Zhengyi Le
Matt Bishop
ABSTRACT
Assistive environments employ multiple types of devices to monitor human actions and identify critical events for physical safety. Some of the devices must be wireless in order to be nonintrusive. This introduces the problem of authenticating these devices and building secure communication channels among them. The traditional way is to assign a private key to a device for digital identification. In this paper, we present an approach to protect the private key by introducing a third party and bilaterally and proactively generating a random number to refresh key shares based on Bellare and Miner's forward secure signature scheme. This improves the resilient mediated RSA solution because the entire private key is also updated periodically. In this way, if an attacker steals one key share, he only can use it for a limited period of time because it will be obsolete immediately after the next refresh operation. Even if he compromises both key shares simultaneously, the digital signatures generated by previous private keys are still secure. Our scheme is proven to be intrusion resilient based on the CDH assumption in the random oracle model. The construction is also quite efficient.
- Michel Abdalla, Sara K. Miner, and Chanathip Namprempre. Forward-secure threshold signature schemes. In CT-RSA 2001: Proceedings of the 2001 Conference on Topics in Cryptology, pages 441--456, London, UK, 2001. Springer-Verlag. Google Scholar
Digital Library
- Michel Abdalla and Leonid Reyzin. A New Forward-Secure Digital Signature Scheme. In Advances in Cryptology-ASIACRYPT '00, pages 116--129, 2000. Google ScholarDigital Library
- Mihir Bellare and Sara K. Miner. A Forward-Secure Digital Signature Scheme. In Proc. of Advances in Cryptology - CRYPTO '99, 19th Annual International Cryptology Conference, pages 431--448, 1999. Google ScholarDigital Library
- Mihir Bellare and Bennet Yee. Forward-security in private-key cryptography. In Proc. of Topics in Cryptology - CT-RSA 2003, The Cryptographers' Track at the RSA Conference 2003, pages 1--18, 2003. Google ScholarDigital Library
- Yigael Berger, Avishai Wool, and Arie Yeredor. Dictionary attacks using keyboard acoustic emanations. In CCS '06: Proceedings of the 13th ACM conference on Computer and communications security, pages 245--254, New York, NY, USA, 2006. ACM Press. Google ScholarDigital Library
- Matt Bishop and Carrie Gates. Defining the insider threat. In Proc. of the Cyber Security and Information Intelligence Research Workshop, 2008. Google ScholarDigital Library
- Dan Boneh, Xavier Boyen, and Eu-Jin Goh. Hierarchical Identity Based Encryption with Constant Size Ciphertext. In Proc. of Advances in Cryptology - EUROCRYPT 2005, pages 440--456, 2005. Google ScholarDigital Library
- Xavier Boyen, Hovav Shacham, Emily Shen, and Brent Waters. Forward-secure signatures with untrusted update. In CCS '06: Proceedings of the 13th ACM conference on Computer and communications security, pages 191--200, New York, NY, USA, 2006. ACM Press. Google ScholarDigital Library
- Mike Burmester, Vassilios Chrissikopoulos, Panayiotis Kotzanikolaou, and Emmanouil Magkos. Strong forward security. In Proc. of the 16th international conference on Information security: Trusted information, pages 109--121, 2001. Google ScholarDigital Library
- Ran Canetti, Shai Halevi, and Jonathan Katz. A Forward-Secure Public-Key Encryption Scheme. In Proc. of Advances in Cryptology - EUROCRYPT 2003, pages 255--271, 2003. Google ScholarDigital Library
- Yevgeniy Dodis, Matthew K. Franklin, Jonathan Katz, Atsuko Miyaji, and Moti Yung. A Generic Construction for Intrusion-Resilient Public-Key Encryption. In Proc. of Topics in Cryptology - CT-RSA 2004, The Cryptographers' Track at the RSA Conference 2004, pages 81--98, 2004.Google Scholar
- Yevgeniy Dodis, Jonathan Katz, Shouhuai Xu, and Moti Yung. Key-Insulated Public-Key Cryptosystems. In Proc. of Advances in Cryptology - EUROCRYPT 2002, pages 65--82, 2002. Google ScholarDigital Library
- Yevgeniy Dodis, Jonathan Katz, Shouhuai Xu, and Moti Yung. Strong Key-Insulated Public-Key Schemes. In Proc. of Public Key Cryptography - PKC 2003, 6th International Workshop on Theory and Practice in Public Key Cryptography, pages 130--144, 2003. Google ScholarDigital Library
- Amos Fiat and Adi Shamir. How to Prove Yourself: Practical Solutions to Identification and Signature Problems. In Proc. of Advances in Cryptology - CRYPTO 86, 6th Annual International Cryptology Conference, pages 186--194, 1986. Google ScholarDigital Library
- Yair Frankel, Peter Gemmell, Philip D. MacKenzie, and Moti Yung. Proactive RSA. In Proc. of Advances in Cryptology - CRYPTO '97, pages 440--454, 1997. Google ScholarDigital Library
- Gene Itkis. Intrusion-resilient signatures: Generic constructions, or defeating strong adversary with minimal assumptions. In Proc. of Security in Communication Networks, Third International Conference, SCN 2002, pages 102--118, 2002. Google ScholarDigital Library
- Gene Itkis and Leonid Reyzin. Forward-Secure Signatures with Optimal Signing and Verifying. In Advances in Cryptology-CRYPTO '01., pages 332--354, 2001. Google ScholarDigital Library
- Gene Itkis and Leonid Reyzin. Sibir: Signer-base intrusion-resilient signatures. In CRYPTO '02: Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology, pages 499--514, London, UK, 2002. Springer-Verlag. Google ScholarDigital Library
- Anton Kozlov and Leonid Reyzin. Forward-Secure Signatures with Fast Key Update. In 3rd Conference on Security in Communication Networks, pages 241--256, 2002. Google ScholarDigital Library
- Hugo Krawczyk. Simple Forward-Secure Signatures From Any Signature Scheme. In 7th ACM Conference on Computer and Communication Security, pages 108--115, 2000. Google ScholarDigital Library
- Zhengyi Le, Yi Ouyang, Yurong Xu, and Fillia Makedon. Preventing unofficial information propagation. In Proc. of the 9th International Conference on Information and Communication Security (ICICS '07), pages 113--125, 2007. Google ScholarDigital Library
- Zhengyi Le, Yi Ouyang, Yurong Xu, and Fillia Makedon. Mobile device protection against loss and capture. In Proc. of the 1st International Conference on Pervasive Technologies Related to Assistive Environments (PETRA '08), 2008. Google ScholarDigital Library
- Benoît Libert, Jean-Jacques Quisquater, and Moti Yung. Efficient intrusion-resilient signatures without random oracles. In Prof. of Information Security and Cryptology, Second SKLOIS Conference, Inscrypt 2006, pages 27--41, 2006. Google ScholarDigital Library
- Philip D. MacKenzie and Michael K. Reiter. Delegation of cryptographic servers for capture-resilient devices. Distributed Computing, 16(4):307--327, 2003. Google ScholarDigital Library
- H. Ong and C. P. Schnorr. Fast Signature Generation with a Fiat Shamir---Like Scheme. In Proc. of Advances in Cryptology - EUROCRYPT 1990, International Conference on the Theory and Applications of Cryptographic Techniques, pages 432--440, 1990. Google ScholarDigital Library
- Tal Rabin. A simplified approach to threshold and proactive rsa. In Proc. of Advances in Cryptology - CRYPTO '98, 18th Annual International Cryptology Conference, pages 89--104, 1998. Google ScholarDigital Library
- Brent Waters. Efficient Identity-Based Encryption Without Random Oracles. In Proc. of Advances in Cryptology - EUROCRYPT 2005, pages 114--127, 2005. Google ScholarDigital Library
- Zhi-Jia Tzeng Wen-Guey Tzeng. Robust Key-Evolving Public Key Encryption Schemes. In Proc. of Information and Communications Security, 4th International Conference, ICICS 2002, pages 61--72, 2002. Google ScholarDigital Library
Index Terms
- Strong mobile device protection from loss and capture
Recommendations
Mobile device protection from loss and capture
PETRA '08: Proceedings of the 1st international conference on PErvasive Technologies Related to Assistive EnvironmentsMobile devices play a critical role in assistive environments. How to authenticate and secure communications among them has become more important especially against loss and capture of the devices. In this paper, we present an approach to protect ...
BAF and FI-BAF: Efficient and Publicly Verifiable Cryptographic Schemes for Secure Logging in Resource-Constrained Systems
Audit logs are an integral part of modern computer systems due to their forensic value. Protecting audit logs on a physically unprotected machine in hostile environments is a challenging task, especially in the presence of active adversaries. It is ...
The security of a strong proxy signature scheme with proxy signer privacy protection
In 1996, Mambo et al. first introduced the concept of a proxy signature scheme, and discussed the delegation of the signing capability to a proxy signer. In 2001, Lee et al. constructed a strong non-designated proxy signature scheme. In 2002, Shum and ...
Comments