|
Leak-free Group Signatures with Immediate Revocation
AUTHORS:
X. Ding and G. Tsudik and S. Xu
REFERENCE:
The 24th
International Conference on Distributed Computing Systems (ICDCS'2004)
Abstract
Group
signatures are an interesting and appealing cryptographic
construct with many promising potential applications. The
popularity of group signatures is evident from many recent
research results that investigated precise definitions and
realizations of group signature schemes. This paper is
motivated by attractive features of group signatures,
particularly, the potential to serve as foundation for
anonymous credential systems. With that in mind, we
re-examine the whole notion of group signatures from a
systems perspective. Somewhat surprisingly, we
discover that there are two new and hereto un-addressed
requirements: leak-freedom and
immediate-revocation, that are crucial for a large
class of enterprise-centric applications. We then propose
a new group signature scheme that achieves all identified
properties. Our scheme is based on the so-called
systems architecture approach. It is appreciably
more efficient than the state-of-the-art, easy to
implement and reflects the well-known
separation-of-duty principle. Another benefit of our
scheme is the obviated reliance on underlying anonymous
communication channels, which has been a requirement in
all previous group signature schemes.
Get
the Full
text in pdf
|
|
Fine-grained
Control of Security Capabilities
AUTHORS:
D. Boneh and X. Ding and G. Tsudik
REFERENCE:
ACM Transactions on
Internet Technology, (to appear in 2004)
Abstract
We present a
new approach for fine-grained control over users'
security privileges (fast revocation of credentials)
centered around the concept of an on-line semi-trusted
mediator SEM . The use of a SEM in conjunction with
a simple threshold variant of the RSA cryptosystem
(mediated RSA) offers a number of practical advantages
over current revocation techniques. The benefits include
simplified validation of digital signatures, efficient
certificate revocation for legacy systems and fast
revocation of signature and decryption
capabilities. This paper discusses both the architecture
and the implementation of our approach as well as its
performance and compatibility with the existing
infrastructure. Experimental results demonstrate its
practical aspects.
Get
the Full
text in pdf
|
|
Simple
Identity-Based Encryption with Mediated RSA
AUTHORS: X.
Ding and G. Tsudik
REFERENCE:
Cryptographer's Track RSA Conference,
2003
Abstract
Identity-based public
key encryption facilitates easy introduction of public key cryptography
by allowing an entity's public key to be derived from an arbitrary
identification value, such as name or email address. The main practical
benefit of identity-based cryptography is in greatly reducing the
need for, and reliance on, public key certificates. Although some
interesting identity-based techniques have been developed in the
past, none are compatible with popular public key encryption algorithms
(such as El Gamal and RSA). This limits the utility of identity-based
cryptography as a transitional step to full-blown public key cryptography.
Furthermore, it is fundamentally difficult to reconcile fine-grained
revocation with identity-based cryptography.
Mediated RSA (mRSA) is
a simple and practical method of splitting a RSA private key between
the user and a Security Mediator (SEM). Neither the user
nor the SEM can cheat one another since each cryptographic
operation (signature or decryption) involves both parties. mRSA
allows fast and fine-grained control of users' security privileges.
However, mRSA still relies on conventional public key certificates
to store and communicate public keys. In this paper, we present
IB-mRSA, a simple variant of mRSA that combines identity-based and
mediated cryptography. Under the random oracle model, IB-mRSA with
OAEP[BelRog94a] is shown as secure (against adaptive chosen ciphertext
attack) as standard RSA with OAEP. Furthermore, IB-mRSA is simple,
practical, and compatible with current public key infrastructures.
©
Springer-Verlag
Get
the Full
text in pdf
|
|
Experimenting with Server-Aided Signatures
AUTHORS: X. Ding, G.
Tsudik and D. Mazzocchi
REFERENCE:
Network and Distributed System Security Symposium,2002
Abstract
This paper explores practical
and conceptual implications of using Server-Aided Signatures (SAS).
SAS is a signature method that relies on partially-trusted servers
for generating public key signatures for regular users. Although
the primary goal is to aid small, resource-limited devices
in computing heavy-weight (normally expensive) digital signatures,
SAS also offers fast certificate revocation, signature causality
and reliable timestamping. It also has some interesting features
such as built-in attack detection for users and DoS resistance for
servers.
Get
the Full
text in pdf
|
|
A Method for Fast Revocation of Public Key Certificates and Security Capabilities
AUTHORS: D. Boneh, X. Ding, G.
Tsudik and M. Wong
REFERENCE: 10th Usenix Security Symposium, Washington D.C. 2001
Abstract
We present a new approach
to fast certificate revocation centered around the concept of an
on-line semi-trusted mediator (SEM). The use of a SEM
in conjunction with a simple threshold variant of the RSA cryptosystem
(mediated RSA) offers a number of practical advantages over current
revocation techniques. Our approach simplifies validation
of digital signatures and enables certificate revocation within
legacy systems. It also provides immediate revocation of all security
capabilities. This paper discusses both the architecture and implementation
of our approach as well as performance and compatibility with the
existing infrastructure. Our results show that threshold cryptography
is practical for certificate revocation.
Get
the Full text
in pdf
|
|
Generating RSA Keys on a Handheld Using an Untrusted Server
AUTHORS:
N. Modadugu, D.
Boneh, and M. Kim
REFERENCE: Cryptographer's
Track RSA Conference, 2000
Abstract
We show how to efficiently
generate RSA keys on a low power handheld device with the help of
an untrusted server. Most of the key generation work is offloaded
onto the server. However, the server learns no information about
the key it helped generate. We experiment with our techniques and
show they result in up to a factor of 5 improvement in key generation
time. The resulting RSA key looks like an RSA key for paranoids.
It can be used for encryption and key exchange, but cannot be used
for signatures.
Get
the Full
text in
pdf
|
|
Server-Supported Signatures
AUTHORS:
N. Asokan, G. Tsudik and M. Waidners
REFERENCE: Journal of Computer Security, November 1997
Abstract
Non-repudiation is one
of the most important security services. In this paper, we present
a novel non-repudiation technique, called Server Supported Signatures,
S3. It is based on one-way hash functions and traditional
digital signatures. One of its highlights is that for ordinary users
the use of asymmetric cryptography is limited to signature verification.
S3 is efficient in terms of computational, communication
and storage costs. It also offers a degree of security comparable
to that of existing techniques based on asymmetric cryptography.
Get
the Full
text in pdf
|