Abstract
The SEM approach to PKI offers several advantages, such as immediate revocation of users’ signing ability without CRLs and compatibility with the standard RSA. However, it has a weakness against denial of service attack caused by breaking down or being compromised. G. Vanrenen et al. proposed a distributed SEM approach to overcome the weakness. However, it does not provide the desirable properties such as instant availability and immunity against denial of service attack, due to inadequate usage of threshold cryptography and proactive secret sharing. In this paper, we point out its structural shortcomings and propose a modified version.
This work was partially supported by IT Scholarship Program supervised by Institute for Information Technology Advancement (IITA) & Ministry of Information and Communication (MIC) in Republic of Korea, Grant No. R01-2006-000-10260-0 from the Basic Research Program of KOSEF, and Strategic International Cooperative Program, Japan Science and Technology Agency (JST).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Herzberg, A., Jakobsson, M., Jarechi, S., Krawczyk, H., Yung, M.: Proactive public key and signature systems. In: ACM Conference on Computer and Communications Security, pp. 100–110 (1997)
Herzberg, A., Jarecki, S., Krawczyk, H., Yung, M.: Proactive secret sharing or: How to cope with perpetual leakage. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 339–352. Springer, Heidelberg (1995)
Boneh, D., Ding, X., Tsudik, G., Wong, C.M.: A method for fast revocation of public key certificates and security capabilities. In: 10th USENIX Security Symposium, pp. 297–308 (2001)
Adams, C., Lloyd, S.: Understanding public-key infrastructure: concepts, standard, and deployment considerations. Macmillan Technical Publishing, Indianapolis (1999)
Vanrenen, G., Smith, S.W.: Distributing Security-Mediated PKI. In: 1st European PKI Workshop Research and Applications, pp. 213–231 (2004)
Luo, H., Lu, S.: Ubiquitous and Robust Authentication Services for Ad Hoc Wireless Networks, UCLA Computer Science Technical Report 200030 (2000)
Zhou, L.: Towards Fault-Tolerant and Secure On-line Services, PhD Dissertation, Department of Computer Science, Cornell University, Ithaca, NY USA (2001)
Naor, M., Nissim, K.: Certificate revocation and certificate update. In: 7th USENIX Security Symposium, pp. 217–228 (1998)
Felman, P.: A Pracitcal Scheme for Non-Interactive Verifiable Secret Sharing. In: 28th Annual IEEE Symposium on Foundations of Computer Science (1987)
MacKenzie, P., Reiter, M.: Networked Cryptographic Devices Resilient to Capture. IEEE Security and Privacy 01, 21–25 (2001)
Sandhu, R., Bellare, M., Ganesan, R.: Password-Enabled PKI: Virtual Smartcards versus Virtual Soft Tokens. In: 1st Annual PKI Research Workshop, pp. 89–96 (2002)
Jarecki, S., Saxena, N., Yi, J.H.: An Attack on the Proactive RSA Signature Scheme in the URSA Ad-Hoc Network Access Control Protocol. In: ACM Workshop on Security of Ad Hoc and Sensor Networks, pp. 1–9 (2004)
Koga, S., Imamoto, K., Sakurai, K.: Enhancing Security of Security-Mediated PKI by One-time ID. In: 4th Annual PKI R&D Workshop, pp. 176–189 (2005)
Xu, S., Sandhu, R.: Two Efficient and Provably Secure Schemes for Server-Assisted Threshold Signatures. CT-RSA, pp. 355–372 (2003)
Rabin, T.: A Simplified Approach to Threshold and Proactive RSA. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 89–104. Springer, Heidelberg (1998)
Pedersen, T.P.: Non-interactive and Information-Theoretic Secure Verifiable Secret Sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)
Ding, X., Mazzocchi, D., Tsudik, G.: Experimenting with server-aided signatures. In: Network and Distributed Systems Security Symposium (2002)
Wang, X.: Intrusion-Tolerant Password-Enabled PKI. In: 2nd Annual PKI Research Workshop Proceedings, pp. 44–53 (2003)
Frankel, Y., Gemmell, P., MacKenzie, P.D., Yung, M.: Optimal resilience proactive public key cryptosystems. In: IEEE Symposium on Foundations of Computer Science, pp. 440–454 (1997)
Frankel, Y., Gemmell, P.S., MacKenzie, P.D., Yung, M.: Proactive RSA. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 440–454. Springer, Heidelberg (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yang, JP., Sakurai, K., Rhee, K.H. (2006). Distributing Security-Mediated PKI Revisited. In: Atzeni, A.S., Lioy, A. (eds) Public Key Infrastructure. EuroPKI 2006. Lecture Notes in Computer Science, vol 4043. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11774716_3
Download citation
DOI: https://doi.org/10.1007/11774716_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-35151-1
Online ISBN: 978-3-540-35152-8
eBook Packages: Computer ScienceComputer Science (R0)