Catálogo de publicaciones - libros

The central goal of is to enable trust judgments between distributed users. Although play a central role in making such judgments, a PKI’s users need more than just knowledge of certificates. Minimally, a relying party must able to locate critical parameters such the certificate repositories and certificate validation servers relevant to the trust path under consideration. Users in other scenarios may require other resources and services.

Surprisingly, locating these resources and services remains a largely unsolved problem in real-world X.509 PKI deployment. In this paper, we present the design and prototype of a new and flexible solution for automatic discovery of the services and data repositories are available from a (CSP). This contribution will take real-world PKI one step closer to achieving its goal.

This paper presents the details of a Single Sign On proposal which takes advantage of previously deployed authentication mechanisms. The main goal is to establish a link between authentication methods at different levels in order to provide a seamless global SSO. Specifically, the users will be authenticated once, during the network access control phase. Next, having authenticated to get on to the network using 802.1X, that authentication will automatically fetch the necessary signed tokens so that there would be no need to repeat the login at the application layer. Therefore, the application level authentication would be bootstrapped from the network access. As we will see, this involves the generation of SAML signed tokens that will be obtained by the users using a PEAP channel able to deliver the appropriate authentication credentials. Then, users will contact a federation-level validation service and there will no need to re-authenticate the user, only a query of the related user attributes will be necessary in some cases.

Privacy-preserving digital credentials are cryptographic tools that allow a user to prove a predicate about his/her identity or qualifications, without the verifying party learning additional information beyond the status of that predicate. The Identity Mixer (Idemix) [CL01] is a framework providing such credentials. In Idemix, we can distinguish two types of credentials: (1) one-time show credentials which can be shown only once before unveiling the identity of their holder, and (2) multi-show credentials which can be shown infinitely many times without the showings being linked to each other, or to the identity of their holder. In this paper, we bridge the gap between the two previous types of credentials, and extend Idemix to -show credentials (for  > 1.) The -show credentials we propose can be shown anonymously, but linkably, up to  times.

Anonymous secret sharing schemes allow a secret to be recovered from shares regardless of the identity of shareholders. Besides being interesting in its own right, this property is especially appealing to guarantee the anonymity of participants when secret sharing is used as a building block of more general distributed protocols ( to anonymously share the secret key corresponding to a public key). However, current constructions of anonymous secret sharing schemes are not very efficient (because of the number of shares that every participant must hold) and existing bounds do not leave much room for optimism. In this paper we propose to weaken the anonymity condition to partial anonymity, where by partial anonymity we mean that the identity of the participant is not made public, but he is known to belong to some subset. That is, the search for a participant narrows down to one in a set of possible candidates. Furthermore, we propose a general construction of partial anonymous secret sharing schemes.

Versatility in cryptography is interesting. Instead of building a secure scheme from another secure one, this paper presents an oxymoron making use of the insecurity of a scheme to give useful feature in another context. We show the insecurity of the batch verification algorithms in Cui ’s work about an identity-based (ID-based) signature scheme. Following Chow ’s idea in EuroPKI 2005, we turn such attack into a secure ID-based ring signature scheme. We also show how to add linkability. We present two applications of our scheme, which are a short ID-based strong designated verifier signature scheme and an ID-based ad-hoc anonymous identification scheme, with an extension secure against a concurrent man-in-the-middle attack.

The private keys used in a PKI are its most important asset. Protect these keys from unauthorised use or disclosure is essential to secure a PKI. Relying parties need assurances that the private key used to sign their certificates is controlled and managed following pre-defined statement policy. Hardware Security Modules (HSM) offer physical and logical protection and should be considered for any PKI deployment. The software that manages keys inside an HSM should control all life cycle of a private key. Normally this kind of equipment implements a embedded key management protocol and this protocols are not available to public scrutiny due to industrial interests. Other important issue is that HSMs are targeted in their development to the Bank industry and not to PKI, making some important PKI issues, like, strict key usage control and a secure auditing trail, play a secondary role. This paper presents an open protocol to securely manage private keys inside HSMs. The protocol is described, analysed and discussed.

We present a use case of the introduction of a large scale Public Key Infrastructure (PKI) environment in an incumbent telecommunications company in The Netherlands. The main characteristics of the case are the integration of an existing physical access facility with a PKI environment for logical security of the company ICT infrastructure. In fact, both are accessed using a single (smart) company card. The purpose was to implement a high level of security, within the practical constraints at hand, and to reach a level of for company employees. This integration poses numerous challenges. In this article we describe how PKI is actually introduced to support authentication, signing and encryption services for its employees.

18.000 personalised smart cards with PKI were issued, controlling access to over 1500 buildings, fitted with in total more than 6000 smart card readers. The smart cards also controlled access to 14.000 personal workstations both desktops and laptops (each fitted with a contact smart card reader), with access to over a 1000 different applications.

The SSL and TLS security protocols have been designed and implemented to provide end-to-end data security. This includes data integrity that is the data cannot be modified, replayed or reordered by an attacker without being detected at the receiving endpoint. SSL and TLS however does not provide data delivery integrity, in the sense they do not guarantee that all the sent data will actually arrive at the other side. This is because, for example, SSL/TLS cannot know in advance which is the exact size of the data to be sent over the secured channel. The mosts recent versions (SSLv3 and TLSv1) provide some form of protection against loss of data records by means of sequence numbers and specialized close_notify alert messages to be sent when tearing down the SSL connection. Unfortunately, this is not enough when the last record containing application data together with the closure alert are deleted on purpose, as it happens in the . SSLv3/TLSv1 specifications do not indicate what should happen (at the application level) if the close_notify message never arrives at the receiver. Consequently, for applications where it is important to ascertain that the data reached untruncated the other party, it is required to have an additional control at the application level.

In this paper we show (based on practical tests) that some widely-used applications implementing SSLv3 and TLSv1 do not perform further controls on the size of the data to be received, and thus they are vulnerable to truncation attacks. For tests we implemented a specialized MITMSSL tool, used to manipulate the SSL/TLS records exchanged between two communicating parties.

There are several problems associated with the current ways that certificates are published and revoked. This paper discusses these problems, and then proposes a solution based on the use of WebDAV, an enhancement to the HTTP protocol. The proposed solution provides instant certificate revocation, minimizes the processing costs of the certificate issuer and relying party, and eases the administrative burden of publishing certificates and certificate revocation lists (CRLs).

PKI can improve security of mobile payments but its complexity has made difficult its use in such environment. Certificate path validation is complex in PKI. This demands some storage and processing capacities to the verifier that can exceed the capabilities of mobile devices. In this paper, we propose TRUTHC to reduce computational cost of mobile payment authentication. TRUTHC replaces verification operations with hash operations. Results show a better reduction of the cost with ECDSA than with RSA.