A General Framework for Redactable Signatures and New Constructions

A redactable signature scheme (RSS) allows removing parts of a signed message by any party without invalidating the respective signature. State-of-the-art constructions thereby focus on messages represented by one specific data structure, e.g., lists, sets or trees, and adjust the security model accordingly. To overcome the necessity for this myriad of models, we present a general framework covering arbitrary data-structures and even more sophisticated possibilities. For example, we cover fixed elements which must not be redactable and dependencies between elements. Moreover, we introduce the notion of designated redactors, i.e., the signer can give some extra information to selected entities which become redactors. In practice, this often allows to obtain more efficient schemes. We then present two RSSs; one for sets and one for lists, both constructed from any EUF-CMA secure signature scheme and indistinguishable cryptographic accumulators in a black-box way and show how the concept of designated redactors can be used to increase the efficiency of these schemes. Finally, we present a black-box construction of a designated redactor RSS by combining an RSS for sets with non-interactive zero knowledge proof systems. All the three constructions presented in this paper provide transparency, which is an important property, but quite hard to achieve, as we also conceal the length of the original message and the positions of the redactions

Fully Invisible Protean Signatures Schemes

Protean Signatures (PS), recently introduced by Krenn et al. (CANS \u2718), allow a semi-trusted third party, named the sanitizer, to modify a signed message in a controlled way. The sanitizer can edit signer-chosen parts to arbitrary bitstrings, while the sanitizer can also redact admissible parts, which are also chosen by the signer. Thus, PSs generalize both redactable signature (RSS) and sanitizable signature (SSS) into a single notion. However, the current definition of invisibility does not prohibit that an outsider can decide which parts of a message are redactable - only which parts can be edited are hidden. This negatively impacts on the privacy guarantees provided by the state-of-the-art definition. We extend PSs to be fully invisible. This strengthened notion guarantees that an outsider can neither decide which parts of a message can be edited nor which parts can be redacted. To achieve our goal, we introduce the new notions of Invisible RSSs and Invisible Non-Accountable SSSs (SSS\u27), along with a consolidated framework for aggregate signatures. Using those building blocks, our resulting construction is significantly more efficient than the original scheme by Krenn et al., which we demonstrate in a prototypical implementation

Protean Signature Schemes

We introduce the notion of Protean Signature schemes. This novel type of signature scheme allows to remove and edit signer-chosen parts of signed messages by a semi-trusted third party simultaneously. In existing work, one is either allowed to remove or edit parts of signed messages, but not both at the same time. Which and how parts of the signed messages can be modified is chosen by the signer. Thus, our new primitive generalizes both redactable (Steinfeld et al., ICISC \u2701, Johnson et al., CT-RSA \u2702 & Brzuska et al., ACNS\u2710) and sanitizable signatures schemes (Ateniese et al., ESORICS \u2705 & Brzuska et al., PKC\u2709). We showcase a scenario where either primitive alone is not sufficient. Our provably secure construction (offering both strong notions of transparency and invisibility) makes only black-box access to sanitizable and redactable signature schemes, which can be considered standard tools nowadays. Finally, we have implemented our scheme; Our evaluation shows that the performance is reasonable

On Structural Signatures for Tree Data Structures

Abstract. In this paper, we present new attacks on the redactable signature scheme introduced by Kundu and Bertino at VLDB '08. This extends the work done by Brzuska et al. at ACNS '10 and Samelin et al. at ISPEC '12. The attacks address unforgeability, transparency and privacy. Based on the ideas of Kundu and Bertino, we introduce a new provably secure construction. The corresponding security model is more flexible than the one introduced by Brzuska et al. Moreover, we have implemented schemes introduced by Brzuska et al. and Kundu and Bertino. The evaluation shows that schemes with a quadratic complexity become unuseable very fast

Chameleon-Hashes with Ephemeral Trapdoors And Applications to Invisible Sanitizable Signatures

A chameleon-hash function is a hash function that involves a trapdoor the knowledge of which allows one to find arbitrary collisions in the domain of the function. In this paper, we introduce the notion of chameleon-hash functions with ephemeral trapdoors. Such hash functions feature additional, i.e., ephemeral, trapdoors which are chosen by the party computing a hash value. The holder of the main trapdoor is then unable to find a second pre-image of a hash value unless also provided with the ephemeral trapdoor used to compute the hash value. We present a formal security model for this new primitive as well as provably secure instantiations. The first instantiation is a generic black-box construction from any secure chameleon-hash function. We further provide three direct constructions based on standard assumptions. Our new primitive has some appealing use-cases, including a solution to the long-standing open problem of invisible sanitizable signatures, which we also present

Practical Strongly Invisible and Strongly Accountable Sanitizable Signatures

Sanitizable signatures are a variant of digital signatures where a designated party (the sanitizer) can update admissible parts of a signed message. At PKC’17, Camenisch et al. introduced the notion of invisible sanitizable signatures that hides from an outsider which parts of a message are admissible. Their security definition of invisibility, however, does not consider dishonest signers. Along the same lines, their signer-accountability definition does not prevent the signer from falsely accusing the sanitizer of having issued a signature on a sanitized message by exploiting the malleability of the signature itself. Both issues may limit the usefulness of their scheme in certain applications. We revise their definitional framework, and present a new construction eliminating these shortcomings. In contrast to Camenisch et al.’s construction, ours requires only standard building blocks instead of chameleon hashes with ephemeral trapdoors. This makes this, now even stronger, primitive more attractive for practical use. We underpin the practical efficiency of our scheme by concrete benchmarks of a prototype implementation

Authenticity and Revocation of Web Content using Signed Microformats and PKI

Semantically annotating web content will ease its extraction and processing by third parties. But with this processing destroys the context of the original publication. We show that because of the loss of this context information the quality of the web content is diminished. In this work we propose a Microformat to store digitally signatures. Signed micro content preserves the content’s context and allows viewers to verify the origin and integrity of the content even after processing by third parties. We further use existing methods from Public Key Infrastructures (PKI) to allow authors to revoke their consent to the publication of content. Using signed micro content this content revocation is detectable by viewers also after processing by third parties. While offering new control capabilities for authors, we still allow content to be free, unlike in some Digital Rights Management (DRM) approaches. We also shortly explain why our approach is beneficial for all the involved parties. Zusammenfassung: Semantisch annotierte Inhalte im Web erlauben eine einfachere, automatische Extraktion und Weiterverabeitung der Inhalte durch Dritte. Aber diese Extraktion von sog. Micro Content zerstört den Zusammenhang (Kontext), in dem die Inhalte ursprünglich standen. Wir zeigen, welch wichtige Informationen hierdurch verloren gehen und wie sich dadurch die Qualität des extrahierten Inhaltes verringert. Zur Lösung schlagen wir daher sog. Signed Micro Content vor und beschreiben ein sog. Microformat, welches Digitale Signaturen speichert und semantisch auszeichnet. So signierter semantischer Web-Inhalt erhält die Kontext Information und erlaubt es den Betrachtern, Ursprung und Integrität der Inhalte, auch nach der Verarbeitung durch Dritte, zu überprfen. Ausserdem zeigen wir, wie existierende Methoden aus dem Umfeld von Public-Key

Smartcard Firewalls Revisited

Abstract. Smartcards are being used as secure endpoints in computer transactions. Recently, the connectivity of smartcards has increased and future smartcards will be able to communicate over the TCP/IP protocol. In this work, we explore options for using a smartcard as an active node in a communication network rather than as an endpoint. We envision in particular a proxy firewall running on a smartcard and combining the best of both worlds: the smartcard as a secure environment, and the proxy firewall for securing the network. Facilitating the various security options smartcards offer, we show how to design a secure network firewall on a smartcard. We illustrate the usefulness of such a device in several scenarios

Risk Analysis of Mobile Devices with Special Concern of Malware Contamination This page is intentionally left blank

Ich bin mit einer Einstellung in den Bestand der Bibliothek des Fachbereichs einverstanden