7,411 research outputs found
Revocation Systems with Very Small Private Keys
In this work, we design a method for creating public key broadcast
encryption systems. Our main technical innovation is based
on a new ``two equation\u27\u27 technique for revoking users. This technique
results in two key contributions:
First, our new scheme has ciphertext size overhead ,
where is the number of revoked users, and the size of public and
private keys is only a \emph{constant} number of group elements from
an elliptic-curve group of prime order. In addition, the public key allows
us to encrypt to an unbounded number of users. Our system is the first to
achieve such parameters. We give two versions of our scheme: a simpler version which we prove to be selectively secure in the standard model under a new, but non-interactive assumption, and another version that employs the new dual system encryption technique of Waters to obtain adaptive security under the d-BDH and decisional Linear assumptions.
Second, we show that our techniques can be used to realize
Attribute-Based Encryption (ABE) systems with non-monotonic access
formulas, where our key storage is significantly more efficient than
previous solutions.
This result is also proven selectively secure in the standard model under our new non-interactive assumption.
We believe that our new technique will be of use elsewhere as well
PKI Scalability Issues
This report surveys different PKI technologies such as PKIX and SPKI and the
issues of PKI that affect scalability. Much focus is spent on certificate
revocation methodologies and status verification systems such as CRLs,
Delta-CRLs, CRS, Certificate Revocation Trees, Windowed Certificate Revocation,
OCSP, SCVP and DVCS.Comment: 23 pages, 2 figure
Remarks on the Cryptographic Primitive of Attribute-based Encryption
Attribute-based encryption (ABE) which allows users to encrypt and decrypt
messages based on user attributes is a type of one-to-many encryption. Unlike
the conventional one-to-one encryption which has no intention to exclude any
partners of the intended receiver from obtaining the plaintext, an ABE system
tries to exclude some unintended recipients from obtaining the plaintext
whether they are partners of some intended recipients. We remark that this
requirement for ABE is very hard to meet. An ABE system cannot truly exclude
some unintended recipients from decryption because some users can exchange
their decryption keys in order to maximize their own interests. The flaw
discounts the importance of the cryptographic primitive.Comment: 9 pages, 4 figure
LPKI - A Lightweight Public Key Infrastructure for the Mobile Environments
The non-repudiation as an essential requirement of many applications can be
provided by the asymmetric key model. With the evolution of new applications
such as mobile commerce, it is essential to provide secure and efficient
solutions for the mobile environments. The traditional public key cryptography
involves huge computational costs and is not so suitable for the
resource-constrained platforms. The elliptic curve-based approaches as the
newer solutions require certain considerations that are not taken into account
in the traditional public key infrastructures. The main contribution of this
paper is to introduce a Lightweight Public Key Infrastructure (LPKI) for the
constrained platforms such as mobile phones. It takes advantages of elliptic
curve cryptography and signcryption to decrease the computational costs and
communication overheads, and adapting to the constraints. All the computational
costs of required validations can be eliminated from end-entities by
introduction of a validation authority to the introduced infrastructure and
delegating validations to such a component. LPKI is so suitable for mobile
environments and for applications such as mobile commerce where the security is
the great concern.Comment: 6 Pages, 6 Figure
Anonymous and Adaptively Secure Revocable IBE with Constant Size Public Parameters
In Identity-Based Encryption (IBE) systems, key revocation is non-trivial.
This is because a user's identity is itself a public key. Moreover, the private
key corresponding to the identity needs to be obtained from a trusted key
authority through an authenticated and secrecy protected channel. So far, there
exist only a very small number of revocable IBE (RIBE) schemes that support
non-interactive key revocation, in the sense that the user is not required to
interact with the key authority or some kind of trusted hardware to renew her
private key without changing her public key (or identity). These schemes are
either proven to be only selectively secure or have public parameters which
grow linearly in a given security parameter. In this paper, we present two
constructions of non-interactive RIBE that satisfy all the following three
attractive properties: (i) proven to be adaptively secure under the Symmetric
External Diffie-Hellman (SXDH) and the Decisional Linear (DLIN) assumptions;
(ii) have constant-size public parameters; and (iii) preserve the anonymity of
ciphertexts---a property that has not yet been achieved in all the current
schemes
PKI Safety Net (PKISN): Addressing the Too-Big-to-Be-Revoked Problem of the TLS Ecosystem
In a public-key infrastructure (PKI), clients must have an efficient and
secure way to determine whether a certificate was revoked (by an entity
considered as legitimate to do so), while preserving user privacy. A few
certification authorities (CAs) are currently responsible for the issuance of
the large majority of TLS certificates. These certificates are considered valid
only if the certificate of the issuing CA is also valid. The certificates of
these important CAs are effectively too big to be revoked, as revoking them
would result in massive collateral damage. To solve this problem, we redesign
the current revocation system with a novel approach that we call PKI Safety Net
(PKISN), which uses publicly accessible logs to store certificates (in the
spirit of Certificate Transparency) and revocations. The proposed system
extends existing mechanisms, which enables simple deployment. Moreover, we
present a complete implementation and evaluation of our scheme.Comment: IEEE EuroS&P 201
- …