Efficient Key Authentication Service for Secure End-to-End Communications

Etemad, Mohammad; Küpçü, Alptekin

doi:10.1007/978-3-319-26059-4_10

Mohammad Etemad¹⁵ &
Alptekin Küpçü¹⁵

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9451))

Included in the following conference series:

International Conference on Provable Security

794 Accesses
3 Citations

Abstract

After four decades of public key cryptography, both the industry and academia seek better solutions for the public key infrastructure. A recent proposal, the certificate transparency concept, tries to enable untrusted servers act as public key servers, such that any key owner can verify that her key is kept properly at those servers. Unfortunately, due to high computation and communication requirements, existing certificate transparency proposals fail to address the problem as a whole.

We propose a new efficient key authentication service (KAS). It uses server-side gossiping as the source of trust, and assumes servers are not all colluding. KAS stores all keys of each user in a separate hash chain, and always shares the last ring of the chain among the servers, ensuring the users that all servers provide the same view about them (i.e., no equivocation takes place). Storing users’ keys separately reduces the server and client computation and communication dramatically, making our KAS a very efficient way of public key authentication. The KAS handles a key registration/change operation in O(1) time using only O(1) proof size; independent of the number of users. While the previous best proposal, CONIKS, requires the client to download 100 KB of proof per day, our proposal needs less than 1 KB of proof per key lifetime, while obtaining the same probabilistic guarantees as CONIKS.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
By our assumption that not all providers are colluding, there is at least one non-adversarial provider that the challenger will simulate.

References

Barenghi, A., Beretta, M., Federico, A.D., Pelosi, G.: Snake: An end-to-end encrypted online social network. In: HPCC, pp. 763–770. IEEE (2014)
Google Scholar
Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976)
Article MathSciNet MATH Google Scholar
Etemad, M., Küpçü, A.: Efficient for secure end-to-end communications. Cryptology ePrint Archive, Report 2015/833 (2015)
Google Scholar
Gallagher, P., Kerry, C.: Digital signature standard (dss). NIST, 2013. FIPS PUB 186–4
Google Scholar
Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM 17(2), 281–308 (1988)
Article MathSciNet MATH Google Scholar
Laurie, B., Kasper, E.: Revocation transparency. Google Research (2012). http://www.links.org/ files/RevocationTransparency.pdf. Accessed on 20 April 2015
Laurie, B., Langley, A., Kasper, E.: Rfc 6962: Certificate transparency (2013)
Google Scholar
Melara, M.S., Blankstein, A., Bonneau, J., Freedman, M.J., Felten, E.W.: Coniks: A privacy-preserving consistent key service for secure end-to-end communication (2014)
Google Scholar
Naor, M., Nissim, K.: Certificate revocation and certificate update. IEEE J. Sel. Areas Commun. 18(4), 561–570 (2000)
Article Google Scholar
Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)
Article MathSciNet MATH Google Scholar
Ryan, M.D.: Enhanced certificate transparency and end-to-end encrypted mail. The Internet Society, Proceedings of NDSS (2014)
Google Scholar
Weber, S.G.: Enabling end-to-end secure communication with anonymous and mobile receivers - an attribute-based messaging approach. Cryptology ePrint Archive, Report 2013/478 (2013)
Google Scholar
Wendlandt, D., Andersen, D.G., Perrig, A.: Perspectives: improving ssh-style host authentication with multi-path probing. In: USENIX, pp. 321–334 (2008)
Google Scholar

Download references

Acknowledgement

We would like to acknowledge the support of TÜBİTAK, the Scientific and Technological Research Council of Turkey, under project number 114E487.

Author information

Authors and Affiliations

Crypto Group, Koç University, İstanbul, Turkey
Mohammad Etemad & Alptekin Küpçü

Authors

Mohammad Etemad
View author publications
You can also search for this author in PubMed Google Scholar
Alptekin Küpçü
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohammad Etemad .

Editor information

Editors and Affiliations

The Hong Kong Polytechnic University, Hong Kong, China
Man-Ho Au
Japan Advanced Inst. of Science and Tech, Ishikawa, Japan
Atsuko Miyaji

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Etemad, M., Küpçü, A. (2015). Efficient Key Authentication Service for Secure End-to-End Communications. In: Au, MH., Miyaji, A. (eds) Provable Security. ProvSec 2015. Lecture Notes in Computer Science(), vol 9451. Springer, Cham. https://doi.org/10.1007/978-3-319-26059-4_10

Download citation

DOI: https://doi.org/10.1007/978-3-319-26059-4_10
Published: 28 November 2015
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-26058-7
Online ISBN: 978-3-319-26059-4
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics