Skip to main content
SpringerLink
Log in

Minimizing TTP's involvement in signature validation

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

A digital signature applied on a message could serve as irrefutable cryptographic evidence to prove its origin and integrity. However, evidence solely based on digital signatures may not enforce strong non-repudiation. Additional mechanisms are needed to make digital signatures as valid non-repudiation evidence in the settlement of possible disputes. Most of existing mechanisms for maintaining the validity of digital signatures rely on the supporting services from trusted third parties, e.g., time-stamping and certificate revocation. Obviously, this is less efficient for on-line transactions. In this paper, we propose two new schemes for validating digital signatures as non-repudiation evidence that minimize the trusted third party's involvement.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Abdalla, M., Reyzin, L.: A new forward-secure digital signature scheme. In: Advances in Cryptology: Asiacrypt '00, Kyoto, Japan, December 2000. Lecture Notes in Computer Science, vol. 1976, pp. 116–129 (2000)

  2. Admas, C., Cain, P., Pinkas, D., Zuccherato, R.: Internet X.509 public key infrastructure time-stamp protocol (TSP). RFC 3161, (2001)

  3. Akl, S.G.: Digital signatures: A tutorial survey. Computer 16(2), 15–24 (1983)

    MathSciNet  Google Scholar 

  4. Bellare, M., Miner, S.: A forward-secure digital signature scheme. In: Advances in Cryptology: Proceedings of Crypto '99, Santa Barbara, California, August 1999. Lecture Notes in Computer Science, vol. 1666, pp. 431–438 (1999)

  5. Bellovin, S., Merritt, M.: Encrypted key exchange: Password-based protocols secure against dictionary attacks. In: Proceedings of 1992 IEEE Symposium on Security and Privacy, Oakland, California, pp. 72–84 (1992)

  6. Booth, K.S.: Authentication of signatures using public key encryption. Commun. ACM 24(11), 772–774 (1981)

    Article  Google Scholar 

  7. DeMillo, R., Merritt, M.: Protocols for data security. Computer 16(2):39–50 (1983)

    Google Scholar 

  8. Dodis, Y., Katz, J., Xu, S., Yung, M.: Strong key-insulated signature schemes. In: Proceedings of 2003 International Workshop on Practice and Theory in Public Key Cryptography, Miami, January 2003. Lecture Notes in Computer Science, vol. 2567, pp. 130–144 (2003)

  9. Housley, R., Ford, W., Polk, W., Solo, D.: Internet X.509 public key infrastructure certificate and CRL profile. RFC 2459, (1999)

  10. Itkis, G., Reyzin, L.: Forward-secure signatures with optimal signing and verifying. In: Advances in Cryptology: Proceedings of Crypto '01, Santa Barbara, California, August 2001. Lecture Notes in Computer Science, vol. 2139, pp. 332–354 (2001)

  11. Itkis, G., Reyzin, L.: SiBIR: Signer-base intrusion-resilient signatures. In: Advances in Cryptology:Proceedings of Crypto '02, Santa Barbara, California, August 2002. Lecture Notes in Computer Science, vol. 2442, pp. 499–514 (2002)

  12. ITU-T: Information technology—Open systems interconnection—The directory: Public-key and attribute certificate frameworks. ITU-T Recommendation X.509 (2000)

  13. Kozlov, A., Reyzin, L.: Forward-secure signatures with fast key update. In: Proceedings of 3rd Conference on Security in Communication Networks, Amalfi, Italy (2002)

  14. Krawczyk, H.: Simple forward-secure signatures from any signature scheme. In: Proceedings of 7th ACM Conference on Computer and Communications Security, Athens, Greece, pp. 108–115 (2000)

  15. Malkin, T., Micciancio, D., Miner, S.: Efficient generic forward-secure signature with an unbounded number of time period. In: Advances in Cryptology: Proceedings of Eurocrypt '02, Amsterdam, The Netherlands, April 2002. Lecture Notes in Computer Science, vol. 2332, pp. 400–417 (2002)

  16. Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: X.509 Internet public key infrastructure on-line certificate status protocol (OCSP). RFC 2560 (1999)

  17. Sella, Y.: On the computation-storage trade-offs of hash chain traversal. In: Proceedings of 2003 Financial Cryptography, Gosier, Guadeloupe, January 2003. Lecture Notes in Computer Science (2003)

  18. Song, D.: Practical forward secure group signature schemes. In: Proceedings of 8th ACM Conference on Computer and Communication Security, Philadelphia, pp. 225–234 (2001)

  19. Wu, T.: The secure remote password protocol. In: Proceedings of 1998 Internet Society Network and Distributed System Security Symposium, San Diego, California, pp. 97–111 (1998)

  20. Zhou, J.: Non-repudiation in electronic commerce. In: Computer Security Series. Artech House (2001)

  21. Zhou, J.: Maintaining the validity of digital signatures in B2B applications. In: Proceedings of 2002 Australasian Conference on Information Security and Privacy, Melbourne, Australia, July 2002. Lecture Notes in Computer Science, pp. 303–315 (2002)

  22. Zhou, J., Bao, F., Deng, R.H.: Validating digital signatures without TTP's time-stamping and certificate revocation. In: Proceedings of 2003 Information Security Conference, Bristol, UK, October 2003. Lecture Notes in Computer Science, vol. 2851, pp. 96–110 (2003)

  23. Zhou, J., Lam, K.Y.: Securing digital signatures for non-repudiation. Comput. Comm. 22(8), 710–716 (1999)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Infocomm Security Department, Institute for Infocomm Research, 21 Heng Mui Keng Terrace, Singapore, 119613, Singapore

    Jianying Zhou & Feng Bao

  2. School of Information System, Singapore Management University, 469 Bukit Timah Road, Singapore, 259756, Singapore

    Robert Deng

Authors
  1. Jianying Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Feng Bao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Robert Deng
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jianying Zhou.

Additional information

Major results have been published at ACISP'02 [21] and ISC'03 [22].

Jianying Zhou is a lead scientist at Institute for Infocomm Research (I2R), and heads the Internet Security Lab. He is also an adjunct professor in University of Science and Technology of China and an adjunct senior scientist in University of Malaga.

Dr. Zhou worked in China, Singapore, and USA before joining I2R. He was a security consultant at the headquarters of Oracle Corporation, and took an architect role on securing e-business applications. He was a project manager at Kent Ridge Digital Labs, and led an R&D team to develop network security technologies. He was a post-doctoral fellow in National University of Singapore, and involved in a strategic research programme on computer security funded by National Science and Technology Board. He was formerly employed in Chinese Academy of Sciences, and played a critical role in a couple of national information security projects.

Dr. Zhou obtained PhD degree in Information Security from University of London (sponsored by UK government and K C Wong Education Foundation), MSc degree in Computer Science from Chinese Academy of Sciences, and BSc degree in Computer Science from University of Science and Technology of China. His research interests are in computer and network security, cryptographic protocol, digital signature and non-repudiation, mobile communications security, public-key infrastructure, secure electronic commerce, and virtual private network.

Dr. Zhou is actively involved in the academic community, serving on international conference committees and publishing papers at prestigious technical conferences and journals. He is a world-leading researcher on non-repudiation, and authored the book Non-repudiation in Electronic Commerce which was published by Artech House in 2001. He is a director in the board of International Communications and Information Security Association. He is a co-founder and steering committee member of International Conference on Applied Cryptography and Network Security, and served as program chair of ACNS 2003 and general chair of ACNS 2004. He received National Science and Technology Progress Award from State Commission of Science and Technology in 1995 in recognition of his achievement in the research and development of information security in China.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Zhou, J., Bao, F. & Deng, R. Minimizing TTP's involvement in signature validation. Int. J. Inf. Secur. 5, 37–47 (2006). https://doi.org/10.1007/s10207-005-0072-1

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-005-0072-1

Keywords

Search

Navigation