Proxy re-encryption (PRE) is a cryptographic primitive that extends public key encryption by allowing ciphertexts to be re-encrypted from one user to another without revealing information about the underlying plaintext. This makes it an essential privacy-enhancing technology, as only the intended recipient is able to decrypt sensitive personal information. Previous PRE schemes were commonly based on symmetric bilinear pairings. However, these have been found to be slower and less secure than the more modern asymmetric pairings. To address this, we propose two new PRE scheme variants, based on the unidirectional symmetric pairing-based scheme by Weng et al. and adapted to utilize asymmetric pairings. We employ a known automated black-box reduction technique to transform the base scheme to the asymmetric setting, identify its shortcomings, and subsequently present an alternative manual transformation that fixes these flaws. The adapted schemes retain the properties of the base scheme and are therefore CCA-secure in the adaptive corruption model without the use of random oracles, while being faster, practical, and more secure overall than the base scheme.

Using multiple, individual encryption schemes is a well-established method to increase the overall security of encrypted data. These so-called multiple encryption or hybrid schemes have regained traction in the context of public-key cryptography due to the rise of quantum computers, since it allows the combination of well-known classical encryption schemes with novel post-quantum schemes. In this paper, we conduct a survey of the state-of-the-art public-key multiple encryption (M-PKE) schemes. For the first time, we describe the most relevant M-PKE schemes in detail and discuss their security in a unified model, which allows better comparison between the schemes. Hence, we compare the security, efficiency, and complexity of the schemes and offer recommendations for usage based on common use cases. Our survey emphasizes the importance of being deliberate when combining encryption schemes, as small nuances can easily break security.

This paper presents the results of user studies based on a de- veloped concept which allows multiple digital identities to be stored in one app. These identities in the so-called identity wallet are managed independently by the user, and the user alone decides which data should be sent to any external ser- vice. The concept was implemented in two prototypes (low and high-fidelity) and evaluated over a two-year-period (from 2020-2022) in three user studies with a total of 44 partici- pants, focusing on trust in this concept. The purpose was to potentially determine a change in trust in the concept over time. Users mentioned the wallet provider as a key influencing factor on trust. In 2020, about half of the participants favored the government as the provider, with the remainder favoring a private company. In May 2022, the high-fidelity prototype was used for the study. This time the majority of participants preferred the government as the provider of the wallet. This trend was confirmed in a study in November 2022 with the low-fidelity prototype, where a majority of participants were in favor of the state as the provider as opposed to only a small number favored a company to take this role. This result interestingly differs from that of the study in 2020 with the same low-fidelity prototype, even though the study was carefully replicated. This suggests a temporal shift in users’ preference in the provider of the wallet.

Verifiable Credentials have evolved into a de facto standard for digital credentials. One of their most critical use cases are digital identity documents. Regarding their technical cryptographic requirements, we argue that most attempts of defining verifiable credentials and their use cases seem to be somewhat imprecise and not always coherent. We further argue that in particular government-issued digital IDs require more stringent cryptographic requirements than the general use cases, which are usually examined. We also comment on possible cryptographic realizations of the derived security requirements and, in particular, consider the widely-used authentication protocol AnonCreds. The conclusive set of cryptographic requirements may serve as a guideline to design, build and analyze verifiable credential systems.

Today, digital identities are often implemented insecurely and are associated with the creation of many different accounts by users. In the long-term, these challenges should be addressed using so-called digital identity wallets. These wallets enable the management and use of digital identities and verification documents. For example, this includes documents like driver’s licenses, library cards and airline tickets. All this data can be stored together in a wallet app on users’ smart phones. Users manage their data independently and decide for themselves which and how much data they want to disclose about themselves. However, current research shows that the wallets developed to date have usability problems, making it difficult for users to grasp the concept of these wallets. In addition, today’s digital services have numerous hurdles that make the use of digital identities difficult. This paper is based the creation of generic user experience requirements and the analysis of wallets and their functionality. We present a conceptual proposal for a more user-friendly wallet that focuses on the user. This concept includes a more extensive range of functions compared to current wallet implementations, with the goal of adapting the wallet more closely to the needs of the users. This contains functions like; communication between the wallet and the service provider without the need to share contact data, the option of enduring powers of attorney to share data, the ability to manage data on behalf of others, and the organization of one’s own data.

ID documents make it possible to identify people uniquely on site. In order to use certain online services, identification is also required on the Internet. This requires a digital identity. This paper presents the results of two studies with users (16 and 12 participants each) based on a newly developed concept of an identity wallet. This concept illustrates how users can independently store various digital identities, both sovereign ones like the ID card and non-sovereign ones like the library card, in a single app. This makes it possible for users to prove their identity with a single app to service providers with a wide range of requirements for the ID document. In addition to storing IDs or verification documents, this identity wallet concept also shows the option to store keys (car keys, hotel rooms, etc.) in the same app. The concept was elaborated in 2020 and tested with 16 study participants to evaluate not only the readiness of the users but also the trust in such a concept. The participants were open to using the wallet and were convinced by the concept. In terms of trust, the results of the study indicated that the provider of the wallet application influences the extent to which users decide to trust the application. About half of the participants preferred the government as the operator of the wallet, while the remaining participants preferred a private company. A revised concept of the Identity Wallet was tested again in 2022 with 12 study participants. Again, the question of user readiness and trust was evaluated. The study participants continued to show a high level of willingness to use the Wallet. However, the results on trust changed. They indicate that only one person prefers a private company to operate the Wallet, while the remaining participants favor the state.

Identity wallets enable the management and use of digital identities and verification documents stored in one app. Users manage their data independently and decide for themselves which data they want to disclose for identification purposes. Recent research shows that current digital wallets face many usability problems, which makes it difficult for users to grasp their concept and how to use them. This paper presents an enhanced concept of a wallet, where its functionality is presented with user scenarios that have a user centric approach. The user scenarios illustrate a variety of possible uses of the wallet. For example, the new wallet concept envisions, how data can be transferred from one wallet to another person's wallet, how data can be managed by different people in one wallet, or how only individual pieces of information from credentials can be shared to maintain greater privacy for users.

Internet of Thing (IoT) and Smart Grid (SG) are separate technologies. The digital transformation of the energy industry and the increasing digitalization in the private sector connect these technologies. Currently in Germany, the SG is under construction. In order to use future innovative services, SG and IoT must be combined. For this, we connect the SG Infrastructure with the IoT. A potential insecure device and network (IoT) should be able to transfer data to and from a critical infrastructure (SG). Open research question in this context are the security requirements architecture SG and IoT and the mechanism for authentication and authorisation in future application (SG and IoT). Due to the increasing networking of the systems (SG and IoT) new threats and attack vectors arise. The attacks to the architecture influence the target of authenticity, security and privacy. For the security analysis we focus on two communication points: the communication between the smart meter gateway, and the IoT device. In our example, a connected charging station with cloud services is connected with a SG infrastructure. To create a really smart service, the charging station needs a connection to the SG to get the current amount of renewable energy in the grid. With this two connections, new threats emerge. A security analysis over all the connections, including the vulnerability and the ability of an attacker, is developed in this paper. The analysis shows us challenges of the communication between IoT and SG. For this, we defined technical and organizational requirements for authentication and authorization. Current authentication and authorization mechanisms are no longer sufficient for the defined requirements. We present the Role-based trust model for Safety- critical Systems for these defined requirements. The new trust model is integrated into a role-based access control model. It defines data classes, which separate the sensitive and non-sensitive information.

Cloud Computing (CC), Internet of Thing (IoT) and Smart Grid (SG) are separate technologies. The digital transformation of the energy industry and the increasing digi- talization in the private sector connect these technologies. At the moment, CC is used as a service provider for IoT. Currently in Germany, the SG is under construction and a cloud connection to the infrastructure has not been implemented yet. To build the SG cloud, the new laws for privacy must be implemented and therefore it’s important to know which data can be stored and distributed over a cloud. In order to be able to use future innovative services, SG and IoT must be combined. For this, in the next step we connect the SG infrastructure with the IoT. A potential insecure device and network (IoT) should be able to transfer data to and from a critical infrastructure (SG). In detail, we focus on two different connections: the communication between the smart meter switching box and the IoT device and the data transferred between the IoT and SG cloud. In our example, a connected charging station with cloud services is connected with a SG infrastructure. To create a really smart service, the charging station needs a connection to the SG to get the current amount of renewable energy in the grid. Private data, such as name, address and payment details, should not be transferred to the IoT cloud. With these two connections, new threads emerge. In this case, availability, confidentiality and integrity must be ensured. A risk analysis over all the cloud connections, including the vulnerability and the ability of an attacker and the resulting risk are developed in this paper.

This paper proposes a technical realization of an eID-Scheme including mobile devices, which is based on the existing German eID-Scheme by deriving identity data from the German eID-Card into a secure element embedded in a smartphone. The paper introduces and discusses the system architecture and provides user stories. This work is done within the BMWi funded project OPTIMOS2.0.

In a novel analysis, we formally prove that arbitrarily many Arbiter PUFs can be combined into a stable XOR Arbiter PUF. To the best of our knowledge, this design cannot be modeled by any known oracle access attack in polynomial time. Using majority vote of arbiter chain responses, our analysis shows that with a polynomial number of votes, the XOR Arbiter PUF stability of almost all challenges can be boosted exponentially close to 1; that is, the stability gain through majority voting can exceed the stability loss introduced by large XORs for a feasible number of votes. Considering state-of-the-art modeling attacks by Becker and Rührmair et al., our proposal enables the designer to increase the attacker’s effort exponentially while still maintaining polynomial design effort. This is the first result that relates PUF design to this traditional cryptographic design principle.

Physically Unclonable Functions (PUFs), as an alternative hardware-based security method, have been chal- lenged by some modeling attacks. As is known to all, samples are significant in modeling attacks on PUFs, and thus, some efforts have been made to expand sample sets therein to improve modeling attacks. A closer examination, however, reveals that not all samples contribute to modeling attacks equally. Therefore, in this article, we introduce the concept of sample essentiality for describing the contribution of a sample in model- ing attacks and point out that any sample without sample essentiality cannot enhance some modeling attacks on PUFs. As a by-product, we find theoretically and empirically that the samples expanded by the procedures proposed by Chatterjee et al. do not satisfy our sample essentiality. Furthermore, we propose the notion of essential sample sets for datasets and discuss its basic properties. Finally, we demonstrate that our results about sample essentiality can be used to reduce samples efficiently and benefit sample selection in modeling 42 attacks on arbiter PUFs.

This paper studies the security of Ring Oscillator Physically Unclonable Function (PUF) with Enhanced Challenge-Response Pairs as proposed by Delavar et al. We present an attack that can predict all PUF responses after querying the PUF with n+2 attacker-chosen queries. This result renders the proposed RO-PUF with Enhanced Challenge-Response Pairs inapt for most typical PUF use cases, including but not limited to all cases where an attacker has query access.

We investigate how the widespread absence of signatures in DNS (Domain Name System) delegations, in combination with a common misunderstanding with regards to the DNS specification, has led to insecure deployments of authoritative DNS servers which allow for hijacking of subdomains without the domain owner's consent. This, in turn, enables the attacker to perform effective man-in-the-middle attacks on the victim's online services, including TLS (Transport Layer Security) secured connections, without having to touch the victim's DNS zone or leaving a trace on the machine providing the compromised service, such as the web or mail server. Following the practice of responsible disclosure, we present examples of such insecure deployments and suggest remedies for the problem. Most prominently, DNSSEC (Domain Name System Security Extensions) can be used to turn the problem from an integrity breach into a denial-of-service issue, while more thorough user management resolves the issue completely.

In contrast to electronic travel documents (e.g. ePassports), the standardisation of breeder documents (e.g. birth certificates), regarding harmonisation of content and contained security features is in statu nascendi. Due to the fact that breeder documents can be used as an evidence of identity and enable the application for electronic travel documents, they pose the weakest link in the identity life cycle and represent a security gap for identity management. In this work, we present a cost efficient way to enhance the long-term security of breeder documents by utilizing blockchain technology. A conceptual architecture to enhance breeder document long-term security and an introduction of the concept's constituting system components is presented. Our investigations provide evidence that the Bitcoin blockchain is most suitable for breeder document long-term security.

In a novel analysis, we show that arbitrarily many Arbiter PUFs can be combined into a stable XOR Arbiter PUF. To the best of our knowledge, this design cannot be modeled by any known oracle access attack in polynomial time. Using majority vote of Arbiter Chain responses, our analysis shows that with a polynomial number of votes the XOR Arbiter PUF stability of almost all challenges can be boosted exponentially close to 1; that is, the stability gain through majority voting can exceed the stability loss introduced by large XORs for a feasible number of votes. Hence, our proposal enables the designer to increase the attacker's effort exponentially while still maintaining polynomial design effort for all known oracle access modeling attacks. This is the first result that relates PUF design to this traditional cryptographic design principle.

Due to the rapid increase of digitization within our society, digital identities gain more and more importance. Provided by the German eID solution, every citizen has the ability to identify himself against various governmental and private organizations with the help of his personal electronic ID card and a corresponding card reader. While there are several solutions available for desktop use of the eID infrastructure, mobile approaches have to be payed more attention. In this paper we present a new approach for using the German eID concept on an Android device without the need of the actual identity card and card reader. A security evaluation of our approach reveals that two non-critical vulnerabilities on the architecture can't be avoided. Nevertheless, no sensitive information are compromised. A proof of concept shows that an actual implementation faces some technical issues which have to be solved in the future.