No abstract available.
Proceeding Downloads
Authorization architectures for privacy-respecting surveillance
Even more than in our physical world, in our digital world we need systems that meet the security objective of service providers and users in equal measure. This paper investigates the requirements of secure authorizations with respect to accountability ...
Privacy-preserving revocation checking with modified CRLs
Certificate Revocation Lists (CRLs) are a popular means of revocation checking. A CRL is a signed and time-stamped list containing information about all revoked certificates issued by a certification authority. One of the shortcomings of CRLs is poor ...
E-passports as a means towards the first world-wide public key infrastructure
Millions of citizens around the world have already acquired their new electronic passport. The e-passport is equipped with contactless communication capability, as well as with a smart card processor enabling cryptographic functionality. Countries are ...
An interdomain PKI model based on trust lists
The penetration of PKI technology in the market is moving slowly due to interoperability concerns. Main causes are not technical but political and social since there is no trust development model that appropriately deals with multidomain PKIs. We ...
One-more extension of paillier inversion problem and concurrent secure identification
In this paper, we revisit Paillier's trapdoor one-way function [15], focusing on the computational problem underlying its one-wayness. We formulate a new computational problem that we call one-more Paillier inversion problem. It is a natural extension ...
An efficient signcryption scheme with key privacy
In Information Processing Letters 2006, Tan pointed out that the anonymous signcryption scheme proposed by Yang, Wong and Deng (YWD) in ISC 2005 provides neither confidentality nor anonymity. However, no discussion has been made on whether YWD scheme ...
Direct chosen-ciphertext secure hierarchical ID-based encryption schemes
We describe two Hierarchical Identity Based Encryption (HIBE) schemes which are selective-ID chosen ciphertext secure. Our constructions are based on the Boneh-Boyen and the Boneh-Boyen-Goh HIBE schemes respectively. We apply the signature-based method ...
Certificate-based signature: security model and efficient construction
In Eurocrypt 2003, Gentry introduced the notion of certificate-based encryption. The merit of certificate-based encryption lies in the following features: (1) providing more efficient public-key infrastructure (PKI) that requires less infrastructure, (2)...
Time capsule signature: efficient and provably secure constructions
Time Capsule Signature, first formalized by Dodis and Yum in Financial Cryptography 2005, is a digital signature scheme which allows a signature to bear a (future) time t so that the signature will only be valid at time t or later, when a trusted third ...
A new variant for an attack against RSA signature verification using parameter field
We present a method to create a forged signature which will be verified to a syntactically well-formed ASN.1 datum, when certificate authorities use small RSA public exponents such as 3. Our attack is related to the technique which Daniel Bleichenbacher ...
AutoPKI: a PKI resources discovery system
The central goal of Public Key Infrastructure (PKI) is to enable trust judgments between distributed users. Although certificates play a central role in making such judgments, a PKI's users need more than just knowledge of certificates. Minimally, a ...
Bootstrapping a global SSO from network access control mechanisms
This paper presents the details of a Single Sign On proposal which takes advantage of previously deployed authentication mechanisms. The main goal is to establish a link between authentication methods at different levels in order to provide a seamless ...
Anonymous k-show credentials
Privacy-preserving digital credentials are cryptographic tools that allow a user to prove a predicate about his/her identity or qualifications, without the verifying party learning additional information beyond the status of that predicate. The Identity ...
On partial anonymity in secret sharing
Anonymous secret sharing schemes allow a secret to be recovered from shares regardless of the identity of shareholders. Besides being interesting in its own right, this property is especially appealing to guarantee the anonymity of participants when ...
Anonymous identification and designated-verifiers signatures from insecure batch verification
Versatility in cryptography is interesting. Instead of building a secure scheme from another secure one, this paper presents an oxymoron making use of the insecurity of a scheme to give useful feature in another context. We show the insecurity of the ...
OpenHSM: an open key life cycle protocol for public key infrastructure's hardware security modules
The private keys used in a PKI are its most important asset. Protect these keys from unauthorised use or disclosure is essential to secure a PKI. Relying parties need assurances that the private key used to sign their certificates is controlled and ...
Two worlds, one smart card: an integrated solution for physical access and logical security using PKI on a single smart card
We present a use case of the introduction of a large scale Public Key Infrastructure (PKI) environment in an incumbent telecommunications company in The Netherlands. The main characteristics of the case are the integration of an existing physical access ...
On the robustness of applications based on the SSL and TLS security protocols
The SSL and TLS security protocols have been designed and implemented to provide end-to-end data security. This includes data integrity that is the data cannot be modified, replayed or reordered by an attacker without being detected at the receiving ...
Using WebDAV for improved certificate revocation and publication
There are several problems associated with the current ways that certificates are published and revoked. This paper discusses these problems, and then proposes a solution based on the use of WebDAV, an enhancement to the HTTP protocol. The proposed ...
Reducing the computational cost of certification path validation in mobile payment
PKI can improve security of mobile payments but its complexity has made difficult its use in such environment. Certificate path validation is complex in PKI. This demands some storage and processing capacities to the verifier that can exceed the ...
Security-by-contract: toward a semantics for digital signatures on mobile code
In this paper we propose the notion of security-by-contract, a mobile contract that an application carries with itself. The key idea of the framework is that a digital signature should not just certify the origin of the code but rather bind together the ...
Applicability of public key infrastructures in wireless sensor networks
Wireless Sensor Networks (WSN) are becoming a key technology in the support of pervasive and ubiquitous services. The previous notion of "PKC is too expensive for WSN" has changed partially due to the existence of new hardware and software prototypes ...
Spatial-temporal certification framework and extension of X.509 attribute certificate framework and SAML standard to support spatial-temporal certificates
The recent development of location-based services has originated a set of new security services that address their particular security problems. Spatial-temporal certification services are among these new services. They have as main goal the generation ...
Electronic payment scheme using identity-based cryptography
Online electronic wallet with decentralized credential keepers is an architecture allowing users to leave most of the content of his electronic wallet at the security of his residential electronic keeper, while traveling with his mobile phone. This ...
Undeniable mobile billing schemes
An undeniable mobile billing system allows a mobile network service provider to bill its subscribers with trustworthy evidences. Chen, Jan and Chen proposed such a billing system by introducing a trusted third party - Observer and exploiting a hash ...
Universally composable signcryption
One of the challenges within public-key based cryptosystems is providing the user with a convenient interface, while retaining security. In the universal composability framework, we propose an ideal functionality for secure messaging, with a user-...
Chord-PKI: embedding a public key infrastructure into the chord overlay network
Our goal in this paper is to provide authentication, encryption and non-repudiation services for nodes within Peer-to-Peer networks, in an efficient and scalable way. To accomplish this, we propose a distributed Public Key Infrastructure model, suitable ...
Privacy protection in location-based services through a public-key privacy homomorphism
Location-Based Services (LBS) can be accessed from a variety of mobile devices to obtain value added information related to the location of the user. Most of the times, these services are provided by a trusted company (e.g. a telecommunications company)...
A critical view on RFC 3647
A Certification Practice Statement (CPS), as well as one or several Certificate Policies (CP) are important parts of a Public Key Infrastructure. The by far most important source of information for writing a CPS or CP was developed by an IETF working ...
Index Terms
- Proceedings of the 4th European conference on Public Key Infrastructure: theory and practice