Proof-Carrying Proxy Certificates
The term proxy certificate is used to describe a certificate that is issued by an end user for the purpose of delegating responsibility to another user so that the latter can perform certain actions on behalf of the former. Such certificates have been suggested for use in a number of applications, particularly in distributed computing environments where delegation of rights is common. In this paper, we present a new concept called proof-carrying proxy certificates. Our approach allows to combine the verification of the validity of the proxy certificate and the authorization decision making in an elegant way that enhances the privacy of the end user. In contrast with standard proxy certificates that are generated using standard (public-key) signature schemes, the proposed certificates are generated using a signature scheme for which the validity of a generated signature proves the compliance of the signer with a credential-based policy. We present a concrete realization of our approach using bilinear pairings over elliptic curves and we prove its security under adapted attack models.
KeywordsProxy Certificates Credentials Authorization Bilinear Pairings Data Minimization
Unable to display preview. Download preview PDF.
- 1.Appel, A., Felten, E.: Proof-carrying authentication. In: ACM Conference on Computer and Communications Security, pp. 52–62 (1999)Google Scholar
- 3.Bagga, W., Crosta, S., Molva, R.: An application of policy-based signature: Proof-carrying proxy certificates. Institut Eurecom, Research Report RR-06-169 (April 2006)Google Scholar
- 6.Basney, J., Nejdl, W., Olmedilla, D., Welch, V., Winslett, M.: Negotiating trust on the grid. In: 2nd WWW Workshop on Semantics in P2P and Grid Computing, New York, USA (May 2004)Google Scholar
- 9.Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)Google Scholar
- 10.Organization for Economic Cooperation and Development (OECD). Recommendation of the council concerning guidelines governing the protection of privacy and transborder flows of personal data (1980), http://www.oecd.org/home/
- 12.Herranz, J.: A formal proof of security of Zhang and Kim’s ID-based ring signature scheme. In: WOSIS 2004, pp. 63–72. INSTICC Press (2004) ISBN 972-8865-07-4Google Scholar
- 14.Lin, C., Wu, T.: An identity-based ring signature scheme from bilinear pairings. Cryptology ePrint Archive, Report 2003/117 (2003), http://eprint.iacr.org/
- 16.Clifford Neuman, B.: Proxy-based authorization and accounting for distributed systems. In: International Conference on Distributed Computing Systems, pp. 283–291 (1993)Google Scholar
- 19.Tuecke, S., Welch, V., Engert, D., Pearlman, L., Thompson, M.: Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile. RFC 3820 (June 2004)Google Scholar