Abstract
In this paper we present the design of a scalable and secure cryptographic service that can be adopted to support large-scale networked systems, which may require strong authentication from a large population of users. Since the users may not be able to adequately protect their cryptographic credentials, our service leverages some better protected servers to help fulfill such authentication needs. Compared with previous proposals, our service has the following features: (1) it incorporates a 3-factor authentication mechanism, which facilitates compromise detection; (2) it supports immediate revocation of a cryptographic functionality in question; (3) the damage due to the compromise of a server is contained; (4) it is scalable and highly available.
Keywords
- cryptographic service
- scalability
- security
- compromise detection
- compromise confinement
- availability
Chapter PDF
References
Anderson, R.: Invited Talk at ACM CCS 1997 (1997)
Asokan, N., Tsudik, G., Waidner, M.: Server-Supported Signatures. Journal of Computer Security 5(1) (1997)
Bellare, M., Miner, S.: A forward-secure digital signature scheme. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, Springer, Heidelberg (1999)
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated Key Exchange Secure against Dictionary Attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, Springer, Heidelberg (2000)
Bellare, M., Rogaway, P.: Random Oracles Are Practical: A Paradigm for Designing Efficient Protocols. In: Proc. ACM CCS 1993, pp. 62–73 (1993)
Bellare, M., Rogaway, P.: Optimal asymmetric encryption – How to encrypt with RSA. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, Springer, Heidelberg (1995)
Bellare, M., Rogaway, P.: The Exact Security of Digital Signatures - How to Sign with RSA and Rabin. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, Springer, Heidelberg (1996)
Bellovin, S., Merritt, M.: Encrypted Key Exchange: Password-based Protocols Secure against Dictionary Attack. In: Proc. IEEE Security and Privacy, IEEE Computer Society Press, Los Alamitos (1992)
Boneh, D., Ding, X., Tsudik, G., Wong, C., Method, A.: for Fast Revocation of Public Key Certificates and Security Capabilities. In: Proc. Usenix Security Symposium (2001)
Boyd, C.: Digital Multisignatures. In: Beker, H.J., Piper, F.C. (eds.) Cryptography and Coding, pp. 241–246. Clarendon Press (1989)
Boyko, V., MacKenzie, P., Patel, S.: Provably Secure Password Authentication and Key Exchange Using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, Springer, Heidelberg (2000)
Cramer, R., Shoup, V.: A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, Springer, Heidelberg (1998)
Dean, D., Berson, T., Franklin, M., Smetters, D., Spreitzer, M.: Cryptography as a Network Service.In: Proc. NDSS 2001 (2001)
Denning, D.E.: Digital Signature with RSA and other Public-Key Cryptosystems. C. ACM 27(4), 388–392 (1984)
Dodis, Y., Katz, J., Xu, S., Yung, M.: Strong Key-Insulated Signature Schemes. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, Springer, Heidelberg (2002)
Ganesan, R.,Yaksha: Augmenting Kerberos with Public Key Cryptography. In: Proc. NDSS 1995 (1995)
Goldreich, O., Goldwasser, S., Micali, S.: How to Construct Random Functions. J. ACM 33(4), 210–217 (1986)
Goldwasser, S., Micali, S., Rivest, R.: A Digital Signature Scheme Secure against Adaptive Chosen-Message Attacks. SIAM J. Computing 17(2), 281–308 (1988)
Itkis, G., Reyzin, L.: Forward-Secure Signatures with Optimal Signing and Verifying. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, Springer, Heidelberg (2001)
Itkis, G., Reyzin, L.: SiBIR: Signer-Base Intrusion-Resilient Signatures. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, Springer, Heidelberg (2002)
Katz, J., Ostrovsky, R., Yung, M.: Efficient Password-Authenticated Key Exchange Using Human-Memorizable Passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, Springer, Heidelberg (2001)
MacKenzie, P., Reiter, M.: Networked Cryptographic Devices Resilient to Capture. In: Proc. IEEE Security and Privacy, IEEE Computer Society Press, Los Alamitos (2001)
Matsumoto, T., Kato, K., Imai, H.: Speeding Up Secret Computations with Insecure Auxiliary Devices. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, Springer, Heidelberg (1990)
Perlman, R., Kaufman, C.: Secure Password-based Protocol for Downloading a Private Key. In: Proc. NDSS 1999 (1999)
Pinkas, B., Sander, T.: Securing Passwords Against Dictionary Attacks. In: Proc. ACM CCS 2002 (2002)
Rackoff, C., Simon, D.: Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, Springer, Heidelberg (1992)
Rivest, R.A., Shamir, A., Adleman, L., Method, A.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. C. ACM 21(2), 120–126 (1978)
Schneider, F.: Implementing Fault-Tolerant Services Using the State Machine Approach: A Tutorial. ACM Comput. Surv. 22(4), 299–319 (1990)
Xu, S., Sandhu, R.: Two Efficient and Provably Secure Schemes for Server-Assisted Threshold Signatures. In: Proc. RSA Con. – Cryptographer’s Track (2003)
Xu, S., Sandhu, R.: A Scalable Secure Cryptographic Service. Full version of the present paper, available at www.cs.utsa.edu/~shxu
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 IFIP International Federation for Information Processing
About this paper
Cite this paper
Xu, S., Sandhu, R. (2007). A Scalable and Secure Cryptographic Service. In: Barker, S., Ahn, GJ. (eds) Data and Applications Security XXI. DBSec 2007. Lecture Notes in Computer Science, vol 4602. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73538-0_12
Download citation
DOI: https://doi.org/10.1007/978-3-540-73538-0_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-73533-5
Online ISBN: 978-3-540-73538-0
eBook Packages: Computer ScienceComputer Science (R0)