LNCS 10946 Willy Susilo Guomin Yang (Eds.) Information Security and Privacy 23rd Australasian Conference, ACISP 2018 Wollongong, NSW, Australia, July 11–13, 2018 Proceedings 123 Lecture Notes in Computer Science Commenced Publication in 1973 Founding and Former Series Editors: Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen Editorial Board David Hutchison Lancaster University, Lancaster, UK Takeo Kanade Carnegie Mellon University, Pittsburgh, PA, USA Josef Kittler University of Surrey, Guildford, UK Jon M Kleinberg Cornell University, Ithaca, NY, USA Friedemann Mattern ETH Zurich, Zurich, Switzerland John C Mitchell Stanford University, Stanford, CA, USA Moni Naor Weizmann Institute of Science, Rehovot, Israel C Pandu Rangan Indian Institute of Technology Madras, Chennai, India Bernhard Steffen TU Dortmund University, Dortmund, Germany Demetri Terzopoulos University of California, Los Angeles, CA, USA Doug Tygar University of California, Berkeley, CA, USA Gerhard Weikum Max Planck Institute for Informatics, Saarbrücken, Germany 10946 More information about this series at http://www.springer.com/series/7410 Willy Susilo Guomin Yang (Eds.) • Information Security and Privacy 23rd Australasian Conference, ACISP 2018 Wollongong, NSW, Australia, July 11–13, 2018 Proceedings 123 Editors Willy Susilo University of Wollongong Wollongong, NSW Australia Guomin Yang University of Wollongong Wollongong, NSW Australia ISSN 0302-9743 ISSN 1611-3349 (electronic) Lecture Notes in Computer Science ISBN 978-3-319-93637-6 ISBN 978-3-319-93638-3 (eBook) https://doi.org/10.1007/978-3-319-93638-3 Library of Congress Control Number: 2018947318 LNCS Sublibrary: SL4 – Security and Cryptology © Springer International Publishing AG, part of Springer Nature 2018 This work is subject to copyright All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed The use of general descriptive names, registered names, trademarks, service marks, etc in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use The publisher, the authors and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication Neither the publisher nor the authors or the editors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissions that may have been made The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affiliations Printed on acid-free paper This Springer imprint is published by the registered company Springer International Publishing AG part of Springer Nature The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland Preface This volume contains the papers presented at ACISP 2018 – the 23rd Australasian Conference on Information Security and Privacy held during July 11–13, 2018, in Wollongong, Australia The conference was organized by the Institute of Cybersecurity and Cryptology at the University of Wollongong, which provided wonderful facilities and support This year we received 136 submissions of excellent quality from 23 countries around the world Each submission was allocated to at least three Program Committee members and each paper received on average 2.8 reviews The submission and review process was supported by the EasyChair conference submission server In the first stage of the review process, the submitted papers were evaluated by the Program Committee members In the second stage, the papers were scrutinized during an extensive discussion Finally, the committee decided to accept 41 regular papers and ten short papers Among the accepted regular papers, four papers were nominated as candidates for the Best Paper Award and five papers were nominated as candidates for the Best Student Paper Award The Program Committee voted for both awards For the Best Paper Award, two papers were the preferred options with no clear winner and we decided to award the Best Paper to both papers: • “Secure Publicly Verifiable Computation with Polynomial Commitment in Cloud Computing” by Jian Shen, Dengzhi Liu, Xiaofeng Chen, Xinyi Huang, Jiageng Chen, and Mingwu Zhang • “Decentralized Blacklistable Anonymous Credentials with Reputation” by Rupeng Yang, Man Ho Au, Qiuliang Xu, and Zuoxia Yu The Best Student Paper was awarded to the paper: • “Asymmetric Subversion Attacks on Signature Schemes” by Chi Liu, Rongmao Chen, Yi Wang, and Yongjun Wang The Jennifer Seberry Lecture this year was delivered by Prof Wanlei Zhou from the University of Technology Sydney, Australia The program also included three invited talks presented by Prof Robert Deng from Singapore Management University, Singapore; Prof Patrizio Campisi from the Roma Tre University, Italy; and Dr Surya Nepal from CSIRO/Data61, Australia We would like to thank the Program Committee members and the external reviewers for their effort and time to evaluate the submissions, and our sponsors — School of Computing and Information Technology at the University of Wollongong, Springer, DATA61, Australian Government Department of Defence Science and Technology VI Preface (DST), Cryptography - Open Access Journal by MDPI, and New South Wales (NSW) Cyber Security Network, Australia, NSW Office of the Chief Scientist and Engineer, iTree and Thinking Studio — for their generous support to the conference We are indebted to the team at Springer for their continuous support of the conference and for their help in the production of the conference proceedings July 2018 Willy Susilo Guomin Yang ACISP 2018 The 23rd Australasian Conference on Information Security and Privacy University of Wollongong, Australia July 11–13, 2018 Program Chairs Willy Susilo Guomin Yang University of Wollongong, Australia University of Wollongong, Australia General Chairs Yi Mu Fuchun Guo University of Wollongong, Australia University of Wollongong, Australia Publication Chairs Joonsang Baek Yang-Wai Chow University of Wollongong, Australia University of Wollongong, Australia Organization Chair Jianchang Lai University of Wollongong, Australia Program Committee Masayuki Abe Cristina Alcaraz Man Ho Au Shi Bai Zubair Baig Paulo Barreto Colin Boyd Aniello Castiglione Jinjun Chen Liqun Chen Rongmao Chen Xiaofeng Chen Kim-Kwang Raymond Choo NTT, Japan University of Malaga, Spain Hong Kong Polytechnic University, SAR China Florida Atlantic University, USA Edith Cowan University, Australia University of Washington, USA Norwegian University of Science and Technology, Norway University of Salerno, Italy Swinburne University of Technology, Australia University of Surrey, UK National University of Defense Technology, China Xidian University, China University of Texas at San Antonio, USA VIII ACISP 2018 Ernesto Damiani Naccache David Yvo Desmedt Josep Domingo-Ferrer Ernest Foo David Galindo Jian Guo Gerhard Hancke Qiong Huang Xinyi Huang Dong Seong Kim Jongkil Kim Noboru Kunihiro Fabien Laguillaumie Dongxi Liu Joseph Liu Zhe Liu Zhen Liu Javier Lopez Hui Ma Mark Manulis Mitsuru Matsui Kazuhiko Minematsu Chris Mitchell Khoa Nguyen Thomas Peyrin Duong Hieu Phan Josef Pieprzyk Reza Reyhanitabar Reyhaneh Safavi-Naini Pierangela Samarati Marcos Simplicio Leonie Simpson Ron Steinfeld Atsushi Takayasu Qiang Tang Damien Vergnaud Huaxiong Wang Qianhong Wu Yong Yu Yu Yu Jiang Zhang Mingwu Zhang Rui Zhang University of Milan, Italy Ecole Normale Suprieure, France University of Texas at Dallas, USA Universitat Rovira i Virgili, Spain Queensland University of Technology, Australia University of Birmingham, UK Nanyang Technological University, Singapore City University of Hong Kong, SAR China South China Agricultural University, China Fujian Normal University, China University of Canterbury, New Zealand University of Wollongong, Australia The University of Tokyo, Japan Université de Lyon 1/LIP, France CSIRO/Data61, Australia Monash University, Australia Nanjing University of Aeronautics and Astronautics, China Shanghai Jiao Tong University, China University of Malaga, Spain Chinese Academy of Sciences, China University of Surrey, UK Mitsubishi Electric, Japan NEC Corporation, Japan Royal Holloway, University of London, UK Nanyang Technological University, Singapore Nanyang Technological University, Singapore XLIM (Limoges University), France CSIRO/Data61, Australia Katholieke Universiteit Leuven, Belgium University of Calgary, Canada University of Milan, Italy University of São Paulo, Brazil Queensland University of Technology, Australia Monash University, Australia University of Tokyo, Japan Cornell University, USA Université Pierre et Marie Curie/Institut Universitaire de France, France Nanyang Technological University, Singapore Beihang University, China Shaanxi Normal University, China Shanghai Jiao Tong University, China Chinese Academy of Sciences, China Hubei University of Technology, China Chinese Academy of Sciences, China ACISP 2018 Additional Reviewers Acien, Antonio Al Maqbali, Fatma Andrade, Ewerton Anglès-Tafalla, Carles Avizheh, Sepideh Baek, Joonsang Banik, Subhadeep Bao, Zhenzhen Bert, Pauline Blanco-Justicia, Alberto Bouvier, Cyril Chen, Haixia Chen, Long Chengjun Lin Chotard, Jérémy Cominetti, Eduardo Cui, Yuzhao Dragan, Constantin Catalin Du, Jiangyi Duong, Tuyet Gaborit, Philippe Germouty, Paul Gong, Junqing Guo, Chun Guo, Fuchun Guo, Qingwen Haitao, Xie Han, Jinguang Han, Shangbin Hauteville, Adrien Herold, Gottfried Herranz, Javier Hu, Kexin Hu, Zhi Huang, Jianye Isshiki, Toshiyuki Jha, Sonu Jiang, Linzhi Jiang, Shaoquan Jiang, Yan Jiao, Lin Karati, Sabyasachu Katsumata, Shuichi Kim, Jongkil Kito, Keisuke Lai, Jianchang Leontiadis, Iraklis Li, Hongbo Li, Shuai Li, Sujuan Li, Xiangxue Li, Yalan Li, Yannan Lin, Changlu Lin, Cheng-Jun Lin, Fuchun Liu, Guozhen Liu, Hanlin Liu, Yihuan Liu, Zhiqiang Lu, Xingye Lu, Yuan Murilo, Cezar Naito, Yusuke Nitaj, Abderrahmane Ohigashi, Toshihiro Pan, Yanbin Parra-Arnau, Javier Parry, Jack Qin, Baodong Ribes-González, Jordi Ricardini, Jefferson E Ricci, Sara Rios, Ruben Rossetti, Jonatas Ruan, Ou Rubio, Juan E Sakai, Yusuke Sakzad, Amin Sehrawat, Vipin Sen Gupta, Sourav Sharifian, Setareh Shen, Hua Shuangyu, He Silva, Marcos Soria-Comas, Jordi IX Practical Signatures from the Partial Fourier Recovery Problem Revisited 819 Table PASSRS signature scheme parameter Parameter Parameter N 512 1024 q ≡ mod 2N 216 + 216 + t = |ω| 256 512 k 13.3 13.3 σ 2000 1800 44 36 κ s.t 2κ · N κ ≥ 2256 M = exp( 2τ κσ+κ ) 2σ ≈7.4 ≈7.4 Lattice strength 1.0035 1.0017 Public key size (log2 q + 2)t 832 bytes 1664 bytes Signature length ≈ (log2 σ + 2)N + min(κ log2 N, N ) 882 bytes 1709 bytes where It is a t dimensional identity matrix This lattice has a unique shortest vector 0, f , with an l2 norm of approximately 2N/3 + On the other hand, it has been shown in [6] that the ability to locate a unique shortest vector in a lattice depends on the root Hermite factor of the lattice, which is the n-th root of Gaussian expected length l2 norm of the target vector where n = (N +t+1) is the dimension of the lattice We known that the Gaussian expected length of this lattice is ⎛ ⎝ t N +t+1 N +t+1 2πe q t N +t+1 N +t+1 2πe q 2N/3 + This results in ⎞ N +t+1 ⎠ 3N With t ≈ N/2, this quantity is ≈ 9/(8πe)q For the parameter sets that we are suggesting, this yields 1.0035 and 1.0017, respectively Applying the latest results of estimating the cost of the BKZ 2.0 algorithm with (quantum) sieving [1–3], we estimate the cost to recover this shortest vector requires at least 2129 and 2198 operations Acknowledgement We appreciate the anonymous reviewers for their valuable suggestions Part of this work was supported by the National Natural Science Foundation of China (Grant No 61602396, U1636205), and from the Research Grants Council of Hong Kong (Grant No 25206317) 820 X Lu et al References Alkim, E., Ducas, L., Pă oppelmann, T., Schwabe, P.: Post-quantum key exchange - a new hope In: 25th USENIX Security Symposium, USENIX Security 2016, Austin, TX, USA, 10–12 August 2016, pp 327–343 (2016) Bai, S., Laarhoven, T., Stehle, D.: Tuple lattice sieving Cryptology ePrint Archive, Report 2016/713 (2016) https://eprint.iacr.org/2016/713 Chen, Y., Nguyen, P.Q.: BKZ 2.0: better lattice security estimates In: Lee, D.H., Wang, X (eds.) ASIACRYPT 2011 LNCS, vol 7073, pp 1–20 Springer, Heidelberg (2011) https://doi.org/10.1007/978-3-642-25385-0 Ducas, L., Durmus, A., Lepoint, T., Lyubashevsky, V.: Lattice signatures and bimodal gaussians In: Canetti, R., Garay, J.A (eds.) CRYPTO 2013 LNCS, vol 8042, pp 40–56 Springer, Heidelberg (2013) https://doi.org/10.1007/978-3-64240041-4 Ducas, L., Lepoint, T., Lyubashevsky, V., Schwabe, P., Seiler, G., Stehle, D.: Crystals - dilithium: digital signatures from module lattices Cryptology ePrint Archive, Report 2017/633 (2017) https://eprint.iacr.org/2017/633 Gama, N., Nguyen, P.Q.: Predicting lattice reduction In: Smart, N (ed.) EUROCRYPT 2008 LNCS, vol 4965, pp 31–51 Springer, Heidelberg (2008) https:// doi.org/10.1007/978-3-540-78967-3 Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions In: Dwork, C (ed.) Proceedings of the 40th Annual ACM Symposium on Theory of Computing, Victoria, British Columbia, Canada, 17–20 May 2008, pp 197–206 ACM (2008) Goldreich, O., Goldwasser, S., Halevi, S.: Public-key cryptosystems from lattice reduction problems In: Kaliski Jr., B.S (ed.) CRYPTO 1997 LNCS, vol 1294, pp 112–131 Springer, Heidelberg (1997) https://doi.org/10.1007/BFb0052231 Hoffstein, J., Pipher, J., Schanck, J.M., Silverman, J.H., Whyte, W.: Practical signatures from the partial fourier recovery problem In: Boureanu, I., Owesarski, P., Vaudenay, S (eds.) ACNS 2014 LNCS, vol 8479, pp 476–493 Springer, Cham (2014) https://doi.org/10.1007/978-3-319-07536-5 28 10 Lyubashevsky, V.: Fiat-shamir with aborts: applications to lattice and factoringbased signatures In: Matsui, M (ed.) ASIACRYPT 2009 LNCS, vol 5912, pp 598–616 Springer, Heidelberg (2009) https://doi.org/10.1007/978-3-642-103667 35 11 Lyubashevsky, V.: Lattice signatures without trapdoors In: Pointcheval and Johansson [14], pp 738–755 (2012) 12 Lyubashevsky, V., Micciancio, D.: Asymptotically efficient lattice-based digital signatures In: Canetti, R (ed.) TCC 2008 LNCS, vol 4948, pp 37–54 Springer, Heidelberg (2008) https://doi.org/10.1007/978-3-540-78524-8 13 Micciancio, D., Peikert, C.: Trapdoors for lattices: simpler, tighter, faster, smaller In: Pointcheval and Johansson [14], pp 700–718 (2012) 14 Pointcheval, D., Johansson, T (eds.): EUROCRYPT 2012 LNCS Springer, Heidelberg (2012) https://doi.org/10.1007/978-3-642-29011-4 CRT-KPS: A Key Predistribution Schemes Using CRT Pinaki Sarkar(B) , Mayank Baranwal, and Sukumar Nandi Department of CSE, Indian Institute of Technology Guwahati, Guwahati, India pinakisark@gmail.com, baranwalm2002@gmail.com, sukumar.nandi@gmail.com Abstract Key Predistribution Schemes (KPS) are efficient key management solutions that are well suited to establish lightweight symmetric keys even in resource starved environments, like low cost Internet of Things (IoT) This paper uses Chinese Remainder Theorem (CRT) to propose an energy efficient and deterministic KPS for distributed ad hoc networks, that we name as CRT-KPS We theoretically establish the effectiveness of CRT-KPS in term of crucial metrics Comparative study establishes that our proposals have better balance in overall performance as compared to state-of-the-art schemes and should find wide applications in IoT systems (specially for resource starved end devices) Keywords: IoT networks security · Energy efficient key management Key Predistribution Scheme (KPS) Chinese Remainder Theorem (CRT) · Isomorphism Introduction Internet of Things (IoT) is a new reality where all objects can sense, identify, connect and communicate themselves to a single system IoT is transforming our physical world to a single large information system and has several scientific applications Of notable interests are networks that deal with sensitive data like military networks where security is premium A few prototype IoT networks are (static) Wireless Sensor Networks (WSN), Mobile Ad hoc NETwork (MANET) and Radio Frequency IDentification (RFID) systems It is obvious that a widespread adaptation of IoT systems is not risk free because if any (low cost) IoT device’s security is compromised, then a valid threat can widely dispense through the Internet This paper provides a lightweight indigenous solution that uses a device’s identity and supports large number of (pre-defined) network nodes; and so, is implementable in RFID-WSN integration platforms 1.1 Security and Key Management Issues: Motivation To ensure secure (confidential and authentic) communication and distribution of sensitive IoT data, we implement cryptosystems Constraints in resources restrict c Springer International Publishing AG, part of Springer Nature 2018 W Susilo and G Yang (Eds.): ACISP 2018, LNCS 10946, pp 821–830, 2018 https://doi.org/10.1007/978-3-319-93638-3_51 822 P Sarkar et al applications of heavyweight Public Key Cryptosystems (PKC) in resource constraint IoT devices (sensors, tags, etc.) Instead, we exploit faster implementable Symmetric Key Cryptographic (SKC) protocols [3] A major concern while implementing SKC systems for (low cost) networks is their demand to assign the same (or easily derivable) cryptographic key(s) among the communicating parties (prior to exchanges of messages) Inefficient computation and communication overheads prohibit implementations of online PKC protocols [12] to manage symmetric keys in low cost networks Pairwise assignments of mutual keys overburden the memory of devices Employing Trusted Authorities (TA) to distribute symmetric secrets is prohibited since devices (including TAs) are prone to compromise This motivates implementations of efficient Key Predistribution Schemes (KPS) to secure communication of resource constraint IoT devices A KPS, as conceptualized by Eschenauer and Gligor [5], executes the steps below: preload keys: prior to deployment, a root authority assigns blocks of keys of an underlying SKC (AES-128 [3]) with unique key identifiers (ids) into devices to form their keyrings from a large collection of system keys, aka the key pool K; key establishment: preloaded keys are established by a two phase process, as below: – Shared key discovery: discovers the shared key(s) among two nodes – Path key establishment: establishes an optimized path between a given pair of nodes that not share any key This step involves intermediate nodes Nodes ‘equate’ each others’ node ids (function of entire preloaded set key ids [7,9,11]) after (broadcast) exchange of these lightweight packets during a key establishment process (KEP) Aforesaid subprocesses that establish mutual shared key(s) between participants can be either probabilistic or deterministic and accordingly leads to: Random Key Predistribution Schemes (RKPS) [5]: preload SKC keys [3] into devices to form keyrings in an arbitrary manner and obtain a random graphical model Gennaro et al [6] and references therein extends this RKPS [5] to a subset scheme and combines with an identity based system [13] to obtain a hybrid leaf resistant non-interactive linear hierarchical key agreement scheme (ni-L-H-KAS) Deterministic Key Predistribution Schemes (DKPS) [2]: use combinatorial designs to model a network’s (symmetric) key sharing graph The works [1, 7,9,11] set out desirable criteria for combinatorial KPS and manifest that they have predictable parametric properties Paterson and Stinson [11] unify constructions of combinatorial KPS Works that rectify certain parametric deficits (resilience or connectivity, defined in Sect 3), with nominal increment in a node’s storage are eminent [1,4] CRT-KPS: A Key Predistribution Schemes Using CRT 1.2 823 Contribution and Organization of Our Work We construct a simple-minded Chinese Remainder Theorem based Key Predistribution Scheme (CRT-KPS) in Sect Next we analyze this indigenous proposal in Sect on the basis of crucial design parameters and compare with prominent schemes.1 Key Predistribution Schemes (KPS) Based on CRT This section devises a novel Chinese Remainder Theorem based Key Predistribution Scheme (CRT-KPS) We commence by revisiting CRT for any two co-prime integers p, q and reconstruct an associated isomorphism between Zpq −→ Zp ×Zq We employ this isomorphism to construct our CRT-KPS for the case of two coprime integers, p, q Result (CRT for co-primes and an isomorphism) Given two co-prime integers p and q, the following system of equations has an unique solution mod pq, i.e., x ∈ Zpq x ≡ a(mod p) (1) x ≡ b(mod q) (2) As an immediate consequence, an isomorphism is set out from Zp × Zq −→ Zpq Reducing x mod p and x mod q, we obtain reverse direction, i.e., the above two equations Proof We refer our readers to a standard text on basic number theory for proof of CRT (Koblitz [8]) Here we only state the solution and use it to construct the isomorphism: An Unique Solution is: α ≡ bm1 p + an1 q ∈ Zpq (3) where m1 ≡ m(mod p), n1 ≡ n(mod q) such that mp + nq = from Extended Euclidean Algorithm (EEA) since gcd(p, q) = We construct a map between Zp × Zq −→ Zpq as (a, b) ≡ α, where α is the unique solution of x ≡ a mod p and x ≡ b mod q that we obtain through CRT Now we establish that this map is an isomorphism: – homomorphism: follows from standard computation that we exhibit now Consider (a1 , b1 ) ∈ Zp × Zq ≡ α1 ∈ Zpq , (a2 , b2 ) ∈ Zp × Zq ≡ α2 ∈ Zpq Then since (a1 , b1 ) + (a2 , b2 ) ∈ Zp × Zq = (a1 + a2 , b1 + b2 ) ≡ α1 + α2 ∈ Zpq and (a1 , b1 ) · (a2 , b1 ) ∈ Zp × Zq = (a1 a2 , b1 b2 ) ≡ α1 · α2 ∈ Zpq , we have an induced homomorphism – bijection: of the aforesaid map is a consequence of (i) the uniqueness (so, one-to-one) and, (ii) the fact that both the domain set (Cartesian product) and the range set has same number of elements (pq) , i.e., the induced map is onto We refer to an existing result as ‘Result’; while a ‘Theorem’ or ‘Corollary’ are new outcomes 824 P Sarkar et al – reverse isomorphism: Given an α ∈ Zpq , (α mod p, α mod q) gives the inverse isomorphism We use both maps during construction and analyses of our CRT-KPS 2.1 CRT-KPS: A Novel Distributed KPS Using CRT Here we construct the indigenous CRT-KPS for two co-prime integers These two co-primes p, q (system parameters) are chosen so that pq > N = expected number of nodes in the network So, both p, q are considerably small unlike primes used for cryptographic purposes (PKC [12] or pseudo-random number generators [10]) Further, we not impose any further restrictions on them (for instance, to be of almost equal sizes, like in RSA [12]) Rest of the construction is set out next: we set the key pool to be the ring Zpq for the chosen co-primes p, q; nodes ids are set as α ≡ (a, b) where α ∈ Zpq such that α ≡ a mod p and α ≡ b mod q So the maximum number of blocks and hence, nodes = β = pq; we use the isomorphism resulting from CRT to assign key ids to a node α ≡ (a, b) as: {(a, j), j = 1, 2, 3, · · · , q − 1} ∪ {(i, b), i = 1, 2, 3, · · · , p − 1} We have a repeat of one key: (a, b) that we consider only once So keyring sizes = k = p + q − Computation of shared keys between two nodes with ids αi ≡ (ai , bi ), i = 1, is done by key establishment process (KEP), the executes the simple and lightweight steps below: broadcast exchange of node ids (as elements in Zpq ); “equate” these node ids to trace the common shared keys between nodes as below; – in case = a2 , bi = b2 , common keys between the nodes α1 , α2 are (a1 , b2 ) and (a2 , b1 ) since keyrings of αi = (ai , y), y ∈ Zq , (x, bi ), x ∈ Zp (ai , bi ), i = 1, – in case = a2 but bi = b2 = b (say), we compute the common keys between nodes α1 and α2 to be (i, b), i = 0, 1, · · · , p − – in case = a2 = a (say) and bi = b2 , then by a similar logic, the common keys between nodes α1 and α2 are (a, j), j = 0, 1, · · · , q − A shared session key between the nodes α1 and α2 in all the three cases can be taken as an unique publicly known function (example: xor) of all their common shared keys For the first case, Theorem proves the uniqueness of this session key in the entire system and therefore eliminates masquerading attacks For latter two cases, session keys are unique only up to a threshold since common keys are shared by other p + q − nodes (Theorems and 4) An interested reader may refer to Fig for an instance with p = 5, q = where we represent keyrings and connectivity of nodes 17, 12, 19(mod 35) We choose these three nodes as their key sharing covers all possible (three) cases that we state above and analyze in depth through the Theorems 1, 2, and in next Sect CRT-KPS: A Key Predistribution Schemes Using CRT 825 Fig Prototype connectivity between nodes due to (2 co-prime) CRT-KPS with p = 5, q = Remark (Variant of CRT − KP S) CRT holds for any number of co-prime integers and potentially lead to constructions of generic CRT-KPS Generalized CRT-KPS has more keys in intersections of keyrings at depth 1; and so facilitate subset construction Due to limited scope of this shortened conference version and rigor of presentation of the generalized version, this paper studies the case of two co-prime integers only Analyses with Comparative Study Here we scrutinize CRT-KPS in terms of crucial parameters Like all (combinatorial) KPS, energy requirement of CRT-KPS is less and it supports a network of pre-defined size (pq) Next we recall an active adversarial threat model, system’s resiliency against it, the vital notions of secure connectivity and its trade-offs with resilience: Definition (Random Node Compromise attack) is random capture or compromise of nodes [7, 9, 11] (without prior information about the network) Definition (A Resilience Metric) fail(s) is defined as the probability of a link being compromised among the network of uncompromised nodes due to cs random compromise of s nodes Notationally, fail(s) = , where cs is the us number of compromised links and us is the total number of links in the remaining network of uncompromised nodes We use fail(1) to analyze our schemes and adapt during comparative study Definition (Secure link) A secure link is said to exist between nodes in a system designed by a KPS if they share at least one key of the underlying SKC [3] In case of multiple (uniformly) shared keys between a pair of nodes, we construct a shared session key to be an unique (publicly known) function of all their common shared keys 826 P Sarkar et al Definition (Secure connectivity) We define the metric, secure connectivity or simply connectivity of the network, to be the probability that two nodes are connected by a secure link Symbolically we denote a network’s connectivity (under a KPS) by ρ Schemes with good connectivity (i.e., high ρ values) and resiliency (i.e., small fail(s) values) are preferred Unfortunately these two metrics are inversely related; so a trade-off is inevitable It is desirable that the system’s connectivity ratio ρ be as close to as possible If necessary, resilience improvement techniques can be exploited (Dalai and Sarkar [4] and references therein) Now that the basic notions are formally set out, we analyze the key sharing graph of CRT-KPS through the theorems and corollaries, that follow: Theorem Consider two nodes with ids αi ∈ Zpq , i = 1, where αi ≡ ( mod p) and αi ≡ bi (mod q) for i = 1, So we consider the inverse isomorphism operation of CRT Assume a1 = a2 , b1 = b2 Then we can compute (a1 , b2 ) and (a2 , b1 ) to be the common shared keys between the nodes α1 and α2 Further these are the only two nodes in the system that share this pair keys Therefore we arrive a case of absolute resilience Proof The fact that (a1 , b2 ) and (a2 , b1 ) are common shared keys between the nodes α1 and α2 is a direct consequence of our construction Conversely, we use CRT and the method of “prove by contradiction” to ratify that these keys are jointly in no other nodes, i.e., αz , z = i = 1, Suppose (a1 , b2 ) and (a2 , b1 ) in the same node αz , z ∈ Zpq , z = i = 1, Then from our construction, keyring of the node αz must contain: (a1 , j); (l, b2 ) or (a1 , j); (l, b2 ), (j = 1, 2, 3, · · · , q − 1, l = 1, 2, · · · , p − in both cases); i.e., contain αz ≡ (a1 , b1 ) or αz ≡ (a2 , b2 ) since a1 = a2 and b1 = b2 This compels αz = α1 or αz = α2 , which leads to a contradiction, and so our claim is true Corollary Number of nodes pairs < α1 , α2 >∈ Zpq × Zpq that have perfect resilience against compromise of third party nodes = pq(p−1)(q−1) (refer to Theorem 1) Proof For a node α1 ∈ Zpq ≡ (a1 , b1 ) ∈ Zp × Zq , there are (p − 1)(q − 1) possible α2 ≡ (a2 , b2 ) ∈ Zp ×Zq nodes with a1 = a2 , b1 = b2 Now we can choose α1 ∈ Zpq in pq ways since all choices of α1 are stochastically independent However in this process, we double count every pair of nodes in the form α1 , α2 and α2 , α1 (since α1 is just a label) We divide by to eliminate this double count and obtain the desired result Theorem Consider a1 = a2 = a (say) for two arbitrary nodes ids αi ∈ Zpq (ai , bi ) ∈ Zp × Zq for i = 1, 2; so b1 = b2 Then there are q keys (a, j), j = 0, 1, 2, 3, · · · , q − common between them Similarly, the intersection of two arbitrary nodes α1 and α2 when b1 = b2 = b (say), so that a1 = a2 has p keys: (i, b), = 0, 1, 2, 3, · · · , p − CRT-KPS: A Key Predistribution Schemes Using CRT 827 Proof For nodes α1 = α2 ∈ Zpq with a = a1 = a2 ∈ Zp =⇒ b1 = b2 ∈ Zq There cannot be any common key of the form (i, b), b ∈ Zq This is because first co-ordinate is constant and second co-ordinate varies So only possibility is to have common key of the form (a, j), a ∈ Zp Our construction yields: (a, j), j = 1, 2, 3, · · · , q −1 to be the set of q common keys as j varies over Zq By symmetry, the other result follows Corollary Number of nodes that contain the keys: (a, j), j = 0, 1, 2, · · · , q −1 for a fixed a ∈ Zp are q So number of nodes that contains (a, j), j = 0, 1, 2, · · · , q − for a varying a ∈ Zp = pq Similarly the number of nodes that contain the keys: (i, b), i = 0, 1, 2, · · · , p − for varying b ∈ Zq are qp Proof From CRT-KPS construction and proof of previous Theorem 2, it is clear that for a fixed a ∈ Zp , the keys (a, j), j = 0, 1, 2, · · · , q − jointly occur in the q nodes with ids: (a, b), b = 0, 1, 2, · · · , q − Moreover, they are the only common keys among these nodes as second (key) co-ordinate varies for them only Therefore, as a varies over Zp , number of nodes = pq (q many for each a ∈ Zp ) Proof of the other case is similar Proof of the next theorem uses CRT-KPS construction and standard computations Theorem (Degree of CRT-KPS) Cycle of a given key (i, j) ∈ Zp × Zq (fixed i, j) has r = p + q − nodes with ids (i, z1 ), z1 ∈ Zq ∪ (z2 , j), z2 ∈ Zp (counting (z1 , z2 ) once) Given the circumstantial importance of the structure of a KPS during parametric analyses, the next theorem formally classifies key sharing subgraph of a given node α ∈ Zpq Theorem For an arbitrary node α ∈ Zpq ≡ (a, b) ∈ Zp × Zq , it has either: precisely distinct keys shared individually with (q − 1)(p − 1) nodes (and no third node) whose x and y co-ordinates are simultaneously different from α; exactly a set of p distinct shared keys with p node whose first co-ordinates varies in Zp and second co-ordinate is same as α; exactly a set of q distinct shared keys with p node whose first co-ordinate is same as α while second co-ordinates varies in Zq CRT-KPS has full connectivity with multiple inter-nodal shared keys Further compromise of a single node, yield fail(1) = (q − 1)(p − 1) + p(p − 1)/2 + q(q − 1)/2) Further, CRT-KPS system has good pq(pq − 1)/2 resilience against masquerading of internal nodes since for a node, (q − 1)(p − 1) nodes shares an unique session key Proof We observe that case of this theorem corresponds to Theorem and its Corollary 1; while cases and are covered in Theorem and its Corollary An obvious implication is an arbitrary node’s connectivity with all nodes in the 828 P Sarkar et al network with multiple common shared keys; and so, the resultant network is fully connected The statement about resilience of CRT-KPS requires deeper analysis, that we now Compromise of a node exposes all p + q − keys; each of which connect p + q − nodes individually but not independently Since there are three types of connections in every node (cases 1, 2, 3), we count them separately Our construction combines all shared keys between (a pair of) nodes to obtain a shared session key in each of the aforesaid case So we count (i) a single link for each peer node corresponding to case 1, (ii) a cycle of length p for case and (iii) a cycle of length q for case Therefore there are (q − 1)(p − 1) links corresponds to case ((q − 1)(p − 1) peer nodes), while cases and yield p2 and 2q links corresponding to p and q keys in respective cases (cycles of length (q − 1)(p − 1) + p(p − 1)/2 + q(q − 1)/2) p, q) Therefore, fail(1) = pq(pq − 1)/2 Table Comparison of asymptotic behavior of different schemes Scheme No of nodes ρ fail(1) q(q − 1) p(p − 1) + 2 pq(pq − 1) (q − 1)(p − 1) + CRT − KP S N = pq T D(2, k, pt ) [11] N = p2t , t ∈ Z z 1 =N pt −1 T D(k, pt ) [9], k = zq (ext of [9, 11]) (z: variable) −1 z(2 − z) 2(1−z) T D(3, k, q), k = zq N = q3 , z < N (2−z) −2 T D(3, k, q), k = q N = q3 1/2 5N 2 z(z − 3z + 6) 3(z − 2z + 2) N T D(4, k, q), k = zq N = q4 z − 3z + −1 Symmetric BIBD [2] N = q + q + 1 N −1 Comparative Study We compare asymptotic behavior of CRT-KPS with prominent others in term of parameters defined in Sect We present the data in Table and compare with SBIBD [2] and TD(t, k, q) [11] with intersection threshold η = Conclusion and Future Works This paper proposes an energy efficient KPS, called CRT-KPS Schematic analyses shows this deterministic CRT-KPS assigns multiple shared keys between nodes and has appreciable resilience against active node capture attacks Comparative study show that our indigenous scheme outperforms state-of-the-art proposals CRT-KPS: A Key Predistribution Schemes Using CRT 829 We can construct a (deterministic) subset scheme with distributed CRT-KPS at top level This subset scheme extends to a strongly resistant hybrid ni-L-HKAS on combining with Sakai et al.’s distributed ni-KAS [13] Being combinatorial, this decentralized KAS using bilinear pairing maps will have predictable design properties as opposed to Gennaro et al.’s random schemes [6] and so suit resourceful MANETs better Acknowledgement We sincerely thank Ministry of Electronics and Information Technology, Government of India for funding the post doctoral tenure of Pinaki Sarkar through “ISEA” project References Bag, S., Dhar, A., Sarkar, P.: 100% connectivity for location aware code based KPD in clustered WSN: merging blocks In: Gollmann, D., Freiling, F.C (eds.) ISC 2012 LNCS, vol 7483, pp 136–150 Springer, Heidelberg (2012) https://doi org/10.1007/978-3-642-33383-5 C ¸ amtepe, S.A., Yener, B.: Combinatorial design of key distribution mechanisms for wireless sensor networks In: Samarati, P., Ryan, P., Gollmann, D., Molva, R (eds.) ESORICS 2004 LNCS, vol 3193, pp 293–308 Springer, Heidelberg (2004) https://doi.org/10.1007/978-3-540-30108-0 18 Daemen, J., Rijmen, V.: The block cipher rijndael In: Quisquater, J.-J., Schneier, B (eds.) CARDIS 1998 LNCS, vol 1820, pp 277–284 Springer, Heidelberg (2000) https://doi.org/10.1007/10721064 26 Dalai, D.K., Sarkar, P.: Enhancing resilience of KPS using bidirectional hash chains and application on sensornet In: Yan, Z., Molva, R., Mazurczyk, W., Kantola, R (eds.) NSS 2017 LNCS, vol 10394, pp 683–693 Springer, Cham (2017) https:// doi.org/10.1007/978-3-319-64701-2 54 Eschenauer, L., Gligor, V.D.: A key-management scheme for distributed sensor networks In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, pp 41–47 ACM (2002) Gennaro, R., Halevi, S., Krawczyk, H., Rabin, T., Reidt, S., Wolthusen, S.D.: Strongly-resilient and non-interactive hierarchical key-agreement in MANETs In: Jajodia, S., Lopez, J (eds.) ESORICS 2008 LNCS, vol 5283, pp 49–65 Springer, Heidelberg (2008) https://doi.org/10.1007/978-3-540-88313-5 Kendall, M., Martin, K.M.: Graph-theoretic design and analysis of key predistribution schemes Des Codes Crypt 81(1), 11–34 (2016) Koblitz, N.: A Course in Number Theory and Cryptography Springer, New York (1987) https://doi.org/10.1007/978-1-4684-0310-7 Lee, J., Stinson, D.R.: A combinatorial approach to key predistribution for distributed sensor networks In: IEEE Wireless Communications and Networking Conference, WCNC 2005, pp 1200–1205 (2005) 10 Naor, M., Reingold, O.: Number-theoretic constructions of efficient pseudo-random functions J Assoc Comput Mach 51(2), 231–262 (2004) 830 P Sarkar et al 11 Paterson, M.B., Stinson, D.R.: A unified approach to combinatorial key predistribution schemes for sensor networks Des Codes Crypt 71(3), 433–457 (2014) 12 Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems Commun ACM 21(2), 120–126 (1978) 13 Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems based on pairing In: Symposium on Cryptography and Information Security – SCIS 2000 (2000) (In Japanese, English version available from the authors) Author Index Ahmadi, Ahmad 598 Akand, Mamunur 598 Alberto Torres, Wilson Abel 558 Anada, Hiroaki 341 Au, Man Ho 502, 558, 720, 805, 813 Baranwal, Mayank 821 Barbar, Mohamad 768 Bhattacharjee, Nandita 558 Boyen, Xavier 245 Chen, Chien-Chun 796 Chen, Jiageng 417 Chen, Kefei 265 Chen, Meng Chang 796 Chen, Rongmao 376, 431 Chen, Shiping 768 Chen, Shuhui 431 Chen, Xiaofeng 417 Chen, Yuan 539 Cheng, Jacob 558 Cheon, Jung Hee 28 Chida, Koji 64 Cui, Jie 399, 649 David, Bernardo 45 Deng, Zhijun 619 Ding, Jintai 467 Ding, Ran 399 Dong, Liju 539 Dowsley, Rafael 45 Duong, Dung Hoang 487 Fluhrer, Scott 467 Fu, Anmin 741 Gu, Dawu 687 Haines, Thomas 245 Hamada, Koki 64 He, Jiantao 649 He, Shuangyu 304 Heys, Howard M 135 Hsiao, Shun-Wen 796 Hu, Kexin 669 Hu, Lei Hu, Ziyuan 265 Huang, Xinyi 417 Huang, Zhengan 805 Ikarashi, Dai 64 Ikematsu, Yasuhiko Ito, Ryoma 154 487 Jeong, Jinhyuck 28 Jin, Hai 619 Kanaoka, Akira 341 Kikuchi, Ryo 64 Klnỗ, Handan 579 Kim, Dongwoo 28 Kim, Eunkyung 101 Kuchta, Veronika 558 Kunihiro, Noboru Lai, Junzuo 502, 805 Lai, Qiqi 539 Larangeira, Mario 45 Lau, Terry Shue Chien 750 Lee, Hyang-Sook 101 Lee, Hyung Tae 780 Lee, Jongchan 28 Leung, Hofung 431 Li, Bao 520 Li, Haoyu 455 Li, Jie 520 Li, Jin 759 Li, Shimin 284 Li, Wenjuan 759 Li, Xu 634 Li, Zhen 619 Liang, Bei 284 Lin, Dongdai 360 Liu, Chi 376 Liu, Dengzhi 417 Liu, Jianwei 304, 322, 706 832 Author Index Liu, Joseph K 265, 558 Liu, Lin 431 Liu, Renzhang 455 Liu, Shengli 13, 265 Liu, Ximeng 431 Liu, Zhe 759 Liu, Zhen 687 Liu, Zhiqiang 687 Long, Yu 687 Lu, Xianhui 520 Lu, Xingye 813 Lu, Yao Ma, Xuecheng 360 Mao, Xianping 805 Marrière, Nicolas 188 Matsuda, Takahiro 64 Matsuzaki, Natsume 341 Meng, Weizhi 759 Miyaji, Atsuko 154 Nachef, Valérie 188 Naito, Yusuke 225 Nandi, Sukumar 821 Nitaj, Abderrahmane 455 Pan, Yanbin 455 Park, Jeongeun 101 Paul, Souradyuti 114 Peng, Liqiang Probst, Christian W 759 Qin, Bo 304, 322 Rv, Saraswathy 467 Safavi-Naini, Reihaneh 598 Sakzad, Amin 558 Sarkar, Pinaki 821 Sarkar, Sumanta 207 Shen, Jian 417 Shrivastava, Ananya 114 Steinfeld, Ron 558 Su, Jinshu 431 Sui, Yulei 768 Sun, Liuying 83 Sun, Yeali S 796 Sun, Yinxia 741 Syed, Habeeb 207 Takagi, Tsuyoshi 487, 787 Tan, Chik How 750 Tian, Tian 172 Vaudenay, Serge 579 Volte, Emmanuel 188 Wang, Changren 706 Wang, Dongcheng 634 Wang, Huaxiong 780 Wang, Xiaofeng 431 Wang, Xin 360 Wang, Yacheng 487 Wang, Yi 376 Wang, Yongjun 376 Wang, Yu 759 Wang, Yuntao 787 Watanabe, Yohei 341 Wen, Yunhua 13 Wu, Qianhong 304, 322 Xia, Zhe 83 Xu, Qikui 634 Xu, Qiuliang 502, 720 Xu, Yan 399, 649 Xue, Haiyang 520 Xue, Jingling 768 Xue, Rui 284 Yang, Bo 83, 539 Yang, Rupeng 502, 720 Yang, Xu 634 Ye, Chendong 172 Yin, Jiayuan 706 Yu, Yong 539 Yu, Zuoxia 502, 720 Zeng, Yali 634 Zhang, Daode 520 Zhang, Futai 741 Zhang, Hongyu 768 Zhang, Kai 520, 780 Zhang, Mingwu 83, 417 Author Index Zhang, Zhang, Zhang, Zhang, Zhang, Rui Yuncong 687 Zhenfei 813 Zhenfeng 669 Zongyang 706 Zheng, Haibin 304, 322 Zhong, Hong 399, 649 Zhong, Lin 304, 322 Zhou, Yanwei 83 Zou, Deqing 619 833 ... Cham, Switzerland Preface This volume contains the papers presented at ACISP 2018 – the 23rd Australasian Conference on Information Security and Privacy held during July 11–13, 2018, in Wollongong,... conference and for their help in the production of the conference proceedings July 2018 Willy Susilo Guomin Yang ACISP 2018 The 23rd Australasian Conference on Information Security and Privacy University... 10946 More information about this series at http://www.springer.com/series/7410 Willy Susilo Guomin Yang (Eds.) • Information Security and Privacy 23rd Australasian Conference, ACISP 2018 Wollongong,