Advertisement

Encrypted Message Authentication by Firewalls

  • Chandana Gamage
  • Jussipekka Leiwo
  • Yuliang Zheng
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1560)

Abstract

Firewalls typically filter network traffic at several different layers. At application layer, filtering is based on various security relevant information encapsulated into protocol messages. The major obstacle for efficient verification of authenticity of messages at application layer is the difficulty of verifying digital signatures without disclosure of content protected by encryption. This is due to a traditional paradigm of generating a digital signature of a message and then encrypting the signature together with the message to preserve confidentiality, integrity, non-repudiation and authenticity. To overcome this limitation, a scheme shall be proposed for enabling signature verification without disclosing the content of messages. To provide maximum efficiency, the scheme is based on digital signcryption.

Keywords

Encryption Digital Signatures Firewalls Confidentiality Authenticity Network Security Signcryption Public Key Cryptography 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [1]
    R. Anderson and R. Needham. Robustness principles for public key protocols. In D. Coppersmith, editor, Advances in Cryptology-CRYPTO’95, volume 963 of Lecture Notes in Computer Science, pages 236–247. Springer-Verlag, 1995.Google Scholar
  2. [2]
    F. M. Avolio and M. J. Ranum. A network perimeter with secure external access. In Proceedings of the 3rd Annual System Administration, Networking and Security Conference (SANS III), pages 1–14. Open Systems Conference Board, 1994.Google Scholar
  3. [3]
    F. Bao and R. H. Deng. A signcryption scheme with signature directly verifiable by public key. In H. Imai and Y. Zheng, editors, Public Key Cryptography-PKC’98, volume 1431 of Lecture Notes in Computer Science, pages 55–59. Springer-Verlag, 1998.CrossRefGoogle Scholar
  4. [4]
    M. Bellare and P. Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In Proceedings of the 1st ACM Conference on Computer and Communications Security, pages 62–73. ACM Press, 1993.Google Scholar
  5. [5]
    M. Bellare and P. Rogaway. The exact security of digital signatures-how to sign with RSA and Rabin. In U.M. Maurer, editor, Advances in Cryptology-EUROCRYPT’96, volume 1070 of Lecture Notes in Computer Science, pages 399–416. Springer-Verlag, 1996.Google Scholar
  6. [6]
    S. M. Bellowin and W. R. Cheswick. Firewalls and Internet Security. Addison-Wesley, 1994.Google Scholar
  7. [7]
    D. Boneh. The decision Diffie-Hellman problem. In x, editor, Proceedings of the 3rd Algorithmic Number Theory Symposium, volume 1423 of Lecture Notes in Computer Science, pages 48–63. Springer-Verlag, 1998.Google Scholar
  8. [8]
    R. Canetti, O. Goldreich, and S. Halevi. The random oracle methodology, revisited. In Proceedings of the 30th Annual ACM Symposium on Theory of Computing, pages 9–9. ACM Press, 1998. (to appear).Google Scholar
  9. [9]
    M. Chen and E. Hughes. Protocol failures related to order of encryption and signature-computation of discrete logarithms in RSA groups. In C. Boyd and E. Dawson, editors, Information Security and Privacy-ACISP’98, volume 1438 of Lecture Notes in Computer Science, pages 238–249. Springer-Verlag, 1998.CrossRefGoogle Scholar
  10. [10]
    W. Diffie and M. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, IT-22(6):644–654, November1976.Google Scholar
  11. [11]
    T. ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. In G. R. Blakley and D. Chaum, editors, Advances in Cryptology-CRYPTO’84, volume 196 of Lecture Notes in Computer Science, pages 10–18. Springer-Verlag, 1985.Google Scholar
  12. [12]
    T. ElGamal. A public-key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, IT-31(4):469–472, July 1985.Google Scholar
  13. [13]
    U. Feige, A. Fiat, and A. Shamir. Zero-knowledge proofs of identity. Journal of Cryptology, 1:77–94, 1988.zbMATHCrossRefMathSciNetGoogle Scholar
  14. [14]
    A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identification and signature problems. In A. M. Odlyzko, editor, Advances in Cryptology-CRYPTO’86, volume 263 of Lecture Notes in Computer Science, pages 186–194. Springer-Verlag, 1987.Google Scholar
  15. [15]
    S. Goldwasser, S. Micali, and R. L. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal of Computing, 17(2):281–308, April 1988.Google Scholar
  16. [16]
    A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of Applied Cryptography. CRC Press, 1996.Google Scholar
  17. [17]
    National Institute of Standards and Technology, U.S. Department of Commerce. Digital Signature Standard. Federal Information Processing Standards Publication (FIPS PUB) 186, 1994.Google Scholar
  18. [18]
    K. Nyberg and R. A. Rueppel. A new signature scheme based on the DSA giving message recovery. In Proceedings of the 1st ACM Conference on Computer and Communications Security, pages 58–61. ACM Press, 1993.Google Scholar
  19. [19]
    K. Nyberg and R. A. Rueppel. Message recovery for signature schemes based on the discrete logarithm problem. Designs, Codes and Cryptography, 7:61–81, 1996.zbMATHGoogle Scholar
  20. [20]
    K. Ohta and T. Okamoto. On concrete security treatment of signatures derived from identification. In H. Krawczyk, editor, Advances in Cryptology-CRYPTO’98, volume 1462 of Lecture Notes in Computer Science, pages 354–369. Springer-Verlag, 1998.CrossRefGoogle Scholar
  21. [21]
    R. Oppliger. Internet security: Firewalls and beyond. Communications of the ACM, 40(5):92–102, May 1997.Google Scholar
  22. [22]
    D. Pointcheval and J. Stern. Provably secure blind signature schemes. InU. M. Maurer, editor, Advances in Cryptology-ASIACRYPT’96, volume 1070 of Lecture Notes in Computer Science, pages 387–398. Springer-Verlag, 1996.Google Scholar
  23. [23]
    D. Pointcheval and J. Stern. Security proofs for signature schemes. In U. M. Maurer, editor, Advances in Cryptology-EUROCRYPT’96, volume 1070 of Lecture Notes in Computer Science, pages 387–398. Springer-Verlag, 1996.Google Scholar
  24. [24]
    D. Pointcheval and J. Stern. Security arguments for digital signatures and blind signatures. Journal of Cryptology, 9:9–9, 1999.Google Scholar
  25. [25]
    M. O. Rabin. Digitalized signatures and public key functions as intractable as factorization. Technical Report MIT/LCS/TR-212, MIT Laboratory for Computer Science, January 1979.Google Scholar
  26. [26]
    R. L. Rivest, A. Shamir, and L. M. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120–126, February 1978.Google Scholar
  27. [27]
    C.-P. Schnorr. Efficient identification and signatures for smart cards. In G. Brassard, editor, Advances in Cryptology-CRYPTO’89, volume 435 of Lecture Notes in Computer Science, pages 239–252. Springer-Verlag, 1990.Google Scholar
  28. [28]
    C.-P. Schnorr. Efficient signature generation by smart cards. Journal of Cryptology, 4(3):161–174, 1991.zbMATHCrossRefMathSciNetGoogle Scholar
  29. [29]
    H. Zheng and G. R. Blakley. Authenticryption: Secrecy with authentication. Manuscript, 1998.Google Scholar
  30. [30]
    Y. Zheng. Digital signcryption or how to achieve cost(signature & encryption)/9g cost(signature) + cost(encryption). In B. S. Kaliski, editor, Advances in Cryptology-CRYPTO’97, volume 1294 of Lecture Notes in Computer Science, pages 165–179. Springer-Verlag, 1997.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • Chandana Gamage
    • 1
  • Jussipekka Leiwo
    • 1
  • Yuliang Zheng
    • 1
  1. 1.Peninsula School of Computing and Information TechnologyMonash UniversityFrankstonAustralia

Personalised recommendations