Towards Authenticity and Privacy Preserving Accountable Workflows

  • David Derler
  • Christian Hanser
  • Henrich C. Pöhls
  • Daniel Slamanig
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 476)


Efficient and well structured business processes (and their corresponding workflows) are drivers for the success of modern enterprises. Today, we experience the growing trends to have IT supported workflows and to outsource enterprise IT to the cloud. Especially when executing (interorganizational) business processes on third party infrastructure such as the cloud, the correct execution and documentation become very important issues. To efficiently manage those processes, to immediately detect deviations from the intended workflows and to hold tenants (such as the cloud) accountable in such (decentralized) processes, a mechanism for efficient and accountable monitoring and documentation is highly desirable. Ideally, these features are provided by means of cryptography in contrast to organizational measures.

It turns out that variants of malleable signature schemes, i.e., signature schemes where allowed modifications of signed documents do not invalidate the signature, as well as proxy (functional) signature schemes, i.e., signature schemes which allow the delegation of signing rights to other parties, seem to be a useful tool in this context. In this paper, we review the state of the art in this field, abstractly model such workflow scenarios, investigate desirable properties, analyze existing instantiations of aforementioned signature schemes with respect to these properties, and identify interesting directions for future research.


  1. 1.
    Ahn, J.H., Boneh, D., Camenisch, J., Hohenberger, S., Shelat, A., Waters, B.: Computing on authenticated data. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 1–20. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  2. 2.
    Al-Riyami, S.S., Malone-Lee, J., Smart, N.P.: Escrow-free encryption supporting cryptographic workflow. Int. J. Inf. Sec. 5(4), 217–229 (2006)CrossRefzbMATHGoogle Scholar
  3. 3.
    Ateniese, G., Chou, D.H., de Medeiros, B., Tsudik, G.: Sanitizable signatures. In: di Vimercati, S.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 159–177. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Bagga, W., Molva, R.: Policy-based cryptography and applications. In: FC Patrick, A.S., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 72–87. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Fuchsbauer, G.: Policy-based signatures. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 520–537. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  6. 6.
    Bier, C.: How usage control and provenance tracking get together - a data protection perspective. In: IEEE Security and Privacy Workshops (SPW). IEEE (2013)Google Scholar
  7. 7.
    Boldyreva, A., Palacio, A., Warinschi, B.: Secure proxy signature schemes for delegation of signing rights. J. Cryptol. 25(1), 57–115 (2012)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Boyle, E., Goldwasser, S., Ivan, I.: Functional signatures and pseudorandom functions. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 501–519. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  9. 9.
    Brzuska, C., Fischlin, M., Freudenreich, T., Lehmann, A., Page, M., Schelbert, J., Schröder, D., Volk, F.: Security of sanitizable signatures revisited. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 317–336. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  10. 10.
    Brzuska, C., Fischlin, M., Lehmann, A., Schröder, D.: Sanitizable signatures: how to partially delegate control for authenticated data. In: BIOSIG. LNI, vol. 155 (2009)Google Scholar
  11. 11.
    Brzuska, C., Fischlin, M., Lehmann, A., Schröder, D.: Unlinkability of sanitizable signatures. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 444–461. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  12. 12.
    Brzuska, C., Pöhls, H.C., Samelin, K.: Efficient and perfectly unlinkable sanitizable signatures without group signatures. In: Katsikas, S., Agudo, I. (eds.) EuroMPI 2013. LNCS, vol. 8341, pp. 12–30. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  13. 13.
    Brzuska, C., Pöhls, H.C., Samelin, K.: Non-interactive public accountability for sanitizable signatures. In: De Capitani di Vimercati, S., Mitchell, C. (eds.) EuroPKI 2012. LNCS, vol. 7868, pp. 178–193. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  14. 14.
    Camenisch, J., Dubovitskaya, M., Haralambiev, K., Kohlweiss, M.: Composable and modular anonymous credentials: definitions and practical constructions. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 262–288. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  15. 15.
    Canard, S., Jambert, A.: On extended sanitizable signature schemes. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 179–194. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  16. 16.
    Canard, S., Jambert, A., Lescuyer, R.: Sanitizable signatures with several signers and sanitizers. In: Mitrokotsa, A., Vaudenay, S. (eds.) AFRICACRYPT 2012. LNCS, vol. 7374, pp. 35–52. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  17. 17.
    Derler, D., Hanser, C., Slamanig, D.: Privacy-enhancing proxy signatures from non-interactive anonymous credentials. In: Atluri, V., Pernul, G. (eds.) DBSec 2014. LNCS, vol. 8566, pp. 49–65. Springer, Heidelberg (2014)Google Scholar
  18. 18.
    Derler, D., Hanser, C., Slamanig, D.: Revisiting cryptographic accumulators, additional properties and relations to other primitives. In: Nyberg, K. (ed.) CT-RSA 2015. LNCS, vol. 9048, pp. 127–144. Springer, Heidelberg (2015)Google Scholar
  19. 19.
    Derler, D., Pöhls, H.C., Samelin, K., Slamanig, D.: A general framework for redactable signatures and new constructions. In: Kwon, S., Yun, A. (eds.) ICISC 2015. LNCS, vol. 9558, pp. 3–19. Springer, Heidelberg (2016). doi: 10.1007/978-3-319-30840-1_1 CrossRefGoogle Scholar
  20. 20.
    Derler, D., Slamanig, D.: Rethinking privacy for extended sanitizable signatures and a black-box construction of strongly private schemes. In: Au, M.-H., et al. (eds.) ProvSec 2015. LNCS, vol. 9451, pp. 455–474. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-26059-4_25 CrossRefGoogle Scholar
  21. 21.
    Ferrara, A.L., Fuchsbauer, G., Liu, B., Warinschi, B.: Policy privacy in cryptographic access control. In: CSF. IEEE (2015)Google Scholar
  22. 22.
    Ferrara, A.L., Fuchsbauer, G., Warinschi, B.: Cryptographically enforced RBAC. In: CSF. IEEE (2013)Google Scholar
  23. 23.
    Freire, J., Koop, D., Santos, E., Silva, C.T.: Provenance for computational tasks: a survey. Comput. Sci. Eng. 10(3), 11–21 (2008)CrossRefGoogle Scholar
  24. 24.
    Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988)MathSciNetCrossRefzbMATHGoogle Scholar
  25. 25.
    Gong, J., Qian, H., Zhou, Y.: Fully-secure and practical sanitizable signatures. In: Lai, X., Yung, M., Lin, D. (eds.) Inscrypt 2010. LNCS, vol. 6584, pp. 300–317. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  26. 26.
    Hanser, C., Slamanig, D.: Blank digital signatures. In: ASIACCS. ACM (2013)Google Scholar
  27. 27.
    Hanser, C., Slamanig, D.: Warrant-hiding delegation-by-certificate proxy signature schemes. In: Paul, G., Vaudenay, S. (eds.) INDOCRYPT 2013. LNCS, vol. 8250, pp. 60–77. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  28. 28.
    Herkenhöner, R., Jensen, M., Pöhls, H.C., de Meer, H.: Towards automated processing of the right of access in inter-organizational web service compositions. In: WSBPS. IEEE (2010)Google Scholar
  29. 29.
    ISO, IEC 19510: Information Technology - Object Management Group Business Process Model and Notation (2013)Google Scholar
  30. 30.
    Jablonski, S.: On the complementarity of workflow management and business process modeling. SIGOIS Bull. 16(1), 33–38 (1995)CrossRefGoogle Scholar
  31. 31.
    Johnson, R., Molnar, D., Song, D., Wagner, D.: Homomorphic signature schemes. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, p. 244. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  32. 32.
    Kiltz, E., Mityagin, A., Panjwani, S., Raghavan, B.: Append-only signatures. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 434–445. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  33. 33.
    Klonowski, M., Lauks, A.: Extended sanitizable signatures. In: Rhee, M.S., Lee, B. (eds.) ICISC 2006. LNCS, vol. 4296, pp. 343–355. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  34. 34.
    Lim, H.W., Kerschbaum, F., Wang, H.: Workflow signatures for business process compliance. IEEE Trans. Dependable Sec. Comput. 9(5), 756–769 (2012)Google Scholar
  35. 35.
    Lim, H.W., Paterson, K.G.: Multi-key hierarchical identity-based signatures. In: Galbraith, S.D. (ed.) Cryptography and Coding 2007. LNCS, vol. 4887, pp. 384–402. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  36. 36.
    Lu, R., Lin, X., Liang, X., Shen, X.S.: Secure provenance: the essential of bread and butter of data forensics in cloud computing. In: ASIACCS. ACM (2010)Google Scholar
  37. 37.
    Mambo, M., Usuda, K., Okamoto, E.: Proxy signatures for delegating signing operation. In: CCS. ACM (1996)Google Scholar
  38. 38.
    Miyazaki, K., Iwamura, M., Matsumoto, T., Sasaki, R., Yoshiura, H., Tezuka, S., Imai, H.: Digitally signed document sanitizing scheme with disclosure condition control. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 88–A(1), 239–246 (2005)CrossRefGoogle Scholar
  39. 39.
    Montagut, F., Molva, R.: Enforcing integrity of execution in distributed workflow management systems. In: SCC. IEEE (2007)Google Scholar
  40. 40.
    Montagut, F., Molva, R.: Traceability and integrity of execution in distributed workflow management systems. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 251–266. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  41. 41.
    Moreau, L., Groth, P., Miles, S., Vazquez-Salceda, J., Ibbotson, J., Jiang, S., Munroe, S., Rana, O., Schreiber, A., Tan, V., et al.: The provenance of electronic data. Commun. ACM 51(4), 52–58 (2008)CrossRefGoogle Scholar
  42. 42.
    Moreau, L., Ludäscher, B., Altintas, I., Barga, R.S., Bowers, S., Callahan, S., Chin, G., Clifford, B., Cohen, S., Cohen-Boulakia, S., et al.: Special issue: the first provenance challenge. Concurr. Comput. Pract. Exp. 20(5), 409–418 (2008)CrossRefGoogle Scholar
  43. 43.
    Paterson, K.: Cryptography from pairings: a snapshot of current research. Inf. Secur. Tech. Rep. 7(3), 41–54 (2002)CrossRefGoogle Scholar
  44. 44.
    Pearson, S., Tountopoulos, V., Catteddu, D., Südholt, M., Molva, R., Reich, C., Fischer-Hübner, S., Millard, C., Lotz, V., Jaatun, M.G., Leenes, R., Rong, C., Lopez, J.: Accountability for cloud and other future internet services. In: CloudCom. IEEE (2012)Google Scholar
  45. 45.
    Pöhls, H.C., Samelin, K.: Accountable redactable signatures. In: ARES. IEEE (2015)Google Scholar
  46. 46.
    Pöhls, H.C., Samelin, K., Posegga, J.: Sanitizable signatures in XML signature — performance, mixing properties, and revisiting the property of transparency. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 166–182. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  47. 47.
    Simmhan, Y.L., Plale, B., Gannon, D.: A survey of data provenance in e-science. ACM Sigmod Rec. 34(3), 31–36 (2005)CrossRefGoogle Scholar
  48. 48.
    Steinfeld, R., Bull, L., Zheng, Y.: Content extraction signatures. In: Kim, K. (ed.) ICISC 2001. LNCS, vol. 2288, p. 285. Springer, Heidelberg (2002)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2016

Authors and Affiliations

  • David Derler
    • 1
  • Christian Hanser
    • 1
  • Henrich C. Pöhls
    • 2
  • Daniel Slamanig
    • 1
  1. 1.IAIKGraz University of TechnologyGrazAustria
  2. 2.Institute of IT-Security and Security Law and Chair of IT-SecurityUniversity of PassauPassauGermany

Personalised recommendations