Browsing by Author "Kiraz, Mehmet Sabir"
Now showing 1 - 20 of 21
Results Per Page
Sort Options
Item Open Access A New Framework for Enhancing VANETs through Layer 2 DLT Architectures with Multiparty Threshold Key Management and PETs(MDPI, 2024-09-09) Kiraz, Mehmet Sabir; Al-Bayatti, Ali Hilal; Adarbah, Haitham; Kardas, Suleyman; Al-Bayatti, Hilal M. Y.This work proposes a new architectural approach to enhance the security, privacy, and scalability of VANETs through threshold key management and Privacy Enhancing Technologies (PETs), such as homomorphic encryption and secure multiparty computation, integrated with Decentralized Ledger Technologies (DLTs). These advanced mechanisms are employed to eliminate centralization and protect the privacy of transferred and processed information in VANETs, thereby addressing privacy concerns. We begin by discussing the weaknesses of existing VANET architectures concerning trust, privacy, and scalability and then introduce a new architectural framework that shifts from centralized to decentralized approaches. This transition applies a decentralized ledger mechanism to ensure correctness, reliability, accuracy, and security against various known attacks. The use of Layer 2 DLTs in our framework enhances key management, trust distribution, and data privacy, offering cost and speed advantages over Layer 1 DLTs, thereby enabling secure vehicle-to-everything (V2X) communication. The proposed framework is superior to other frameworks as it improves decentralized trust management, adopts more efficient PETs, and leverages Layer 2 DLT for scalability. The integration of multiparty threshold key management and homomorphic encryption also enhances data confidentiality and integrity, thus securing against various existing cryptographic attacks. Finally, we discuss potential future developments to improve the security and reliability of VANETs in the next generation of networks, including 5G networks.Item Open Access Anonymous RFID authentication for cloud services(Gazi University, 2012-07-02) Bingol, Muhammed Ali; Birinci, Fatih; Kardaş, Suleyman; Kiraz, Mehmet SabirCloud computing is one of the fastest growing segments of IT industry since the users’ commitments for investment and operations are minimized, and costs are in direct relation to usage and demand. In general, cloud services are required to authenticate the user and most of the practical cloud services do not provide anonymity of the users. Namely, cloud provider can track the users easily, so privacy and authenticity are two critical aspects of security. Anonymous authentication is a technique enabling users to prove that they have privilege without disclosing real identities. This type of authentication can be useful especially in scenarios where it is sufficient to ensure the server that the claiming parties are indeed registered. Some motivating applications in the cloud for an anonymous authentication protocol are E-commerce, E-voting, E-library, Ecashand mobile agent applications. Many existing anonymous authentication protocols assume absolute trust to the cloud provider in which all private keys are stored. This trust may result in serious security and privacy issues in case of private key leakage from the cloud provider. In this paper, we propose forward secure anonymous and mutual authentication protocols using RFID technology for cloud services. These protocols avoid the trustworthiness to the cloud provider. Meaning that, even if the private keys are obtained from the corrupted tags or from the server owners of these tags cannot be traced from the past authentication actions. In fact, anonymity of the users will still be ensured even the private keys of tags are compromised.Item Open Access CertLedger: A New PKI Model with Certi cate Transparency Based on Blockchain(Elsevier, 2019-05-21) Kubilay, Murat; Mantar, Haci Ali; Kiraz, Mehmet SabirIn conventional PKI, CAs are assumed to be fully trusted. However, in practice, CAs' absolute responsibility for providing trustworthiness caused major security and privacy issues. To prevent such issues, Google introduced the concept of Certi cate Transparency (CT) in 2013. Later, several new PKI models are proposed to reduce the level of trust to the CAs. However, all of these proposals are still vulnerable to split-world attacks if the adversary is capable of showing different views of the log to the targeted victims. In this paper, we propose a new PKI architecture with certi cate transparency based on blockchain, what we called CertLedger, to eliminate the split-world attacks and to provide certi cate/revocation transparency. All TLS certi cates' validation, storage, and entire revocation process is conducted in CertLedger as well as Trusted CA certi cate management. During a TLS connection, TLS clients get an efficient proof of existence of the certi cate directly from its domain owners. Hence, privacy is now perfectly preserved by eliminating the traceability issue via OCSP servers. It also provides a unique, efficient, and trustworthy certi cate validation process eliminating the conventional inadequate and incompatible certi cate validation processes implemented by different software vendors. TLS clients in CertLedger also do not require to make certi cate validation and store the trusted CA certi cates anymore. We analyze the security and performance of CertLedger and provide a comparison with the previous proposals. Finally, we implement its protoype on Ethereum to demonstrate experimental results. The results show that the performance of the TLS handshake and certi cate validation through CertLedger is signi cantly improved compared to the current TLS protocol.Item Open Access A comprehensive meta-analysis of cryptographic security mechanisms for cloud computing(Springer, 2016-06-18) Kiraz, Mehmet SabirThe concept of cloud computing offers measurable computational or information resources as a service over the Internet. The major motivation behind the cloud setup is economic benefits, because it assures the reduction in expenditure for operational and infrastructural purposes. To transform it into a reality there are some impediments and hurdles which are required to be tackled, most profound of which are security, privacy and reliability issues. As the user data is revealed to the cloud, it departs the protection-sphere of the data owner. However, this brings partly new security and privacy concerns. This work focuses on these issues related to various cloud services and deployment models by spotlighting their major challenges. While the classical cryptography is an ancient discipline, modern cryptography, which has been mostly developed in the last few decades, is the subject of study which needs to be implemented so as to ensure strong security and privacy mechanisms in today’s real-world scenarios. The technological solutions, short and long term research goals of the cloud security will be described and addressed using various classical cryptographic mechanisms as well as modern ones. This work explores the new directions in cloud computing security, while highlighting the correct selection of these fundamental technologies from cryptographic point of view.Item Metadata only Data-Driven Decision-Making for Bank Target Marketing Using Supervised Learning Classifiers on Imbalanced Big Data(Tech Science Press, 2024-10-15) Nasir, Fahim; Ahmed, Abdulghani Ali; Kiraz, Mehmet Sabir; Yevseyeva, Iryna; Saif, MubarakIntegrating machine learning and data mining is crucial for processing big data and extracting valuable insights to enhance decision-making. However, imbalanced target variables within big data present technical challenges that hinder the performance of supervised learning classifiers on key evaluation metrics, limiting their overall effectiveness. This study presents a comprehensive review of both common and recently developed Supervised Learning Classifiers (SLCs) and evaluates their performance in data-driven decision-making. The evaluation uses various metrics, with a particular focus on the Harmonic Mean Score (F-1 score) on an imbalanced real-world bank target marketing dataset. The findings indicate that grid-search random forest and random-search random forest excel in Precision and area under the curve, while Extreme Gradient Boosting (XGBoost) outperforms other traditional classifiers in terms of F-1 score. Employing oversampling methods to address the imbalanced data shows significant performance improvement in XGBoost, delivering superior results across all metrics, particularly when using the SMOTE variant known as the BorderlineSMOTE2 technique. The study concludes several key factors for effectively addressing the challenges of supervised learning with imbalanced datasets. These factors include the importance of selecting appropriate datasets for training and testing, choosing the right classifiers, employing effective techniques for processing and handling imbalanced datasets, and identifying suitable metrics for performance evaluation. Additionally, factors also entail the utilisation of effective exploratory data analysis in conjunction with visualisation techniques to yield insights conducive to data-driven decision-making.Item Open Access An Efficient 2-Party Private Function Evaluation Protocol Based on Half Gates(Oxford University Press, 2018-12-24) Bingol, Muhammed Ali; Bicer, O.; Kiraz, Mehmet Sabir; Levi, A.Private function evaluation (PFE) is a special case of secure multi-party computation (MPC), where the function to be computed is known by only one party. PFE is useful in several real-life applications where an algorithm or a function itself needs to remain secret for reasons such as protecting intellectual property or security classification level. In this paper, we focus on improving 2-party PFE based on symmetric cryptographic primitives. In this respect, we look back at the seminal PFE framework presented by Mohassel and Sadeghian at Eurocrypt’13. We show how to adapt and utilize the well-known half gates garbling technique (Zahur et al., Eurocrypt’15) to their constant-round 2-party PFE scheme. Compared to their scheme, our resulting optimization significantly improves the efficiency of both the underlying Oblivious Evaluation of Extended Permutation (OEP) and secure 2-party computation (2PC) protocols, and yields a more than 40% reduction in overall communication cost (the computation time is also slightly decreased and the number of rounds remains unchanged).Item Open Access Efficient and Verifiable Algorithms for Secure Outsourcing of Cryptographic Computations(Springer, 2015-11-30) Kiraz, Mehmet Sabir; Uzunkol, OsmanbeyReducing computational cost of cryptographic computations for resource-constrained devices is an active research area. One of the practical solutions is to securely outsource the computations to an external and more powerful cloud server. Modular exponentiations are the most expensive computation from the cryptographic point of view. Therefore, outsourcing modular exponentiations to a single, external and potentially untrusted cloud server while ensuring the security and privacy provide an efficient solution. In this paper, we propose new efficient outsourcing algorithms for modular exponentiations using only one untrusted cloud server. These algorithms cover public-base & private-exponent, private-base & public-exponent, private-base & privateexponent, and more generally private-base & private-exponents simultaneous modular exponentiations. Our algorithms are the most efficient solutions utilizing only one single untrusted server with best checkability probabilities. Furthermore, unlike existing schemes, which have fixed checkability probability, our algorithms provide adjustable predetermined checkability parameters. Finally, we apply our algorithms to outsource Oblivious Transfer Protocols and Blind Signatures which are expensive primitives in modern cryptography.Item Open Access Improved Chaff-Based CMIX for Solving Location Privacy Issues in VANETs(MDPI, 2021-05-30) Kiraz, Mehmet Sabir; Al-Bayatti, Ali Hilal; Saleh AlMarshoud, MishriSafety application systems in Vehicular Ad-hoc Networks (VANETs) require the dissemination of contextual information about the scale of neighbouring vehicles; therefore, ensuring security and privacy is of utmost importance. Vulnerabilities in the messages and the system’s infrastructure introduce the potential for attacks that lessen safety and weaken passengers’ privacy. The purpose of short-lived anonymous identities, called “pseudo-identities”, is to divide the trip into unlinkable short passages. Researchers have proposed changing pseudo-identities more frequently inside a pre-defined area, called a cryptographic mix-zone (CMIX) to ensure enhanced protection. According to ETSI ITS technical report recommendations, the researchers must consider the low-density scenarios to achieve unlinkability in CMIX. Recently, Christian et al. proposed a Chaff-based CMIX scheme that sends fake messages under the consideration of low-density conditions to enhance vehicles’ privacy and confuse attackers. To accomplish full unlinkability, in this paper, we first show the following security and privacy vulnerabilities in the Christian et al. scheme: Linkability attacks outside the CMIX may occur due to deterministic data sharing during the authentication phase (e.g., duplicate certificates for each communication). Adversaries may inject fake certificates, which breaks Cuckoo Filters’ (CFs) updates authenticity, and the injection may be deniable. CMIX symmetric key leakage outside the coverage may occur. We propose a VPKI-based protocol to mitigate these issues. First, we use a modified version of Wang et al.’s scheme to provide mutual authentication without revealing the real identity. To this end, the messages of a vehicle are signed with a different pseudo-identity “certificate”. Furthermore, the density is increased via the sending of fake messages in low traffic periods to provide unlinkability outside the mix-zone. Second, unlike Christian et al.’s scheme, we use the Adaptive Cuckoo Filter (ACF) instead of CF to overcome the false positives’ effect on the whole filter. Moreover, to prevent any alteration of the ACFs, only RUSs distribute the updates, and they sign the new fingerprints. Third, the mutual authentication prevents any leakage from the mix zones’ symmetric keys by generating a fresh one for each communication through a Diffie–Hellman key exchange.Item Open Access k-strong privacy for radio frequency identification authentication protocols based on physically unclonable functions(Wiley Online Library, 2014-06-03) Celik, Serkan; Kiraz, Mehmet Sabir; Levi, Albert; Bingol, Muhammed Ali; Demirci, H.; Kardas, S.This paper examines Vaudenay’s privacy model, which is one of the first and most complete privacy models that featured the notion of different privacy classes. We enhance this model by introducing two new generic adversary classes, k-strong and k-forward adversaries where the adversary is allowed to corrupt a tag at most k times. Moreover, we introduce an extended privacy definition that also covers all privacy classes of Vaudenay’s model. In order to achieve highest privacy level, we study low cost primitives such as physically unclonable functions (PUFs). The common assumption of PUFs is that their physical structure is destroyed once tampered. This is an ideal assumption because the tamper resistance depends on the ability of the attacker and the quality of the PUF circuits. In this paper, we have weakened this assumption by introducing a new definition k-resistant PUFs. k-PUFs are tamper resistant against at most k attacks; that is, their physical structure remains still functional and correct until at most kth physical attack. Furthermore, we prove that strong privacy can be achieved without public-key cryptography using k PUF-based authentication. We finally prove that our extended proposal achieves both reader authentication and k-strong privacyItem Open Access KORGAN: An Efficient PKI Architecture Based on PBFT Through Dynamic Threshold Signatures(Oxford University Press, 2020-08-12) Kiraz, Mehmet Sabir; Kubilay, Murat; Mantar, Haci AliDuring the last decade, several misbehaving Certificate Authorities (CA) have issued fraudulent TLS certificates allowing MITM kinds of attacks which result in serious security incidents. In order to avoid such incidents, Yakubov et al. recently proposed a new PKI architecture where CAs issue, revoke, and validate X.509 certificates on a public blockchain. However, in their proposal TLS clients are subject to MITM kinds of attacks and certificate transparency is not fully provided. In this paper, we eliminate the issues of the Yakubov et al.’s scheme and propose a new PKI architecture based on permissioned blockchain with PBFT consensus mechanism where the consensus nodes utilize a dynamic threshold signature scheme to generate signed blocks. In this way, the trust to the intermediary entities can be completely eliminated during certificate validation. Our scheme enjoys the dynamic property of the threshold signature because TLS clients do not have to change the verification key even if the validator set is dynamic. We implement our proposal on private Ethereum network to demonstrate the experimental results. The results show that our proposal has negligible overhead during TLS handshake. The certificate validation duration is less than the duration in the conventional PKI and Yakubov et al.’s scheme.Item Open Access Location Privacy in VANETs: Provably Secure Anonymous Key Exchange Protocol Based on Self-Blindable Signatures(Elsevier, 2022-06-01) Kiraz, Mehmet Sabir; Al-Bayatti, Ali Hilal; AlMarshoud, Mishri SalehSecurity and privacy in vehicular ad hoc networks (VANETs) are challenging in terms of Intelligent Transportation Systems (ITS) features. The distribution and decentralisation of vehicles could threaten location privacy and confidentiality in the absence of trusted third parties (TTP)s or if they are otherwise compromised. If the same digital signatures (or the same certificates) are used for different communications, then adversaries could easily apply linking attacks. Unfortunately, most of the existing schemes for VANETs in the literature do not satisfy the required levels of security, location privacy, and efficiency simultaneously. This paper presents a new and efficient end-to-end anonymous key exchange protocol based on Yang et al. 's self-blindable signatures. In our protocol, vehicles first privately blind their own private certificates for each communication outside the mix-zone and then compute an anonymous shared key based on zero-knowledge proof of knowledge (PoK). The efficiency comes from the fact that once the signatures are verified, the ephemeral values in PoK are also used to compute a shared key through an authenticated Diffie-Hellman key exchange protocol. Therefore, the protocol does not require any further external information to generate a shared key. Our protocol also does not require an interference with the Roadside Units or Certificate Authorities, and hence can be securely run outside the mixed-zones. We demonstrate the security of our protocol in an ideal/real simulation paradigm. Hence, our protocol achieves secure authentication, forward unlinkability, and accountability. Furthermore, the performance analysis shows that our protocol is more efficient in terms of computational and communication overheads compared to existing schemes.Item Open Access Mitigating MEV attacks with a two-tiered architecture utilizing verifiable decryption(Springer, 2024-08-13) Kiraz, Mehmet Sabir; Alnajjar, Mustafa Ibrahim; Al-Bayatti, Ali Hilal; Kardas, SuleymanA distributed ledger is a shared and synchronized database across multiple designated nodes, often referred to as miners, validators, or peers. These nodes record, distribute, and access data to ensure security and transparency. However, these nodes can be compromised and manipulated by selectively choosing which user transactions to include, exclude, or reorder, thereby gaining an unfair advantage. This is known as a miner/maximal extractable value (MEV) attack. Existing solutions can be classified into various categories, such as MEV auction platforms and time-based ordering properties, which rely on private transaction Mempools. In this paper, we first identify some architectural weaknesses inherent in the latest proposals that divide the block creation and execution roles into separate functions: block builders and block executors. The existing schemes mainly suffer from the verifiability of the decryption process, where a corrupted builder or executor can simply deny the inclusion of specific targeted transactions by exploiting the fact that all transactions are in plain format. To address this, we propose an enhanced version that incorporates a verifiable decryption process. On a very high level, within our proposal, whenever an Executor or a Builder performs a decryption, the decrypted values must be broadcasted. This enables any entity in the network to publicly verify whether the decryption was executed correctly, thus preventing malicious behavior by either party from going undetected. We also define a new adversary model for MEV and conduct a comprehensive security analysis of our protocol against all kinds of potential adversaries related to MEV. Finally, we present the performance analysis of the proposed solution.Item Embargo NFT Trades in Bitcoin with Off-Chain Receipts(Springer, 2023-10-04) Kiraz, Mehmet Sabir; Larraia, Enrique; Vaughan, OwenNon-fungible tokens (NFTs) are digital representations of assets stored on a blockchain. It allows content creators to certify authenticity of their digital assets and transfer ownership in a transparent and decentralized way. Popular choices of NFT marketplaces infrastructure include blockchains with smart contract functionality or layer-2 solutions. Surprisingly, researchers have largely avoided building NFT schemes over Bitcoin-like blockchains, most likely due to high transaction fees in the BTC network and the belief that Bitcoin lacks enough programmability to implement fair exchanges. In this work we fill this gap. We propose an NFT scheme where trades are settled in a single Bitcoin transaction as opposed to executing complex smart contracts. We use zero-knowledge proofs (concretely, recursive SNARKs) to prove that two Bitcoin transactions, the issuance transaction tx0 and the current trade transaction txn, are linked through a unique chain of transactions. Indeed, these proofs function as “off-chain receipts” of ownership that can be transferred from the current owner to the new owner using an insecure channel. The size of the proof receipt is short, independent of the total current number of trades n, and can be updated incrementally by anyone at anytime. Marketplaces typically require some degree of token ownership delegation, e.g., escrow accounts, to execute the trade between sellers and buyers that are not online concurrently, and to alleviate transaction fees they resort to off-chain trades. This raises concerns on the transparency and purportedly honest behaviour of marketplaces. We achieve fair and non-custodial trades by leveraging our off-chain receipts and letting the involved parties carefully sign the trade transaction with appropriate combinations of sighash flags.Item Open Access Norwegian internet voting protocol revisited: ballot box and receipt generator are allowed to collude(Wiley, 2016-11-02) Bingol, Muhammed Ali; Kardas, Suleyman; Kiraz, Mehmet Sabir; Birinci, FatihNorway experienced internet voting in 2011 and 2013 for municipal and parliamentary elections, respectively. Its security depends on the assumptions that the involving organizations are completely independent, reliable, and the receipt codes are securely sent to the voters. In this paper, we point out the following aspects: - The vote privacy of the Norwegian scheme is violated if Ballot Box and Receipt Generator cooperate because the private key of Decryption Service can be obtained by the two former players. We propose a solution to avoid this issue without adding new players. - To assure the correctness, the receipt codes are sent to the voters over a pre‐channel (postal service) and a post‐channel (Short Message Service [SMS]). However, by holding both SMS and the postal receipt code, a voter can reveal his vote even after the elections. Albeit revoting is a fairly well solution for coercion or concealment, intentional vote revealing is still a problem. We suggest SMS only for notification of vote submission. - In case the codes are falsely generated or the pre‐channel is not secure, a vote can be counted for a different candidate without detection. We propose a solution in which voters verify the integrity of the postal receipt codes.Item Open Access A Novel RFID Distance Bounding Protocol Based on Physically Unclonable Functions(Springer, 2012-07-02) Bingol, Muhammed Ali; Kardas, Suleyman; Kiraz, Mehmet Sabir; Demirci, HuseyinRadio Frequency Identification (RFID) systems are vulnerable to relay attacks (i.e., mafia, terrorist and distance frauds) when they are used for authentication purposes. Distance bounding protocols are particularly designed as a countermeasure against these attacks. These protocols aim to ensure that the tags are in a distant area by measuring the round-trip delays during a rapid challenge-response exchange of short authenticated messages. Terrorist fraud is the most challenging attack to avoid, because a legitimate user (a tag owner) collaborates with an attacker to defeat the authentication system. Many RFID distance bounding protocols have been proposed recently, with encouraging results. However, none of them provides the ideal security against the terrorist fraud. Motivated by this need, we first introduce a strong adversary model for Physically Unclonable Functions (PUFs) based authentication protocol in which the adversary has access to volatile memory of the tag. We show that the security of Sadeghi et al.’s PUF based authentication protocol is not secure in this model. We provide a new technique to improve the security of their protocol. Namely, in our scheme, even if an adversary has access to volatile memory she cannot obtain all long term keys to clone the tag. Next, we propose a novel RFID distance bounding protocol based on PUFs which satisfies the expected security requirements. Comparing to the previous protocols, the use of PUFs in our protocol enhances the system in terms of security, privacy and tag computational overhead. We also prove that our extended protocol with a final signature provides the ideal security against all those frauds, remarkably the terrorist fraud. Besides that, our protocols enjoy the attractive properties of PUFs, which provide the most cost efficient and reliable means to fingerprint chips based on their physical properties.Item Open Access Policy specification and verification for blockchain and smart contracts in 5G networks(Elsevier, 2019-07-12) Unal, Devrim; Hammoudeh, Mohammad; Kiraz, Mehmet SabirBlockchain offers unprecedented opportunities for innovation in financial transactions. A whole new world of opportunities for banking, lending, insurance, money transfer, investments, and stock markets awaits. However, the potential for wide-scale adoption of blockchain is hindered with cybersecurity and privacy issues. We provide an overview of the risks and security requirements and give an outlook for future research that could be helpful in solving some of the challenges. We also present an approach for policy specification and verification of financial transactions based on smart contracts.Item Open Access Security and Efficiency Analysis of the Hamming Distance Computation Protocol Based on Oblivious Transfer(Wiley, 2015-08-21) Kiraz, Mehmet Sabir; Genc, Ziya Alper; Kardas, SuleymanBringer et al. proposed two cryptographic protocols for the computation of Hamming distance. Their first scheme uses Oblivious Transfer and provides security in the semi-honest model. The other scheme uses Committed Oblivious Transfer and is claimed to provide full security in the malicious case. The proposed protocols have direct implications to biometric authentication schemes between a prover and a verifier where the verifier has biometric data of the users in plain form. In this paper, we show that their protocol is not actually fully secure against malicious adversaries. More precisely, our attack breaks the soundness property of their protocol where a malicious user can compute a Hamming distance which is different from the actual value. For biometric authentication systems, this attack allows a malicious adversary to pass the authentication without knowledge of the honest user's input with at most $O(n)$ complexity instead of $O(2^n)$, where $n$ is the input length. We propose an enhanced version of their protocol where this attack is eliminated. The security of our modified protocol is proven using the simulation-based paradigm. Furthermore, as for efficiency concerns, the modified protocol utilizes Verifiable Oblivious Transfer which does not require the commitments to outputs which improves its efficiency significantly.Item Open Access Security, Privacy, and Decentralized Trust Management in VANETs: A Review of Current Research and Future Directions(ACM, 2024) AlMarshoud, Mishri Saleh; Al-Bayatti, Ali Hilal; Kiraz, Mehmet SabirVehicular Ad Hoc Networks (VANETs) are powerful platforms for vehicular data services and applications. The increasing number of vehicles has made the vehicular network diverse, dynamic, and large-scale, making it difficult to meet the 5G network’s demanding requirements. Decentralized systems are interesting and provide attractive services because they are publicly available (transparency), have an append-only ledger (robust integrity protection), remove single points of failure, and enable distributed key management and communication in a peer-to-peer network. Researchers dedicated substantial efforts to advancing vehicle communications, however conventional cryptographic mechanisms are insufficient which enabled us to look at decentralized technologies. Therefore, we revisit decentralized approaches with VANETs. Endpoint devices hold a wallet which may incorporate threshold key management methods like MPC wallets, HD Wallets, or multi-party threshold ECDSA/EdDSA/BLS. We also discuss trust management approaches and demonstrate how decentralization can improve integrity, security, privacy, and resilience to single points of failure. We also conduct a comprehensive review, comparing them with current requirements, and the latest authentication and secure communication architectures, which require the involvement of trusted but non-transparent authorities in certificate issuance/revocation. We highlight the limitations of these schemes from PKI deployment and recommend future research, particularly in the realm of quantum cryptography.Item Open Access Security, Privacy, and Decentralized Trust Management in VANETs: A Review of Current Research and Future Directions(ACM, 2024-06-22) Kiraz, Mehmet Sabir; AlMarshoud, Mishri Saleh; Al-Bayatti, Ali HilalVehicular Ad Hoc Networks (VANETs) are powerful platforms for vehicular data services and applications. The increasing number of vehicles has made the vehicular network diverse, dynamic, and large-scale, making it difficult to meet the 5G network’s demanding requirements. Decentralized systems are interesting and provide attractive services because they are publicly available (transparency), have an append-only ledger (robust integrity protection), remove single points of failure, and enable distributed key management and communication in a peer-to-peer network. Researchers dedicated substantial efforts to advancing vehicle communications, however conventional cryptographic mechanisms are insufficient which enabled us to look at decentralized technologies. Therefore, we revisit decentralized approaches with VANETs. Endpoint devices hold a wallet which may incorporate threshold key management methods like MPC wallets, HD Wallets, or multi-party threshold ECDSA/EdDSA/BLS. We also discuss trust management approaches and demonstrate how decentralization can improve integrity, security, privacy, and resilience to single points of failure. We also conduct a comprehensive review, comparing them with current requirements, and the latest authentication and secure communication architectures, which require the involvement of trusted but non-transparent authorities in certificate issuance/revocation. We highlight the limitations of these schemes from PKI deployment and recommend future research, particularly in the realm of quantum cryptography.Item Open Access Still Wrong Use of Pairings in Cryptography(Elsevier, 2018-04-24) Kiraz, Mehmet Sabir; Uzunkol, OsmanbeySeveral pairing-based cryptographic protocols are recently proposed with a wide variety of new novel applications including the ones in emerging technologies like cloud computing, internet of things (IoT), e-health systems and wearable technologies. There have been however a wide range of incorrect use of these primitives. The paper of Galbraith, Paterson, and Smart (2006) pointed out most of the issues related to the incorrect use of pairing-based cryptography. However, we noticed that some recently proposed applications still do not use these primitives correctly. This leads to unrealizable, insecure or too ine cient designs of pairing-based protocols. We observed that one reason is not being aware of the recent advancements on solving the discrete logarithm problems in some groups. The main purpose of this article is to give an understandable, informative, and the most up-to-date criteria for the correct use of pairing-based cryptography. We thereby deliberately avoid most of the technical details and rather give special emphasis on the importance of the correct use of bilinear maps by realizing secure cryptographic protocols. We list a collection of some recent papers having wrong security assumptions or realizability/e ciency issues. Finally, we give a compact and an up-to-date recipe of the correct use of pairings.