research-article

Trustworthy and Transparent Third-party Authority

Authors:

James JoshiAuthors Info & Claims

ACM Transactions on Internet Technology (TOIT), Volume 20, Issue 4

Article No.: 31, Pages 1 - 23

https://doi.org/10.1145/3386262

Published: 15 October 2020 Publication History

Abstract

Recent advances in cryptographic approaches, such as Functional Encryption and Attribute-based Encryption and their variants, have shown significant promise for enabling public clouds to provide secure computation and storage services for users’ sensitive data. A crucial component of these approaches is a third-party authority (TPA) that must be trusted to set up public parameters, provide private key service, and so on. Components of deployed cryptographic mechanisms such as the certificate authorities (CAs), which are the TPAs of the underlying PKI for the SSL/TLS protocol, have faced several types of attacks (e.g., stealthy targeted and censorship attacks), and certificate mis-issuance problems. Such practical challenges indicate that the successful deployment of newer emerging cryptographic schemes will also significantly depend on the trustworthiness of the TPAs. Furthermore, recently proposed decentralized TPA approaches that lower the threshold on the conditions required for an entity to become an authority can make the trust issue much worse. To address this issue, we propose an authority transparency framework to ensure the trustworthiness of TPAs of recent and emerging advanced cryptographic schemes. The framework includes a formal model and a secure logging-based approach to implement the framework. Further, to address the issues related to privacy, we also present a privacy-preserving authority transparency approach. We present security analysis and performance evaluation to show that authority transparency achieves the security and performance goals.

Supplementary Material

a31-xu-apndx.pdf (xu.zip)

Supplemental movie, appendix, image and software files for, Trustworthy and Transparent Third-party Authority

Download
288.23 KB

References

[1]

Mohamed Hossam Afifi, Liang Zhou, Shantanu Chakrabartty, and Jian Ren. 2018. Dynamic authentication protocol using self-powered timers for passive Internet of Things. IEEE IoT J. 5, 4 (2018), 2927--2935.

[2]

Shashank Agrawal and Melissa Chase. 2017. FAME: Fast attribute-based message encryption. In Proceedings of the ACM Special Interest Group on Security, Audit and Control Conference on Computer and Communications Security (CCS’17). ACM, 665--682.

Digital Library

[3]

Joseph A. Akinyele, Christina Garman, Ian Miers, Matthew W. Pagano, Michael Rushanan, Matthew Green, and Aviel D. Rubin. 2013. Charm: A framework for rapidly prototyping cryptosystems. J. Cryptogr. Eng. 3, 2 (2013), 111--128.

[4]

Christian Badertscher, Christian Matt, and Ueli Maurer. 2017. Strengthening access control encryption. In Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT’17). Springer, 502--532.

[5]

David Basin, Cas Cremers, Tiffany Hyun-Jin Kim, Adrian Perrig, Ralf Sasse, and Pawel Szalachowski. 2018. Design, analysis, and implementation of ARPKI: An attack-resilient public-key infrastructure. IEEE Trans. Depend. Secure Comput. 15, 3 (2018), 393--408.

[6]

Mihir Bellare and Sriram Keelveedhi. 2015. Interactive message-locked encryption and secure deduplication. In Proceedings of the International Workshop on Theory and Practice in Public Key Cryptography (PKC’15). Springer, 516--538.

[7]

John Bethencourt, Amit Sahai, and Brent Waters. 2007. Ciphertext-policy attribute-based encryption. In Proceedings of the IEEE Symposium IEEE Symposium on Security and Privacy (S8P’07). IEEE, 321--334.

Digital Library

[8]

Dan Boneh, Rosario Gennaro, Steven Goldfeder, Aayush Jain, Sam Kim, Peter M. R. Rasmussen, and Amit Sahai. 2018. Threshold cryptosystems from threshold fully homomorphic encryption. In Proceedings of the Annual International Cryptology Conference. Springer, 565--596.

Digital Library

[9]

Dan Boneh, Craig Gentry, Shai Halevi, Frank Wang, and David J. Wu. 2013. Private database queries using somewhat homomorphic encryption. In Proceedings of the International Conference on Applied Cryptography and Network Security. Springer, 102--118.

[10]

Dan Boneh, Amit Sahai, and Brent Waters. 2011. Functional encryption: Definitions and challenges. In Proceedings of the IACR Theory of Cryptography Conference (TCC’11). Springer, 253--273.

[11]

Kevin Borgolte, Tobias Fiebig, Shuang Hao, Christopher Kruegel, and Giovanni Vigna. 2018. Cloud strife: Mitigating the security risks of domain-validated certificates. In Proceedings of the Network and Distributed System Security Symposium (NDSS’18). Internet Society.

Digital Library

[12]

Zvika Brakerski, Craig Gentry, and Vinod Vaikuntanathan. 2014. (Leveled) fully homomorphic encryption without bootstrapping. ACM Trans. Comput. Theory 6, 3 (2014), 13.

Digital Library

[13]

Aldo Cassola, William K. Robertson, Engin Kirda, and Guevara Noubir. 2013. A practical, targeted, and stealthy attack against WPA enterprise authentication. In Proceedings of the Network and Distributed System Security Symposium (NDSS’13). Internet Society.

[14]

Scott Chacon and Ben Straub. 2014. Pro Git. Apress.

[15]

Melissa Chase. 2007. Multi-authority attribute based encryption. In Proceedings of the IACR Theory of Cryptography Conference (TCC’07). Springer, 515--534.

[16]

Melissa Chase and Sarah Meiklejohn. 2016. Transparency overlays and applications. In Proceedings of the ACM Special Interest Group on Security, Audit and Control Conference on Computer and Communications Security (CCS’16). ACM, 168--179.

Digital Library

[17]

Jing Chen, Shixiong Yao, Quan Yuan, Kun He, Shouling Ji, and Ruiying Du. 2018. CertChain: Public and efficient certificate audit based on blockchain for TLS connections. In Proceedings of the IEEE IEEE International Conference on Computer Communications (INFOCOM’18). IEEE, 2060--2068.

[18]

Laurent Chuat, Pawel Szalachowski, Adrian Perrig, Ben Laurie, and Eran Messeri. 2015. Efficient gossip protocols for verifying the consistency of certificate logs. In Proceedings of the IEEE Conference on Communications and Network Security (CNS’15). IEEE, 415--423.

[19]

Alberto Dainotti, Claudio Squarcella, Emile Aben, Kimberly C. Claffy, Marco Chiesa, Michele Russo, and Antonio Pescapé. 2011. Analysis of country-wide internet outages caused by censorship. In Proceedings of the ACM SIGCOMM Internet Measurement Conference (IMC’11). ACM, 1--18.

Digital Library

[20]

Ivan Damgård, Valerio Pastro, Nigel Smart, and Sarah Zakarias. 2012. Multiparty computation from somewhat homomorphic encryption. In Proceedings of the Annual Cryptology Conference. Springer, 643--662.

Digital Library

[21]

Benjamin Dowling, Felix Günther, Udyani Herath, and Douglas Stebila. 2016. Secure logging schemes and certificate transparency. In Proceedings of the European Symposium on Research in Computer Security. Springer, 140--158.

[22]

Saba Eskandarian, Eran Messeri, Joe Bonneau, and Dan Boneh. 2017. Certificate transparency with privacy. In Proceedings on Privacy Enhancing Technologies. 329--344.

[23]

Ben Fisch, Dhinakaran Vinayagamurthy, Dan Boneh, and Sergey Gorbunov. 2017. Iron: Functional encryption using Intel SGX. In Proceedings of the ACM Special Interest Group on Security, Audit and Control Conference on Computer and Communications Security (CCS’17). ACM, 765--782.

Digital Library

[24]

Oliver Gasser, Benjamin Hof, Max Helm, Maciej Korczynski, Ralph Holz, and Georg Carle. 2018. In log we trust: Revealing poor security practices with certificate transparency logs and internet measurements. In Proceedings of the Passive and Active Measurement Conference (PAM’18). Springer, 173--185.

[25]

Craig Gentry, Amit Sahai, and Brent Waters. 2013. Homomorphic encryption from learning with errors: Conceptually-simpler, asymptotically-faster, attribute-based. In Proceedings of the Annual Cryptology Conference. Springer, 75--92.

[26]

Nikita Gorasia, R. R. Srikanth, Nishant Doshi, and Jay Rupareliya. 2016. Improving security in multi authority attribute based encryption with fast decryption. Proc. Comput. Sci. 79 (2016), 632--639.

[27]

Sergey Gorbunov, Vinod Vaikuntanathan, and Hoeteck Wee. 2015. Predicate encryption for circuits from LWE. In Proceedings of the IACR Annual International Cryptology Conference (CRYPTO’15). Springer, 503--523.

[28]

The Wall Street Journal. 2017. Yahoo Triples Estimate of Breached Accounts to 3 Billion. Retrieved January 19 2018 from https://www.wsj.com/articles/yahoo-triples-estimate-of-breached-accounts-to-3-billion-1507062804.

[29]

Jonathan Katz, Amit Sahai, and Brent Waters. 2008. Predicate encryption supporting disjunctions, polynomial equations, and inner products. In Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT’08). Springer, 146--162.

[30]

Sam Kim and David J. Wu. 2017. Access control encryption for general policies from standard assumptions. In Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT’17). Springer, 471--501.

[31]

Deepak Kumar, Zhengping Wang, Matthew Hyder, Joseph Dickinson, Gabrielle Beck, David Adrian, Joshua Mason, Zakir Durumeric, J. Alex Halderman, and Michael Bailey. 2018. Tracking certificate misissuance in the wild. In Proceedings of the IEEE Symposium IEEE Symposium on Security and Privacy (S8P’18). IEEE, 785--798.

[32]

Ben Laurie. 2014. Certificate transparency. Queue 12, 8 (2014), 10.

Digital Library

[33]

Ben Laurie and Emilia Kasper. 2012. Revocation transparency. Google Research September (2012), 33.

[34]

Ben Laurie, Adam Langley, and Emilia Kasper. 2013. Certificate Transparency. Technical Report. IETF.

[35]

Neal Leavitt. 2011. Internet security under attack: The undermining of digital certificates. Computer 44, 12 (2011), 17--20.

Digital Library

[36]

Brian Neil Levine, Clay Shields, and N. Boris Margolin. 2006. A survey of solutions to the sybil attack. University of Massachusetts Amherst, Amherst, MA.

[37]

Allison Lewko and Brent Waters. 2011. Decentralizing attribute-based encryption. In Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT’11). Springer, 568--588.

[38]

Marcela S. Melara, Aaron Blankstein, Joseph Bonneau, Edward W. Felten, and Michael J. Freedman. 2015. CONIKS: Bringing key transparency to end users. In Proceedings of the USENIX Security Symposium (Security’15). 383--398.

[39]

Yannis Rouselakis and Brent Waters. 2013. Practical constructions and new proof methods for large universe attribute-based encryption. In Proceedings of the ACM Special Interest Group on Security, Audit and Control Conference on Computer and Communications Security (CCS’13). ACM, 463--474.

Digital Library

[40]

Mark Dermot Ryan. 2014. Enhanced certificate transparency and end-to-end encrypted mail. In Proceedings of the Network and Distributed System Security Symposium (NDSS’14). Internet Society.

[41]

Quirin Scheitle, Taejoong Chung, Jens Hiller, Oliver Gasser, Johannes Naab, Roland van Rijswijk-Deij, Oliver Hohlfeld, Ralph Holz, Dave Choffnes, Alan Mislove, et al. 2018. A first look at certification authority authorization (CAA). ACM SIGCOMM Comput. Commun. Rev. 48, 2 (2018), 10--23.

Digital Library

[42]

Quirin Scheitle, Oliver Gasser, Theodor Nolte, Johanna Amann, Lexi Brent, Georg Carle, Ralph Holz, Thomas C. Schmidt, and Matthias Wählisch. 2018. The rise of certificate transparency and its implications on the internet ecosystem. In Proceedings of the ACM SIGCOMM Internet Measurement Conference (IMC’18). ACM, 343--349.

Digital Library

[43]

Linus Sjöström and Carl Nykvist. 2017. How Certificate Transparency Impact the Performance. Bachelor Thesis, Linköping University, Sweden.

[44]

Brent Waters. 2011. Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. In Proceedings of the International Workshop on Theory and Practice in Public Key Cryptography (PKC’11). Springer, 53--70.

[45]

Brent Waters. 2012. Functional encryption for regular languages. In Proceedings of the IACR Annual International Cryptology Conference (CRYPTO’12). Springer, 218--235.

Digital Library

[46]

Ethereum Wiki. 2018. Merkle Patricia Trie Specification. Retrieved January 31, 2018 from https://github.com/ethereum/wiki/wiki/Patricia-Tree.

[47]

Jiangshan Yu, Mark Ryan, and Cas Cremers. 2018. Decim: Detecting endpoint compromise in messaging. IEEE Trans. Inf. Forens. Secur. 13, 1 (2018), 106--118.

[48]

Liang Zhou, Sri Harsha Kondapalli, Kenji Aono, and Shantanu Chakrabartty. 2019. Desynchronization of self-powered FN tunneling timers for trust verification of IoT supply-chain. IEEE IoT J. 6, 4 (2019), 6537--6547.

Cited By

Amanowicz MSzwaczyk SWrona KAmanowicz MSzwaczyk SWrona K(2024)DCS Deployment in SDN-Based SystemsData-Centric Security in Software Defined Networks (SDN)10.1007/978-3-031-55517-6_7(89-105)Online publication date: 12-Apr-2024
https://doi.org/10.1007/978-3-031-55517-6_7
Banerjee PBehl DKodeswaran PKumar CRuj SSen SVinayagamurthy D(2023)Accelerated Verifiable Fair Digital ExchangeDistributed Ledger Technologies: Research and Practice10.1145/35964482:3(1-24)Online publication date: 18-Sep-2023
https://dl.acm.org/doi/10.1145/3596448
Mishra RRamesh DKanhere SEdla D(2023)Enabling Efficient Deduplication and Secure Decentralized Public Auditing for Cloud Storage: A Redactable Blockchain ApproachACM Transactions on Management Information Systems10.1145/357855514:3(1-35)Online publication date: 23-Jun-2023
https://dl.acm.org/doi/10.1145/3578555
Show More Cited By

Index Terms

Trustworthy and Transparent Third-party Authority
1. Security and privacy

Recommendations

Remarks on the security of the strong proxy signature scheme with proxy signer privacy protection

In 1996, Mambo et al. introduced the proxy signature scheme for digital applications to delegate the signing capability to a proxy signer. Various constructions were made to devise a strong nondesignated proxy signature scheme. In 2002, Shum and Wei ...
Secure, efficient and revocable multi-authority access control system in cloud storage

A multi-authority attribute-based access control system for cloud storage is proposed.An adaptively secure multi-authority CP-ABE (MA-CP-ABE) scheme in the standard model.A decryption outsourcing method for the proposed MA-CP-ABE scheme.An attribute-...
Non-delegatable strong designated verifier signature using a trusted third party without pairings
AISC '13: Proceedings of the Eleventh Australasian Information Security Conference - Volume 138

Strong designated verifier signature (SDVS) is characterized by two properties; namely the non-transferability and the privacy of the signer's identity (PSI). Non-transferability prevents anyone else other than the designated verifier to verify the ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Internet Technology

ACM Transactions on Internet Technology Volume 20, Issue 4

November 2020

391 pages

ISSN:1533-5399

EISSN:1557-6051

DOI:10.1145/3427795

Editor:
Ling Liu
Georgia Institute of Technology, USA

Issue’s Table of Contents

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 October 2020

Online AM: 07 May 2020

Accepted: 01 March 2020

Revised: 01 January 2020

Received: 01 April 2019

Published in TOIT Volume 20, Issue 4

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

National Science Foundation

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
214
Total Downloads

Downloads (Last 12 months)30
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Amanowicz MSzwaczyk SWrona KAmanowicz MSzwaczyk SWrona K(2024)DCS Deployment in SDN-Based SystemsData-Centric Security in Software Defined Networks (SDN)10.1007/978-3-031-55517-6_7(89-105)Online publication date: 12-Apr-2024
https://doi.org/10.1007/978-3-031-55517-6_7
Banerjee PBehl DKodeswaran PKumar CRuj SSen SVinayagamurthy D(2023)Accelerated Verifiable Fair Digital ExchangeDistributed Ledger Technologies: Research and Practice10.1145/35964482:3(1-24)Online publication date: 18-Sep-2023
https://dl.acm.org/doi/10.1145/3596448
Mishra RRamesh DKanhere SEdla D(2023)Enabling Efficient Deduplication and Secure Decentralized Public Auditing for Cloud Storage: A Redactable Blockchain ApproachACM Transactions on Management Information Systems10.1145/357855514:3(1-35)Online publication date: 23-Jun-2023
https://dl.acm.org/doi/10.1145/3578555
Khan SLuo FZhang ZUllah FAmin FQadri SHeyat MRuby RWang LUllah SLi MLeung VWu K(2023)A Survey on X.509 Public-Key Infrastructure, Certificate Revocation, and Their Modern Implementation on Blockchain and Ledger TechnologiesIEEE Communications Surveys & Tutorials10.1109/COMST.2023.332364025:4(2529-2568)Online publication date: Dec-2024
https://doi.org/10.1109/COMST.2023.3323640
Wrona K(2023)Towards Data-Centric Security for NATO OperationsDigital Transformation, Cyber Security and Resilience10.1007/978-3-031-44440-1_15(75-92)Online publication date: 1-Nov-2023
https://doi.org/10.1007/978-3-031-44440-1_15
Shahzad KZia TQazi E(2022)A Review of Functional Encryption in IoT ApplicationsSensors10.3390/s2219756722:19(7567)Online publication date: 6-Oct-2022
https://doi.org/10.3390/s22197567
Xu RLi CJoshi J(2022)Blockchain-based Transparency Framework for Privacy Preserving Third-party ServicesIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.3179698(1-1)Online publication date: 2022
https://doi.org/10.1109/TDSC.2022.3179698
Maldonado-Ruiz DTorres JEl Madhoun NBadra M(2022)Current Trends in Blockchain Implementations on the Paradigm of Public Key Infrastructure: A SurveyIEEE Access10.1109/ACCESS.2022.314515610(17641-17655)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3145156
Shen XLiu DHuang CXue LYin HZhuang WSun RYing B(2022)Blockchain for Transparent Data Management Toward 6GEngineering10.1016/j.eng.2021.10.0028(74-85)Online publication date: Jan-2022
https://doi.org/10.1016/j.eng.2021.10.002
Xu RJoshi J(2020)Revisiting Secure Computation Using Functional Encryption: Opportunities and Research Directions2020 Second IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA)10.1109/TPS-ISA50397.2020.00038(226-235)Online publication date: Oct-2020
https://doi.org/10.1109/TPS-ISA50397.2020.00038

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Figures

Tables

Media

View Issue’s Table of Contents