205 research outputs found
Digital certificates and threshold cryptography
This dissertation discusses the use of secret sharing cryptographic protocols for distributing and sharing of secret documents, in our case PDF documents.
We discuss the advantages and uses of such a system in the context of collaborative environments.
Description of the cryptographic protocol involved and the necessary Public Key Infrastructure (PKI) shall be presented. We also provide an implementation of this framework as a âproof of conceptâ and fundament the use of a certificate extension as the basis for threshold cryptography.
Details of the shared secret distribution protocol and shared secret recovery protocol shall be given as well as the associated technical implementation details.
The actual secret sharing algorithm implemented at this stage is based on an existing well known secret sharing scheme that uses polynomial interpolation over a finite field.
Finally we conclude with a practical assessment of our prototype
To Share or Not to Share in Client-Side Encrypted Clouds
With the advent of cloud computing, a number of cloud providers have arisen
to provide Storage-as-a-Service (SaaS) offerings to both regular consumers and
business organizations. SaaS (different than Software-as-a-Service in this
context) refers to an architectural model in which a cloud provider provides
digital storage on their own infrastructure. Three models exist amongst SaaS
providers for protecting the confidentiality data stored in the cloud: 1) no
encryption (data is stored in plain text), 2) server-side encryption (data is
encrypted once uploaded), and 3) client-side encryption (data is encrypted
prior to upload). This paper seeks to identify weaknesses in the third model,
as it claims to offer 100% user data confidentiality throughout all data
transactions (e.g., upload, download, sharing) through a combination of Network
Traffic Analysis, Source Code Decompilation, and Source Code Disassembly. The
weaknesses we uncovered primarily center around the fact that the cloud
providers we evaluated were each operating in a Certificate Authority capacity
to facilitate data sharing. In this capacity, they assume the role of both
certificate issuer and certificate authorizer as denoted in a Public-Key
Infrastructure (PKI) scheme - which gives them the ability to view user data
contradicting their claims of 100% data confidentiality. We have collated our
analysis and findings in this paper and explore some potential solutions to
address these weaknesses in these sharing methods. The solutions proposed are a
combination of best practices associated with the use of PKI and other
cryptographic primitives generally accepted for protecting the confidentiality
of shared information
- âŠ