CrySIL: Bringing Crypto to the Modern User

Conference paper
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 246)

Abstract

Modern times introduced a highly heterogeneous device landscape. The landscape was populated by distributed applications. These applications are used by modern multi-device users. A modern user wants to create, process, and share potentially sensitive data among her devices. For instance, start a document at the smart phone, continue on the laptop and finish the document on a tablet. A common way to protect sensitive data against disclosure and theft is cryptography. Cryptography, however, requires for all devices in question to be able to perform appropriate operations and protect the subsequent cryptographic primitives against attacks. Unfortunately, different devices have different capabilities when it comes to cryptography. Some have hardware-backed solutions available, some cannot do any cryptography at all. In general, it is hard to provide adequate (and potentially equal) cryptographic methods on every device of the modern landscape – be it rather basic and well-known schemes or new methodologies that are long awaited to stand the challenges of the cloud. In order to tackle the above mentioned status and bring cryptography to the modern multi-device user, we present CrySIL, the Cryptographic Service Interoperability Layer. CrySIL is designed as a flexible and extensible layer between the user and the cryptographic primitive. In a nutshell, CrySIL can use local key storage solutions, offers remote key storage and crypto provider deployments, and features strong authentication methodologies to constrain access to cryptographic primitives. In this work, we explain the motivation of CrySIL, describe its architecture, highlight its deployment in a typical modern use case, and reflect on achievements and shortcomings.

Keywords

Cloud security Central cryptographic solutions Advanced cryptographic protocols Heterogeneous applications Mobile devices 
This is a preview of subscription content, log in to check access.

References

  1. 1.
    Reimair, F., Teufl, P., Zefferer, T.: WebCrySIL - web cryptographic service interoperability layer. In: Proceedings of Web Information Systems and Technologies (WebIST), pp. 35–44 (2015)Google Scholar
  2. 2.
    Egele, M., Brumley, D., Fratantonio, Y., Kruegel, C.: An empirical study of cryptographic misuse in android applications. In: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS 2013, pp. 73–84. ACM Press, New York (2013)Google Scholar
  3. 3.
    Fahl, S., Harbach, M., Muders, T., Smith, M., Baumgärtner, L., Freisleben, B.: Why eve and mallory love android. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security - CCS 2012, p. 50. ACM Press, New York (2012)Google Scholar
  4. 4.
    Trusted Computing Group: TCG TPM specification version 1.2 revision 116 (2011). http://www.trustedcomputinggroup.org/resources/tpm_main_specification. Accessed 29 January 2013
  5. 5.
    The European Parliament and the Council of the European Union: Directive 1999/93/EC of the european parliament and of the council of 13 December 1999 on a community framework for electronic signatures. Offcial J. Eur. Commun. L 013, 12–20 (2000)Google Scholar
  6. 6.
    van Hoboken, J.V.J., Arnbak, A., van Eijk, N.: Cloud computing in higher education and research institutions and the USA patriot act. SSRN Electron. J. (2012)Google Scholar
  7. 7.
    Naehrig, M., Lauter, K., Vaikuntanathan, V.: Can homomorphic encryption be practical?. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop - CCSW 2011, pp. 113–124. ACM Press (2011)Google Scholar
  8. 8.
    Bellare, M., Boldyreva, A., O’Neill, A.: Deterministic and efficiently searchable encryption. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 535–552. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  9. 9.
    Camenisch, J.L., Shoup, V.: Practical verifiable encryption and decryption of discrete logarithms. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 126–144. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. 10.
    Ateniese, G., Fu, K., Green, M., Hohenberger, S.: Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Trans. Inf. Syst. Secur. (TISSEC) 9(1), 1–30 (2006)CrossRefMATHGoogle Scholar
  11. 11.
    Hanser, C., Slamanig, D.: Blank digital signatures. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security - ASIA CCS 2013, p. 95. ACM Press, New York (2013)Google Scholar
  12. 12.
    Fujisaki, E., Okamoto, T., Pointcheval, D., Stern, J.: RSA-OAEP is secure under the RSA assumption. J. Cryptol. 17, 81–104 (2004)MathSciNetCrossRefMATHGoogle Scholar
  13. 13.
    Breu, F., Guggenbichler, S., Wollmann, J.: PKCS #1: RSA encryption version 1.5. Vasa, pp. 1–19 (2008)Google Scholar
  14. 14.
    Barker, E., Johnson, D., Smid, M.: NIST Special Publication 800–56A Revision 2 - Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography. Nist Special Publication, New York (2013)Google Scholar
  15. 15.
    Apple: iOS Security - White Paper. Technical report (2014)Google Scholar
  16. 16.
    Kaliski, B.: PKCS #5: Password-based cryptography specification version 2.0 (2000)Google Scholar
  17. 17.
    Percival, C.: Stronger key derivation via sequential memory-hard functions. Self-published, 1–16 (2009)Google Scholar
  18. 18.
    Teufl, P., Zefferer, T., Stromberger, C., Hechenblaikner, C.: iOS encryption systems - deploying iOS devices in security-critical environments. In: International Conference on Security and Cryptography, pp. 170–182 (2013)Google Scholar
  19. 19.
    Housley, R.: Cryptographic message syntax (CMS). RFC 5652, 1–57 (2009)Google Scholar
  20. 20.
    Turner, S.: Secure/multipurpose internet mail extensions. IEEE Internet Comput. 14, 82–86 (2010)CrossRefGoogle Scholar
  21. 21.
    Eastlake, D., Reagle, J., Solo, D., Hirsch, F., Roessler, T.: XML Signature Syntax and Processing, 2 edn., pp. 1–59. W3C Recommendation (2010)Google Scholar
  22. 22.
    Slamanig, D., Stranacher, K., Zwattendorfer, B.: User-centric identity as a service-architecture for eIDs with selective attribute disclosure. In: Proceedings of the 19th ACM Symposium on Access Control Models and Technologies - SACMAT 2014, pp. 153–164. ACM Press, New York (2014)Google Scholar
  23. 23.
    Leitold, H., Hollosi, A., Posch, R.: Security architecture of the Austrian citizen card concept. In: Proceedings of 18th Annual Computer Security Applications Conference (2002)Google Scholar
  24. 24.
    Orthacker, C., Centner, M.: Minimal-footprint middleware to leverage qualified electronic signatures. In: Filipe, J., Cordeiro, J. (eds.) WEBIST 2010. LNBIP, vol. 75, pp. 60–68. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  25. 25.
    Orthacker, C., Centner, M., Kittl, C.: Qualified mobile server signature. In: Rannenberg, K., Varadharajan, V., Weber, C. (eds.) SEC 2010. IFIP AICT, vol. 330, pp. 103–111. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  26. 26.
    Reimair, F., Teufl, P., Feichtner, J., Kollmann, C., Thaller, C.: MoCrySIL - carry your cryptographic keys in your pocket. In: Proceedings of the 12th International Conference on Security and Cryptography, pp. 285–292 (2015)Google Scholar
  27. 27.
    Reimair, F., Teufl, P., Prünster, B.: In Certificates We Trust - Revisited. In: Proceedings of the 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, pp. 702–709 (2015)Google Scholar
  28. 28.
    Reimair, F., Feichtner, J., Teufl, P.: Attribute-based Encryption goes X.509. In: Proceedings of the 12th International Conference on e-Business Engineering, ICEBE (2015) (in press)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.Institute of Applied Information Processing and CommunicationsGraz - University of TechnologyGrazAustria

Personalised recommendations