Catálogo de publicaciones - libros

Interoperability between PKIs (Public Key Infrastructure) is a major issue in several electronic commerce scenarios. A Relying Party (RP), in particular in an international setting, should not unduly put restrictions on selection of Certificate Authorities (CA) by its counterparts. Rather, the RP should be able to accept certificates issued by any relevant CA. Such acceptance implies not only the ability to validate certificates, but also an assessment of the risk related to acceptance of a certificate for the purpose at hand. We analyse common PKI trust models with respect to risk management, and argue that an independent, trusted Validation Authority (VA) may be a better approach for this task. A VA as suggested by this paper will also remove the need for complicated certificate path processing.

Establishing trust on certificates across multiple domains requires an efficient certification path discovery algorithm. Previously, small exmaples are used to analyze the performance of certification path discovery. In this work, we propose and implement a simulation framework and a probability search tree model for systematic performance evaluation. Built from measurement data collected from current PKI systems in development and deployment over more than 10 countries, our model is (to the best of our knowledge) the largest simulated PKI architecture to-date.

The SEM approach to PKI offers several advantages, such as immediate revocation of users’ signing ability without CRLs and compatibility with the standard RSA. However, it has a weakness against denial of service attack caused by breaking down or being compromised. G. Vanrenen et al. proposed a distributed SEM approach to overcome the weakness. However, it does not provide the desirable properties such as instant availability and immunity against denial of service attack, due to inadequate usage of threshold cryptography and proactive secret sharing. In this paper, we point out its structural shortcomings and propose a modified version.

In 2005, Lu-Cao proposed an improvement on Hwang-Li’s remote user authentication scheme using a smart card that could withstand an impersonation attack, but also it required fewer computational costs. However, the current paper demonstrates that Lu-Cao’s scheme has some drawbacks. We present an improved authentication scheme in order to isolate such problems.

Recently the concept of password-enabled PKI is an emerging issue to support user mobility. Virtual soft token and virtual smartcard were proposed as the password-enabled PKI. However, the virtual soft token does not support key disabling. In the virtual smartcard, the user must interact with remote entity per signing operation. In addition, both schemes do not support forward secrecy and instant revocation. In this paper, we propose a new approach that supports user mobility. The proposed approach supports key disabling and the user does not need interaction with the remote entity for each signature. Moreover, the proposed scheme allows instant key revocation. Thereby, the distribution of CRL is not required. Furthermore, the proposed scheme supports forward secrecy. In this sense, our scheme, implemented only software, is stronger than a long-term private key with physical smart cards. By forward secrecy and instant revocation, signing documents using a time-stamp provided by a trusted authority is not required to protect from modifying signed document by the adversary who knows private key.

Phishing emails are one of today’s most common and costly forms of digital identity theft. They are now very convincing that even experts cannot tell what is and is not genuine. In a phishing attack, victims are lured by an official looking email to a fraudulent website that appears to be that of a legitimate service provider. Such attacks can be mitigated with digitally-signed emails. Unfortunately, traditional digital signatures will destroy the traditional repudiability of email and they also require the unrelialistic adoption of a Public Key Infrastructure. To overcome this problem, we introduce a new cryptographic primitive called separable identity-based deniable authentication . Firstly, we present a generic construction of such a scheme, and proceed with an efficient construction based on bilinear pairing, which is an instantiation of our generic construction. This construction is an affirmative answer to the open question proposed by Adida, Hohenberger and Rivest [AHR05+].

Identity-based public key cryptography is aimed at simplifying the management of certificates in traditional public key infrastructures by means of using the identity of a user as its public key. The user must identify itself to a trusted authority in order to obtain the secret key corresponding to its identity. The main drawback of this special form of public key cryptography is that it is key escrowed. Certificate-based and certificate-less cryptography have been recently proposed as intermediate paradigms between traditional and identity-based cryptography, seeking to simplify the management of certificates while avoiding the key escrow property of identity-based cryptography. In this work we cryptanalyse the certificate-based and certificate-less encryption schemes presented by Yum and Lee at EuroPKI 2004 and ICCSA 2004 conferences.

A cryptography for enforcing multilevel security in a system where hierarchy is represented by a partially ordered set was introduced by Akl et al. But the key generation algorithm of Akl et al. is infeasible when there is a large number of users. To overcome this shortage, in 1985, MacKinnon et al. proposed a paper containing a condition which prevents cooperative attacks and optimizes the assignment. In 2005, Kim et al. proposed key management systems for multilevel security using one-way hash function, RSA algorithm, Poset dimension and Clifford semigroup in the context of modern cryptography. In particular, the key management system using Clifford semigroup of imaginary quadratic non-maximal orders is based on the fact that the computation of a key ideal K _0 from an ideal EK _0 seems to be difficult unless E is equivalent to O . We, in this paper, show that computing preimages under the bonding homomorphism is not difficult, and that the multilevel cryptosystem based on the Clifford semigroup is insecure and improper to the key management system.

Ring signature is a group-oriented signature in which the signer can spontaneously form a group and generate a signature such that the verifier is convinced the signature was generated by one member of the group and yet does not know who actually signed. Linkable ring signature is a variant such that two signatures can be linked if and only if they were signed by the same person. Recently, the first short linkable ring signature has been proposed. The short signature length makes it practical all of a sudden to use linkable ring signature as a building block in various cryptographic applications. However, we observed a subtle and yet imperative blemish glossed over by their security model definition which, if not carefully understood and properly handled, could lead to unanticipated security threats. Inspired by the recent refinement of security definitions in conventional ring signatures, we formalize a new and better security model for linkable ring signature schemes that takes into account realistic adversarial capabilities. We show that the new model is strictly stronger than all existing ones in the literature. Under our new model, we propose a new short linkable ring signature scheme, improved upon the existing scheme.

The Border Gateway Protocol (BGP) [1] is the foundation of inter-domain Internet routing. A number of papers have described how BGP is highly vulnerable to a wide range of attacks [2, 3], and several proposals have been offered to secure BGP [4, 5, 6, 7, 8]. Most of these proposed mechanisms rely on a PKI, to provide trusted inputs for routing security mechanisms, to enable BGP routers to reject bogus routing advertisements. This paper provides a detailed proposal for a PKI, including a repository system, representing IP address allocation and Autonomous System number assignment,. This infrastructure offers a near term opportunity to improve routing security, since it does not require changes to routers, while also setting the stage for more comprehensive BGP security initiatives in the future.