Abstract
The safety of keys is the Achilles’ heel of cryptography. A key backup at an escrow service lowers the risk of loosing the key, but increases the danger of key disclosure. We propose Recoverable Encryption (RE) schemes that alleviate the dilemma. RE encrypts a backup of the key in a manner that restricts practical recovery by an escrow service to one using a large cloud. For example, a cloud with ten thousand nodes could recover a key in at most 10 minutes with an average recovery time of five minutes. A recovery attempt at the escrow agency, using a small cluster, would require seventy days with an average of thirty five days. Large clouds have become available even to private persons, but their pay-for-use structure makes their use for illegal purposes too dangerous. We show the feaibility of two RE schemes and give conditions for their deployment.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abelson, H., Anderson, R., Bellovin, S.M., Benaloh, J., Blaze, M., Diffie, W., Gilmore, J., Neumann, P.G., Rivest, R.L., Schiller, J.I., Schneier, B.: The risks of key recovery, key escrow, and trusted third-party encryption. World Wide Web Journal 2(3), 241–257 (1997)
Andrews, R.F., Huang, Z., Ruan, T.Q.X., et al.: Method and system of securely escrowing private keys in a public key infrastructure. US Patent 6,931,133 (August 2005)
Ando, H., Morita, I., Kuroda, Y., Torii, N., Yamazaki, M., Miyauchi, H., Sako, K., Domyo, S., Tsuchiya, H., Kanno, S., et al.: Key recovery system. US Patent 6,185,308 (February 6, 2001)
Abiteboul, S., Manolescu, I., Rigaux, P., Rousset, M.C., Senellart, P.: Web data management. Cambridge University Press (2011)
Bellare, M., Goldwasser, S.: Verifiable partial key escrow. In: Proceedings of the 4th ACM Conference on Computer and Communications Security, pp. 78–91. ACM (1997)
Blaze, M.: Key escrow from a safe distance: looking back at the clipper chip. In: Proceedings of the 27th Annual Computer Security Applications Conference, pp. 317–321. ACM (2011)
Blömer, J., May, A.: New partial key exposure attacks on RSA. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 27–43. Springer, Heidelberg (2003)
Chandersekaran, S., Gupta, S.: Framework-based cryptographic key recovery system. US Patent 6,335,972 (January 1, 2002)
Chandrasekhar, S.: Construction of Efficient Authentication Schemes Using Trapdoor Hash Functions. PhD thesis, University of Kentucky (2011)
Chandersekaran, S., Malik, S., Muresan, M., Vasudevan, N.: Apparatus, method, and computer program product for achieving interoperability between cryptographic key recovery enabled and unaware systems. US Patent 6,877,092 (April 5, 2005)
Chatterjee, S., Sarkar, P.: Avoiding key escrow. In: Identity-Based Encryption, pp. 155–161. Springer (2011)
Denning, D.E., Branstad, D.K.: A taxonomy for key escrow encryption systems. Communications of the ACM 39(3), 35 (1996)
Denning, D.E., Branstad, D.K.: A taxonomy for key escrow encryption systems (1997), faculty.nps.edu/dedennin/publications/TaxonomyKeyRecovery.htm
Denning, D.E., Baugh Jr., W.E.: Key escrow encryption policies and technologies. Villanova Law Review 41, 289 (1996)
Dwork, C., Naor, M.: Pricing via processing or combatting junk mail. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 139–147. Springer, Heidelberg (1993)
D’Souza, R.P., Pandey, O.: Cloud key escrow system. US Patent 20,120,321,086 (December 20, 2012)
Ernst, M., Jochemsz, E., May, A., de Weger, B.: Partial key exposure attacks on RSA up to full size exponents. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 371–386. Springer, Heidelberg (2005)
Fan, Q., Zhang, M., Zhang, Y.: Key escrow attack risk and preventive measures. Research Journal of Applied Sciences 4 (2012)
Gennaro, R., Karger, P., Matyas, S., Peyravian, M., Roginsky, A., Safford, D., Willett, M., Zunic, N.: Two-phase cryptographic key recovery system. Computers & Security 16(6), 481–506 (1997)
Gupta, S.: A common key recovery block format: Promoting interoperability between dissimilar key recovery mechanisms. Computers & Security 19(1), 41–47 (2000)
Johnson, D.B., Karger, P.A., Kaufman Jr., C.W., Matyas Jr., S.M., Safford, D.R., Yung, M.M., Zunic, N.: Interoperable cryptographic key recovery system with verification by comparison. US Patent 6,052,469 (April 18, 2000)
Jajodia, S., Litwin, W., Schwarz, T.: LH*RE: A scalable distributed data structure with recoverable encryption. In: CLOUD 2010: Proceedings of the 2010 IEEE 3rd International Conference on Cloud Computing, pp. 354–361. IEEE Computer Society, Washington, DC (2010)
Komura, Y., Okabe, Y.: Gpu-based single-cluster algorithm for the simulation of the ising model. Journal of Computational Physics 231(4), 1209–1215 (2012)
Kuppusamy, L., Rangasamy, J., Stebila, D., Boyd, C., Nieto, J.G.: Practical client puzzles in the standard model. In: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2012. ACM, New York (2012)
Litwin, W., Jajodia, S., Schwarz, T.: Privacy of data outsourced to a cloud for selected readers through client-side encryption. In: WPES 2011: Proceedings of the 10th Annual ACM Workshop on Privacy in the Electronic Society, pp. 171–176. ACM, New York (2011)
Litwin, W., Neimat, M.A., Schneider, D.A.: Lh* – a scalable, distributed data structure. ACM Transactions on Database Systems (TODS) 21(4), 480–525 (1996)
McConnell, B.W., Appel, E.J.: Enabling privacy, commerce, security and public safety in the global information infrastructure. Office of Management and Budget, Interagency Working Group on Cryptography Policy, Washington, DC (1996)
Miller, E.L., Long, D.D.E., Freeman, W.E., Reed, B.C.: Strong security for network-attached storage. In: Proceedings of the 1st USENIX Conference on File and Storage Technologies, p. 1. USENIX Association (2002)
Owens, J.D., Houston, M., Luebke, D., Green, S., Stone, J.E., Phillips, J.C.: Gpu computing. Proceedings of the IEEE 96(5), 879–899 (2008)
Rivest, R.L., Shamir, A., Wagner, D.A.: Time-lock puzzles and timed-release crypto. Technical report, Massachusetts Institute of Technology, Cambridge, MA, USA (1996)
Shamir, A.: How to share a secret. Communications of the ACM 22(11), 612–613 (1979)
Singhal, A.: The piracy of privacy-a fourth amendment analysis of key escrow cryptography. Stanford Law and Policy Review 7, 189 (1995)
Schwarz, T., Long, D.D.E.: Clasas: a key-store for the cloud. In: 2010 IEEE International Symposium on Modeling, Analysis & Simulation of Computer and Telecommunication Systems (MASCOTS), pp. 267–276. IEEE (2010)
Verheul, E.R., van Tilborg, H.C.A.: Binding ElGamal: A fraud-detectable alternative to key-escrow proposals. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 119–133. Springer, Heidelberg (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Jajodia, S., Litwin, W., Schwarz SJ, T. (2013). Recoverable Encryption through a Noised Secret over a Large Cloud. In: Hameurlain, A., Küng, J., Wagner, R. (eds) Transactions on Large-Scale Data- and Knowledge-Centered Systems IX. Lecture Notes in Computer Science, vol 7980. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40069-8_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-40069-8_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40068-1
Online ISBN: 978-3-642-40069-8
eBook Packages: Computer ScienceComputer Science (R0)