Abstract
The concept of an Ephemerizer system has been introduced in earlier works as a mechanism to ensure that a file deleted from the persistent storage remains unrecoverable. The principle involved storing the data in an encrypted form in the user’s machine and the key to decrypt the data in a physically separate machine. However the schemes proposed so far do not provide support for fine-grained user settings on the lifetime of the data nor support any mechanism to check the integrity of the system that is using the secret data. In addition we report the presence of a vulnerability in one version of the proposed scheme that can be exploited by an attacker to nullify the ephemeral nature of the keys. We propose and discuss in detail an alternate Identity Based cryptosystem powered scheme that overcomes the identified limitations of the original system.
Please use the following format when citing this chapter: Nair, S., Dashti, M., Crispo, B., and Tanenbaum, A., 2007, in !F1P International Federation for Information Processing, Volume 232, New Approaches for Security, Privacy and Trust in Complex Environments, eds. Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R., (Boston: Springer), pp. 241–252.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
United States Department of Defense (2006) National Industrial Security Program Operating Manual. DoD 5220.22-M
Perlman R(2005) The Ephemerizer: Making Data Disappear. Journal of Information System Security, Vol. 1(1), pp. 51–68
Perlman R (2005) File System Design with Assured Delete. Third IEEE International Security in Storage Workshop, pp. 83–88, USA
Bellare M, Canetti R, Krawczyk H (1996) Keying Hash Functions for Message Authentication. Advances in Cryptology — Crypto 96, LNCS 1109, Springer-Verlag, pp. 1–15
Crescenzo GD, Ferguson N, Impagliazzo R, Jakobsson M (1999) How to Forget a Secret. International Symposium on Theoretical Aspects of Computer Science, LNCS 1563, Springer-Verlag, pp. 500–509
Shamir A (1984) Identity-based Cryptosystems and Signature Schemes. Advances in Cryptology — Crypto 84, LNCS 196, Springer-Verlag, pp. 47–53
Boneh D, Franklin F (2001) Identity-based Encryption from Weil Pairing. Advances in Cryptology — Crypto 2001, LNCS 2139, Springer-Verlag, pp. 213–229
Lang S (1973) Elliptic Functions. Addision-Wesley
Frey G, Muller M, Ruck H (1999) The Tate Pairing and the Discrete Logarithm Applied to Elliptic Curve Cryptosystems. IEEE Transactions on Information Theory, 45(5)L1717–1719
Chen L, Harrison K, Smart NP, Soldera D (2002) Applications of Multiple Trust Authorities in Pairing Based Cryptosystems. InfraSec 2002, LNCS 2437, Springer-Verlag, pp. 260–275
Gentry C (2003) Certificate-based Encryption and the Certificate Revocation Problem. Advances in Cryptology — Eurocrypt 2003, LNCS 25656, Springer-Verlag, pp. 272–293
Al-Riyani S, Paterson K (2003) Certificateless Public Key Cryptography. Advances in Cryptology — Asiacrypt 2003, LNCS 2894, Springer-Verlag, pp. 452–473
Dyer J, Lindemann M, Perez R, Sailer R, van Doom L, Smith SW, Weingart S (2001) Building the IBM 4758 Secure Coprocessor. IEEE Computer Vol. 34, no. 10, pp. 57–66
Haldar V, Chandra D, Franz M (2004) Semantic Remote Attestation: A Virtual Machine Directed Approach to Trusted Computing. USENIX Virtual Machine Research and Technology Symposium, pp. 29–41
Abdalla M, Catalano D, Dent AW, Malone-Lee J, Neven G, Smart NP (2006) Identity-Based Encryption Gone Wild. Automata, Languages and Programming: 33rd International Colloquium, LNCS 4052, Springer-Verlag, pp. 300–311
Trusted Computing Group (2006) http://www.trustedcomputinggroup.org
Trusted Computing Group (2006) Trusted Platform Module Main Specification, Part 1: Design Principles, Part 2: TPM Structures, Part 3: Commands, Version 1.2, Revision 94. http://www.trustedcomputinggroup.org
Sailer R, Zhang X, Jaeger T, vanDoom L (2004), Design and Implementation of a TCG-Based Integrity Measurement Architecture. 13th Usenix Security Symposium, USENIX, pp. 223–238
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 International Federation for Information Processing
About this paper
Cite this paper
Nair, S.K., Dashti, M.T., Crispo, B., Tanenbaum, A.S. (2007). A Hybrid PKI-IBC Based Ephemerizer System. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R. (eds) New Approaches for Security, Privacy and Trust in Complex Environments. SEC 2007. IFIP International Federation for Information Processing, vol 232. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-72367-9_21
Download citation
DOI: https://doi.org/10.1007/978-0-387-72367-9_21
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-72366-2
Online ISBN: 978-0-387-72367-9
eBook Packages: Computer ScienceComputer Science (R0)