ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Fine-grained control of security capabilities
Full text PdfPdf (128 KB)
Source ACM Transactions on Internet Technology (TOIT) archive
Volume 4 ,  Issue 1  (February 2004) table of contents
Pages: 60 - 82  
Year of Publication: 2004
ISSN:1533-5399
Authors
Dan Boneh  Stanford University, Stanford, CA
Xuhua Ding  Singapore Management University, Singapore
Gene Tsudik  University of California, Irvine, CA
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 10,   Downloads (12 Months): 56,   Citation Count: 6
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/967030.967033
What is a DOI?

ABSTRACT

We present a new approach for fine-grained control over users' security privileges (fast revocation of credentials) centered around the concept of an on-line semi-trusted mediator (SEM). The use of a SEM in conjunction with a simple threshold variant of the RSA cryptosystem (mediated RSA) offers a number of practical advantages over current revocation techniques. The benefits include simplified validation of digital signatures, efficient certificate revocation for legacy systems and fast revocation of signature and decryption capabilities. This paper discusses both the architecture and the implementation of our approach as well as its performance and compatibility with the existing infrastructure. Experimental results demonstrate its practical aspects.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
William Aiello , Sachin Lodha , Rafail Ostrovsky, Fast Digital Identity Revocation (Extended Abstract), Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology, p.137-152, August 23-27, 1998
 
2
Bellare, M., Canetti, R., and Krawczyk, H. 1997. HMAC: Keyed-hashing for message authentication. Internet Request for Comment RFC 2104, Internet Engineering Task Force. Feb.
 
3
Bellare, M. and Rogaway, P. 1996. The exact security of digital signatures: How to sign with rsa and rabin. In Advances in Cryptology---EUROCRYPT '96, U. Maurer, Ed. Number 1070 in Lecture Notes in Computer Science. International Association for Cryptologic Research, Springer-Verlag, Berlin Germany.
 
4
Bellare, M. and Sandhu, R. 2001. The security of practical two-party rsa signature schemes, http://www.cs.ucsd.edu/users/mihir/papers/splitkey.html.
5
Dan Boneh , Matthew Franklin, Efficient generation of shared RSA keys, Journal of the ACM (JACM), v.48 n.4, p.702-722, July 2001  [doi>10.1145/502090.502094]
 
6
Dan Boneh , Matthew Franklin, Identity-Based Encryption from the Weil Pairing, SIAM Journal on Computing, v.32 n.3, p.586-615, 2003  [doi>10.1137/S0097539701398521]
 
7
Boyd, C. 1989. Digital multisignatures. Cryptography and Coding, 241--246.
 
8
Canetti, R. and Goldwasser, S. 1999. An efficient threshold public key cryptosystem secure against adaptive chosen ciphertext attack. In Advances in Cryptology---EUROCRYPT '99, J. Stern, Ed. Number 1592 in Lecture Notes in Computer Science. International Association for Cryptologic Research, Springer-Verlag, Berlin Germany.
 
9
Chaum, D. 1983. Blind signatures for untraceable payments. In Advances in Cryptology---CRYPTO '82, R. L. Rivest, A. Sherman, and D. Chaum, Eds. Plenum Press, New York, 199--203.
10
David Chaum, Security without identification: transaction systems to make big brother obsolete, Communications of the ACM, v.28 n.10, p.1030-1044, Oct. 1985  [doi>10.1145/4372.4373]
 
11
Yvo Desmedt , Andrew M. Odlyzko, A Chosen Text Attack on the RSA Cryptosystem and Some Discrete Logarithm Schemes, Advances in Cryptology, p.516-522, August 18-22, 1985
 
12
Ding, X. and Tsudik, G. 2003. Simple identity-based encryption with mediated RSA. In Progress in Cryptology---CT-RSA 2003. LNCS 2612. Springer-Verlag, Berlin Germany.
13
Ravi Ganesan, The Yaksha security system, Communications of the ACM, v.39 n.3, p.55-60, March 1996  [doi>10.1145/227234.227242]
 
14
Gemmel, P. 1997. An introduction to threshold cryptography. RSA CryptoBytes 2, 7.
 
15
Goodrich, M., Tamassia, R., and Schwerin, A. 2001. Implementation of an authenticated dictionary with skip lists and commutative hashing. In Proceedings of DARPA DISCEX II.
 
16
Louis C. Guillou , Jean-Jacques Quisquater, Efficient Digital Public-Key Signature with Shadow (Abstract), A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology, p.223, August 16-20, 1987
 
17
Paul C. Kocher, On Certificate Revocation and Validation, Proceedings of the Second International Conference on Financial Cryptography, p.172-177, February 23-25, 1998
 
18
RSA Labs. 2002. PKCS #1v2.1: RSA cryptography standard. Tech. rep., RSA Laboratories. June.
19
Philip MacKenzie , Michael K. Reiter, Delegation of cryptographic servers for capture-resilient devices, Proceedings of the 8th ACM conference on Computer and Communications Security, November 05-08, 2001, Philadelphia, PA, USA  [doi>10.1145/501983.501986]
 
20
Philip MacKenzie , Michael K. Reiter, Networked Cryptographic Devices Resilient to Capture, Proceedings of the 2001 IEEE Symposium on Security and Privacy, p.12, May 14-16, 2001
 
21
Philip D. MacKenzie , Michael K. Reiter, Two-Party Generation of DSA Signatures, Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology, p.137-154, August 19-23, 2001
 
22
Patrick McDaniel , Aviel D. Rubin, A Response to ''Can We Eliminate Certificate Revocation Lists?'', Proceedings of the 4th International Conference on Financial Cryptography, p.245-258, February 20-24, 2000
 
23
Myers, M., Ankney, R., Malpani, A., Galperin, S., and Adams, C. 1999. RFC 2560: Internet public key infrastructure online certificate status protocol---OCSP.
 
24
Naor, M. and Nissim, K. 2000. Certificate revocation and certificate update. IEEE J. Sel. Areas Comm. 18, 4 (Apr.), 561--570.
 
25
Neuman, C. and Ts'o, T. 1994. Kerberos: An authentication service for computer networks. IEEE Computer 32, 9 (September).
 
26
Nicolosi, A., Krohn, M., Dodis, Y., and Mazières, D. 2003. Proactive two-party signatures for user authentication. In Symposium on Network and Distributed Systems Security (NDSS '03). Internet Society, San Diego, CA.
 
27
Adi Shamir, Identity-based cryptosystems and signature schemes, Proceedings of CRYPTO 84 on Advances in cryptology, p.47-53, August 1985, Santa Barbara, California, United States
 
28
Shoup, V. and Gennaro, R. 1998. Securing threshold cryptosystems against chosen ciphertext attack. In Advances in Cryptology---EUROCRYPT '98, K. Nyberg, Ed. Number 1403 in Lecture Notes in Computer Science. International Association for Cryptologic Research, Springer-Verlag, Berlin Germany, 1--16.

CITED BY  6
Ulrike Meyer , Jared Cordasco , Susanne Wetzel, An approach to enhance inter-provider roaming through secret sharing and its application to WLANs, Proceedings of the 3rd ACM international workshop on Wireless mobile applications and services on WLAN hotspots, September 02-02, 2005, Cologne, Germany
Georgios Kambourakis , Angelos Rouskas , Stefanos Gritzalis , Dimitrios Geneiatakis, Support of subscribers' certificates in a hybrid WLAN-3G environment, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.50 n.11, p.1843-1859, 10 August 2006
Kemal Bicakci, One-time proxy signatures revisited, Computer Standards & Interfaces, v.29 n.4, p.499-505, May, 2007
B. Sundaram , B. M. Chapman, Addressing Credential Revocation in Grid Environments, Proceedings of the 6th IEEE/ACM International Workshop on Grid Computing, p.323-326, November 13-14, 2005
Amar Gupta , Satwik Seshasai, 24-hour knowledge factory: Using Internet technology to leverage spatial and temporal separations, ACM Transactions on Internet Technology (TOIT), v.7 n.3, p.14-es, August 2007
Xuhua Ding , Gene Tsudik , Shouhuai Xu, Leak-free mediated group signatures, Journal of Computer Security, v.17 n.4, p.489-514, December 2009

INDEX TERMS

Primary Classification:
  E. Data
  E.3 DATA ENCRYPTION
      Subjects: Public key cryptosystems

Additional Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)


General Terms:
Algorithms, Security


Keywords:
Certificate Revocation, Digital Signatures, Public Key Infrastructure

Collaborative Colleagues:
Dan Boneh: colleagues
Xuhua Ding: colleagues
Gene Tsudik: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player