Fine-grained control of security capabilities

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Fine-grained control of security capabilities

Full text

Pdf (128 KB)

Source

ACM Transactions on Internet Technology (TOIT) archive
Volume 4 , Issue 1 (February 2004) table of contents

Pages: 60 - 82

Year of Publication: 2004

ISSN:1533-5399

Authors

Dan Boneh	Stanford University, Stanford, CA
Xuhua Ding	Singapore Management University, Singapore
Gene Tsudik	University of California, Irvine, CA

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 6, Downloads (12 Months): 51, Citation Count: 5

Additional Information:

abstract references cited by index terms collaborative colleagues peer to peer

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/967030.967033 What is a DOI?

ABSTRACT

We present a new approach for fine-grained control over users' security privileges (fast revocation of credentials) centered around the concept of an on-line semi-trusted mediator (SEM). The use of a SEM in conjunction with a simple threshold variant of the RSA cryptosystem (mediated RSA) offers a number of practical advantages over current revocation techniques. The benefits include simplified validation of digital signatures, efficient certificate revocation for legacy systems and fast revocation of signature and decryption capabilities. This paper discusses both the architecture and the implementation of our approach as well as its performance and compatibility with the existing infrastructure. Experimental results demonstrate its practical aspects.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	William Aiello , Sachin Lodha , Rafail Ostrovsky, Fast Digital Identity Revocation (Extended Abstract), Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology, p.137-152, August 23-27, 1998
	2	Bellare, M., Canetti, R., and Krawczyk, H. 1997. HMAC: Keyed-hashing for message authentication. Internet Request for Comment RFC 2104, Internet Engineering Task Force. Feb.
	3	Bellare, M. and Rogaway, P. 1996. The exact security of digital signatures: How to sign with rsa and rabin. In Advances in Cryptology---EUROCRYPT '96, U. Maurer, Ed. Number 1070 in Lecture Notes in Computer Science. International Association for Cryptologic Research, Springer-Verlag, Berlin Germany.
	4	Bellare, M. and Sandhu, R. 2001. The security of practical two-party rsa signature schemes, http://www.cs.ucsd.edu/users/mihir/papers/splitkey.html.
	5	Dan Boneh , Matthew Franklin, Efficient generation of shared RSA keys, Journal of the ACM (JACM), v.48 n.4, p.702-722, July 2001 [doi>10.1145/502090.502094]
	6	Dan Boneh , Matthew Franklin, Identity-Based Encryption from the Weil Pairing, SIAM Journal on Computing, v.32 n.3, p.586-615, 2003 [doi>10.1137/S0097539701398521]
	7	Boyd, C. 1989. Digital multisignatures. Cryptography and Coding, 241--246.
	8	Canetti, R. and Goldwasser, S. 1999. An efficient threshold public key cryptosystem secure against adaptive chosen ciphertext attack. In Advances in Cryptology---EUROCRYPT '99, J. Stern, Ed. Number 1592 in Lecture Notes in Computer Science. International Association for Cryptologic Research, Springer-Verlag, Berlin Germany.
	9	Chaum, D. 1983. Blind signatures for untraceable payments. In Advances in Cryptology---CRYPTO '82, R. L. Rivest, A. Sherman, and D. Chaum, Eds. Plenum Press, New York, 199--203.
	10	David Chaum, Security without identification: transaction systems to make big brother obsolete, Communications of the ACM, v.28 n.10, p.1030-1044, Oct. 1985 [doi>10.1145/4372.4373]
	11	Yvo Desmedt , Andrew M. Odlyzko, A Chosen Text Attack on the RSA Cryptosystem and Some Discrete Logarithm Schemes, Advances in Cryptology, p.516-522, August 18-22, 1985
	12	Ding, X. and Tsudik, G. 2003. Simple identity-based encryption with mediated RSA. In Progress in Cryptology---CT-RSA 2003. LNCS 2612. Springer-Verlag, Berlin Germany.
	13	Ravi Ganesan, The Yaksha security system, Communications of the ACM, v.39 n.3, p.55-60, March 1996 [doi>10.1145/227234.227242]
	14	Gemmel, P. 1997. An introduction to threshold cryptography. RSA CryptoBytes 2, 7.
	15	Goodrich, M., Tamassia, R., and Schwerin, A. 2001. Implementation of an authenticated dictionary with skip lists and commutative hashing. In Proceedings of DARPA DISCEX II.
	16	Louis C. Guillou , Jean-Jacques Quisquater, Efficient Digital Public-Key Signature with Shadow (Abstract), A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology, p.223, August 16-20, 1987
	17	Paul C. Kocher, On Certificate Revocation and Validation, Proceedings of the Second International Conference on Financial Cryptography, p.172-177, February 23-25, 1998
	18	RSA Labs. 2002. PKCS #1v2.1: RSA cryptography standard. Tech. rep., RSA Laboratories. June.
	19	Philip MacKenzie , Michael K. Reiter, Delegation of cryptographic servers for capture-resilient devices, Proceedings of the 8th ACM conference on Computer and Communications Security, November 05-08, 2001, Philadelphia, PA, USA [doi>10.1145/501983.501986]
	20	Philip MacKenzie , Michael K. Reiter, Networked Cryptographic Devices Resilient to Capture, Proceedings of the 2001 IEEE Symposium on Security and Privacy, p.12, May 14-16, 2001
	21	Philip D. MacKenzie , Michael K. Reiter, Two-Party Generation of DSA Signatures, Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology, p.137-154, August 19-23, 2001
	22	Patrick McDaniel , Aviel D. Rubin, A Response to ''Can We Eliminate Certificate Revocation Lists?'', Proceedings of the 4th International Conference on Financial Cryptography, p.245-258, February 20-24, 2000
	23	Myers, M., Ankney, R., Malpani, A., Galperin, S., and Adams, C. 1999. RFC 2560: Internet public key infrastructure online certificate status protocol---OCSP.
	24	Naor, M. and Nissim, K. 2000. Certificate revocation and certificate update. IEEE J. Sel. Areas Comm. 18, 4 (Apr.), 561--570.
	25	Neuman, C. and Ts'o, T. 1994. Kerberos: An authentication service for computer networks. IEEE Computer 32, 9 (September).
	26	Nicolosi, A., Krohn, M., Dodis, Y., and Mazières, D. 2003. Proactive two-party signatures for user authentication. In Symposium on Network and Distributed Systems Security (NDSS '03). Internet Society, San Diego, CA.
	27	Adi Shamir, Identity-based cryptosystems and signature schemes, Proceedings of CRYPTO 84 on Advances in cryptology, p.47-53, August 1985, Santa Barbara, California, United States
	28	Shoup, V. and Gennaro, R. 1998. Securing threshold cryptosystems against chosen ciphertext attack. In Advances in Cryptology---EUROCRYPT '98, K. Nyberg, Ed. Number 1403 in Lecture Notes in Computer Science. International Association for Cryptologic Research, Springer-Verlag, Berlin Germany, 1--16.

CITED BY 5

	B. Sundaram , B. M. Chapman, Addressing Credential Revocation in Grid Environments, Proceedings of the 6th IEEE/ACM International Workshop on Grid Computing, p.323-326, November 13-14, 2005
	Amar Gupta , Satwik Seshasai, 24-hour knowledge factory: Using Internet technology to leverage spatial and temporal separations, ACM Transactions on Internet Technology (TOIT), v.7 n.3, p.14-es, August 2007
	Ulrike Meyer , Jared Cordasco , Susanne Wetzel, An approach to enhance inter-provider roaming through secret sharing and its application to WLANs, Proceedings of the 3rd ACM international workshop on Wireless mobile applications and services on WLAN hotspots, September 02-02, 2005, Cologne, Germany
	Kemal Bicakci, One-time proxy signatures revisited, Computer Standards & Interfaces, v.29 n.4, p.499-505, May, 2007
	Georgios Kambourakis , Angelos Rouskas , Stefanos Gritzalis , Dimitrios Geneiatakis, Support of subscribers' certificates in a hybrid WLAN-3G environment, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.50 n.11, p.1843-1859, 10 August 2006

INDEX TERMS

Primary Classification:
E. Data
E.3 DATA ENCRYPTION
Subjects: Public key cryptosystems

Additional Classification:
K. Computing Milieux
K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
K.6.5 Security and Protection (D.4.6, K.4.2)

General Terms:
Algorithms, Security

Keywords:
Certificate Revocation, Digital Signatures, Public Key Infrastructure

Collaborative Colleagues:

Dan Boneh: colleagues

Xuhua Ding: colleagues

Gene Tsudik: colleagues

Peer to Peer - Readers of this Article have also read:

The effect of latency on user performance in Warcraft III Proceedings of the 2nd workshop on Network and system support for games
Nathan Sheldon , Eric Girard , Seth Borg , Mark Claypool , Emmanuel Agu
Learning subjective relevance to facilitate information access Proceedings of the fourth international conference on Information and knowledge management
James R. Chen , Nathalie Mathé
Data structures for quadtree approximation and compression Communications of the ACM 28, 9
Hanan Samet
Learning and the reflective journal in computer science Australian Computer Science Communications 24, 1
Susan E. George
A hierarchical single-key-lock access control using the Chinese remainder theorem Proceedings of the 1992 ACM/SIGAPP Symposium on Applied computing
Kim S. Lee , Huizhu Lu , D. D. Fisher

Adobe Acrobat

QuickTime

Windows Media Player

Real Player