different implementation methods for our authentication technique are presented. Packet-Based Authentication involves using the MD5 hashing algorithm for calculating the hash value for each individual packet in the JPEG 2000 codestream. Hash values are truncated to a specified length to reduce the overhead in storage space, concatenated into a single string, and then signed using the RSA algorithm and the author's private key for repudiation prevention. Resolution-Based Authentication and Quality-Based Authentication methods involve generating a single hash value from all contiguous packets from each entire resolution or each entire quality layer, respectively. Our algorithms maintain most of the inherent flexibility and scalability of JPEG 2000 compressed images. The resultant secured codestream is still JPEG 2000 compliant and compatible with JPEG 2000 compliant decoders. Also, our algorithms are compatible with the Public Key Infrastructure (PKI) for preventing signing repudiation from the sender and are implemented using the new JPSEC standard for security signaling.

In order to introduce new routing functionality without changing the Internet infrastructure, many routing overlays have been proposed in recent years. Although such overlays allow us to dynamically and flexibly form various types of networks, the current host name resolution mechanism used in the Internet, i.e. DNS, cannot provide us such flexibility in host name referencing because of its delegation-based administration scheme of domain names. And also, it cannot provide us security because of the lack of wide deployment of its security extension, DNSSEC. In this paper, we propose a generic framework for secure and flexible host name resolution infrastructure that can be shared among many routing overlays. In contrast to DNS with which users are forced to use the domain name space managed by IANA/ICANN, our framework separates the name resolution mechanism from the name spaces it handles, which allows users to choose whatever name space they think appropriate for the identity scheme of their overlay-networking community. This realizes decentralized management of domain names and gives users freedom in domain name acquisition. The basic idea to achieve this is to use a cryptographically generated identifier (i.e. a hash of a public key) as a reference to an administrative domain of overlay networking hosts and allow the owner of the domain to securely publish host information using the corresponding private key. We show that a referencing mechanism for such host information can be easily implemented by using distributed hash tables (DHTs), and then show how such "semantic-free" references to domains can be linked to existing identity scheme in order to allow "human-friendly" referencing.

The Virtual Software Token Protocol was proposed by Know as a practical method for secure public key infrastructure roaming. However, he recently found a weakness of the protocol under the original assumption, and proposed two revised versions, namely refinement and improvement, which lost the desirable properties of scalability and efficiency respectively. In this letter, a secure improvement is proposed for better performance in both scalability and efficiency. Unlike the author's improvement, our improvement provides parallel execution as the original protocol did.

Unlike traditional networks, the characteristics of mobile wireless devices that can dynamically form a network without any infrastructure and wired line mean that mobile ad hoc networks frequently display partition owing to node mobility or link failures. Consequently, an ad hoc network is difficult to provide on-line access to trusted authorities or centralized servers. Despite the existence of well-known security mechanisms, the absence of a stationary central authorization facility in an open and distributed communication environment is a major challenge. Consequently, applying traditional Public Key Infrastructure (PKI) security architecture to mobile ad hoc networks will create secure blind sides. Based on this perspective, this study proposes a novel scalable and robust cluster-organized key management scheme. Distribution of trust to an aggregation of cluster heads using a threshold scheme faculty provides mobile ad hoc networks with robust key management. Furthermore, the proposed approach provides Certificate Authority (CA) with a fault tolerance mechanism to prevent a single point of compromise or failure, and saves CA large repositories from maintaining member certificates, making the proposed approach more suitable for numerous mobile devices. Additionally, this study proposes a Cluster Secure Based Routing Protocol (CSBRP) to integrate into the key management to enhance non-repudiation of routing information and routing performances. Finally, this study introduces a mathematical model to demonstrate that the proposed cluster-based communication outperforms the node-based approach.

Digital signature is by far one of the most important cryptographic techniques used in the e-government and e-commerce applications. It provides authentication of senders or receivers and offers non-repudiation of transmission (senders cannot deny their digital signature in the signed documents and the document cannot be altered in transmission without being detected). This paper presents our implementation results of digital signature algorithms on IC cards by using byte-unit modular arithmetic algorithm method. We evaluated the performance of well-known ESIGN and RSA digital signature algorithms on the dedicated IC card chips and showed that ESIGN is more efficient than RSA.

The demand for multi-application smart card platform has been increasing in various business sectors recently. When it comes to the actual implementation of the platform, however, network-based dynamic downloading in a Card Issuer-Service Provider separated environment has not made much progress. This paper introduces the smart card information sharing platform that uses licensing/policy/profile management and PKI-based technologies to enable multiple CIs and multiple SPs to reflect their own business policy flexibly via network. It makes the paradigm shift from card-oriented scheme to service-oriented scheme. By through world's first implementation of the scheme and some experiments including deployment, we confirmed that this technology is well-accepted and applicable to various business sectors and it can be of practical use.

Since the impact of the recent rapid penetration of Information Technologies into the society is so tremendous, it is said that IT revolution is coming. Recognizing the above new waves, the Japanese Government is now promoting e-Government programs, and most enterprises are going to depend on the Internet to do their various activities. However, computer criminals, and other threats to security are increasing and becoming serious. Therefore, 'security' is the key for the Internet to be infrastructure of the future society in a true sense. There are many products for security controls, which are not necessarily compatible or interoperable. Interoperability is the basic requirement for infrastructures. In April, 2000, JNSA was organized by about a hundred IT companies. On the other hand, in October, 2000, LINCS was set up in Kogakuin University. The two organizations set up a Consortium to make experimental studies on IPSec interoperability. This is the first report of the activities and intermediate (the first) results obtained.