Skip to main content
SpringerLink
Log in

Revocation and Non-repudiation: When the First Destroys the Latter

  • Conference paper
Public Key Infrastructures, Services and Applications (EuroPKI 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8341))

Included in the following conference series:

Abstract

Electronic signatures replace handwritten signatures in electronic processes. In this context, non-repudiation is one of the most desired properties – yet in practice it cannot be provided by the signature schemes themselves. Therefore, additional mechanisms in the underlying public key infrastructure are required. In this work, we present a formal treatment of that issue. We extend the formal model for public key infrastructures by Maurer introducing transitions to make it dynamic. We use the extended model to evaluate the relationship between non-repudiation and revocation and prove that backdated revocation always destroys the non-repudiation property. We prove that forward secure signatures can be used to maintain non-repudiation, rendering the costly use of time-stamping – as required by all existing solutions – superfluous. We also show how to realize this in practice, introducing a new index reporting protocol. Moreover, we show how this protocol can be used to support detection of malicious key usage, thereby improving the overall security of electronic signing. Besides, the index reporting protocol allows for a convenient realization of pay per use models for certificate pricing.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 49.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Adams, C., Cain, P., Pinkas, D., Zuccherato, R.: RFC 3161 — Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP). RFC 3161 (Proposed Standard) (2001), Updated by RFC 5816

    Google Scholar 

  2. ANSI X9.95-2012 — Trusted Time Stamp Management and Security (2012)

    Google Scholar 

  3. Baier, H., Karatsiolis, V.: Validity models of electronic signatures and their enforcement in practice. In: Martinelli, F., Preneel, B. (eds.) EuroPKI 2009. LNCS, vol. 6391, pp. 255–270. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  4. Bellare, M., Miner, S.K.: A Forward-Secure Digital Signature Scheme. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 431–448. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  5. Bicakci, K., Crispo, B., Tanenbaum, A.S.: How to incorporate revocation status information into the trust metrics for public-key certification. In: Proceedings of the 2005 ACM Symposium on Applied Computing, SAC 2005, pp. 1594–1598. ACM (2005)

    Google Scholar 

  6. Braun, J., Horsch, M., Wiesmaier, A.: iPIN and mTAN for secure eID applications. In: Ryan, M.D., Smyth, B., Wang, G. (eds.) ISPEC 2012. LNCS, vol. 7232, pp. 259–276. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  7. Braun, J., Hülsing, A., Wiesmaier, A., Vigil, M.A.G., Buchmann, J.: How to avoid the breakdown of public key infrastructures - forward secure signatures for certificate authorities. In: De Capitani di Vimercati, S., Mitchell, C. (eds.) EuroPKI 2012. LNCS, vol. 7868, pp. 53–68. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  8. Buchmann, J., Dahmen, E., Hülsing, A.: XMSS - A practical forward secure signature scheme based on minimal security assumptions. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 117–129. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  9. Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., Polk, W.: Rfc 5280 — internet x.509 public key infrastructure certificate and certificate revocation list (crl) profile. RFC 5280 (Proposed Standard) (2008)

    Google Scholar 

  10. Elwailly, F., Gentry, C., Ramzan, Z.: QuasiModo: Efficient Certificate Validation and Revocation. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 375–388. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  11. Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988)

    Article  MATH  MathSciNet  Google Scholar 

  12. ISO/IEC 13888-1 — Information technology-security techniques-non-repudiation, Part 1 (1997)

    Google Scholar 

  13. ISO/IEC 18014 — Information technology – Security techniques – Time-stamping services (2009)

    Google Scholar 

  14. Marchesini, J., Smith, S.: Modeling public key infrastructures in the real world. In: Chadwick, D., Zhao, G. (eds.) EuroPKI 2005. LNCS, vol. 3545, pp. 118–134. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  15. Maurer, U.M.: Modelling a Public-Key Infrastructure. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 325–350. Springer, Heidelberg (1996)

    Chapter  Google Scholar 

  16. Micali, S.: NOVOMODO: Scalable Certificate Validation and Simplified PKI Management. In: 1st Annual PKI Research Workshop, PKI 2002, pp. 15–25 (2002)

    Google Scholar 

  17. The European Parliament and the Council of the European Union. Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures. In European Union law. The European Parliament and Council (1999)

    Google Scholar 

  18. Zhou, J., Bao, F., Deng, R.: Minimizing ttp’s involvement in signature validation. International Journal of Information Security 5(1), 37–47 (2006)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. TU Darmstadt, Germany

    Johannes Braun & Andreas Hülsing

  2. University of Surrey, United Kingdom

    Franziskus Kiefer

Authors
  1. Johannes Braun
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Franziskus Kiefer
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Andreas Hülsing
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Digital Systems, University of Piraeus, 150 Androutsou St., 185 32, Piraeus, Greece

    Sokratis Katsikas

  2. Department of Computer Science, University of Malaga, Campus de Teatinos s/n, 29071, Málaga, Spain

    Isaac Agudo

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Braun, J., Kiefer, F., Hülsing, A. (2014). Revocation and Non-repudiation: When the First Destroys the Latter. In: Katsikas, S., Agudo, I. (eds) Public Key Infrastructures, Services and Applications. EuroPKI 2013. Lecture Notes in Computer Science, vol 8341. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-53997-8_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-53997-8_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-53996-1

  • Online ISBN: 978-3-642-53997-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation