Skip to main content
SpringerLink
Log in

Distributing Security-Mediated PKI

  • Conference paper
Public Key Infrastructure (EuroPKI 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3093))

Included in the following conference series:

Abstract

The SEM approach to PKI (by Boneh et alĀ [4]) offers many advantages, such as instant revocation and compatibility with standard RSA tools. However, it has some disadvantages with regard to trust and scalability: each user depends on a mediator that may go down or become compromised.

In this paper, we present a design that addresses this problem. We use secure coprocessors linked with peer-to-peer networks, to create a network of trustworthy mediators, to improve availability. We use threshold cryptography to build a back-up and migration technique, to provide recovery from a mediator crashing while also avoiding having all mediators share all secrets. We then use strong forward secrecy with this migration, to mitigate the damage should a crashed mediator actually be compromised. We also discuss a prototype implementation of this design.

This work was supported in part by the Mellon Foundation, by the NSF (CCR-0209144), by Internet2/AT&T, and by the Office for Domestic Preparedness, U.S. Dept of Homeland Security (2000-DT-CX-K001). The views and conclusions do not necessarily represent those of the sponsors.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Alon, N., Kaplan, H., Krivelevich, M., Malkhi, D., Stern, J.: Scalable Secure Storage When Half the System Is Faulty. Information and ComputationĀ 174, 203ā€“213 (2002)

    ArticleĀ  MATHĀ  MathSciNetĀ  Google ScholarĀ 

  2. Andrews, G.: Paradigms for Process Interaction in Distributed Programs. ACM Computing SurveysĀ 23, 49ā€“90 (1991)

    ArticleĀ  Google ScholarĀ 

  3. Boneh, D., Ding, X., Tsudik, G.: Fine-Grained Control of Security Capabilities. ACM Transactions on Internet Technology (2004)

    Google ScholarĀ 

  4. Boneh, D., Ding, X., Tsudik, G., Wong, C.M.: A method for fast revocation of public key certificates and security capabilities. In: 10th USENIX Security Symposium, pp. 297ā€“308 (2001)

    Google ScholarĀ 

  5. Burmester, M., Chrissikopoulos, V., Kotzanikolaou, P., Magkos, E.: Strong Forward Security. In: IFIP-SEC 2001 Conference, pp. 109ā€“121. Kluwer, Dordrecht (2001)

    Google ScholarĀ 

  6. Chen, B., Morris, R.: Certifying Program Execution with Secure Processors. In: 9th Hot Topics in Operating Systems (HOTOS-IX) (2003)

    Google ScholarĀ 

  7. Cooper, D.A.: A model of certificate revocation. In: Fifteenth Annual Computer Security Applications Conference, pp. 256ā€“264 (1999)

    Google ScholarĀ 

  8. Ding, X., Mazzocchi, D., Tsudik, G.: Experimenting with server-aided signatures. In: Network and Distributed Systems Security Symposium (2002)

    Google ScholarĀ 

  9. Dodis, Y., Katz, J., Xu, S., Yung, M.: Strong Key-Insulated Signature Schemes. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol.Ā 2567, pp. 109ā€“121. Springer, Heidelberg (2003)

    Google ScholarĀ 

  10. England, P., Lampson, B., Manferdelli, J., Peinado, M., Willman, B.: A Trusted Open Platform. IEEE Computer, 55ā€“62 (2003)

    Google ScholarĀ 

  11. Frankel, Y., Gemmell, P., MacKenzie, P.D., Yung, M.: Optimal resilience proactive publickey cryptosystems. In: IEEE Symposium on Foundations of Computer Science, pp. 384ā€“393 (1997)

    Google ScholarĀ 

  12. Frankel, Y., Gemmell, P., MacKenzie, P.D., Yung, M.: Proactive RSA. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol.Ā 1294, pp. 440ā€“454. Springer, Heidelberg (1997)

    Google ScholarĀ 

  13. Garfinkel, T., Rosenblum, M., Boneh, D.: Flexible OS Support and Applications for Trusted Computing. In: 9th Hot Topics in Operating Systems (HOTOS-IX) (2003)

    Google ScholarĀ 

  14. Herzberg, A., Jakobsson, M., Jarecki, S., Krawczyk, H., Yung, M.: Proactive public key and signature systems. In: ACM Conference on Computer and Communications Security, pp. 100ā€“110 (1997)

    Google ScholarĀ 

  15. Herzberg, A., Jarecki, S., Krawczyk, H., Yung, M.: Proactive secret sharing or: How to cope with perpetual leakage. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol.Ā 963, pp. 339ā€“352. Springer, Heidelberg (1995)

    Google ScholarĀ 

  16. Le, Z., Smith, S.: Proactive mediated rsa. Department of Computer Science, Dartmouth College (2004) (manuscript)

    Google ScholarĀ 

  17. Lie, D., Thekkath, C., Mitchell, M., Lincoln, P., Boneh, D., Mitchell, J., Horowitz, M.: Architectural Support for Copy and Tamper Resistant Software. In: Proceedings of the 9th International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 168ā€“177 (2000)

    Google ScholarĀ 

  18. Marchesini, J., Smith, S.: Virtual Hierarchies: An Architecture for Building and Maintaining Efficient and Resilient Trust Chains. In: Proceedings of the 7th Nordic Workshop on Secure IT Systemsā€”NORDSEC 2002, Karlstad University Studies (2002)

    Google ScholarĀ 

  19. Marchesini, J., Smith, S., Wild, O., Macdonald, R.: Experimenting with TCPA/TCG Hardware, Or: How I Learned to Stop Worrying and Love The Bear. Computer Science Technical Report TR2003-476, Dartmouth College (2003)

    Google ScholarĀ 

  20. McDaniel, P., Jamin, S.: Windowed certificate revocation. In: IEEE Symposium on Security and Privacy, pp. 1406ā€“1414 (2000)

    Google ScholarĀ 

  21. McDaniel, P., Rubin, A.: A response to can we eliminate certificate revocation lists? In: Frankel, Y. (ed.) FC 2000. LNCS, vol.Ā 1962, p. 245. Springer, Heidelberg (2000)

    ChapterĀ  Google ScholarĀ 

  22. McGregor, P., Lee, R.: Virtual Secure Co-Processing on General-purpose Processors. Technical Report CE-L2002-003, Princeton University (2002)

    Google ScholarĀ 

  23. Micali, S.: Novomodo: Scalable certificate validation and simplified pki management. In: 1st Annual PKI Research Workshop (2002)

    Google ScholarĀ 

  24. Shamir, A.: How to share a secret. Communications of the ACMĀ 22, 612ā€“613 (1979)

    ArticleĀ  MATHĀ  MathSciNetĀ  Google ScholarĀ 

  25. Smith, S.W.: Outbound Authentication for Programmable Secure Coprocessors. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol.Ā 2502, pp. 72ā€“89. Springer, Heidelberg (2002)

    ChapterĀ  Google ScholarĀ 

  26. Smith, S., Weingart, S.: Building a High-Performance, Programmable Secure Coprocessor. Computer NetworksĀ 31, 831ā€“860 (1999)

    ArticleĀ  Google ScholarĀ 

  27. Stearns, B.: Trail: Java Native Interface. Sun Microsystems, Inc. (2004), http://java.sun.com/docs/books/tutorial/native1.1/

  28. Suh, G., Clarke, D., Gassend, B., van Dijk, M., Devadas, S.: AEGIS: Architecture for Tamper-Evident and Tamper-Resistant processing. In: Proceedings of the 17 International Conference on Supercomputing, pp. 160ā€“171 (2003)

    Google ScholarĀ 

  29. Sun Microsystems, Inc.: Project JXTA: Java Programmers Guide (2001), http://www.jxta.org

  30. Trusted Computing Platform Alliance: TCPA PC Specific Implementation Specification, Version 1.00. (2001), http://www.trustedcomputinggroup.org

  31. Tsudik, G.: Weak Forward Security in Mediated RSA. In: Security in Computer Networks Conference (2002)

    Google ScholarĀ 

  32. Tzeng, Z., Tzeng, W.: Robust Key-Evolving Public Key Encryption Schemes. Crypology Eprint Archive Report (2001), http://eprint.iacr.org/2001/009

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science/PKI Lab, Dartmouth College, Hanover, NH, 03755, USA

    Gabriel VanrenenĀ &Ā Sean Smith

Authors
  1. Gabriel Vanrenen
    View author publications

    You can also search for this author in PubMedĀ Google Scholar

  2. Sean Smith
    View author publications

    You can also search for this author in PubMedĀ Google Scholar

Editor information

Editors and Affiliations

  1. Dept. of Technology Education and Digital Systems, University of Piraeus, 150 Androutsou St., GR-18532, Pireaus, Greece

    Sokratis K. Katsikas

  2. Department of Information and Communication Systems Engineering, University of the Aegean, Karlovassi, Samos, Greece

    Stefanos Gritzalis

  3. Department of Information and Communication Technologies, University of A CoruƱa, Spain

    Javier LĆ³pez

Rights and permissions

Reprints and permissions

Copyright information

Ā© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Vanrenen, G., Smith, S. (2004). Distributing Security-Mediated PKI. In: Katsikas, S.K., Gritzalis, S., LĆ³pez, J. (eds) Public Key Infrastructure. EuroPKI 2004. Lecture Notes in Computer Science, vol 3093. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-25980-0_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-25980-0_18

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-22216-3

  • Online ISBN: 978-3-540-25980-0

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation