Key escrow

About: Key escrow is a research topic. Over the lifetime, 1162 publications have been published within this topic receiving 19616 citations.

An efficient eCK secure certificateless authenticated key agreement scheme with security against public key replacement attacks

Abstract: Authenticated Key Agreement (AKA) protocol enables two communicating entities to mutually establish a session key, in such a way that each entity is assured of the authenticity of its peer. Certificateless AKA (CL-AKA) protocols are widely researched, since, it eliminates the key escrow problem in Identity based systems and the cumbersome certificate management overheads associated with the Public Key Infrastructure (PKI) model. However, AKA protocols in the Certificateless setting suffer from public key replacement attacks, since, the user public keys cannot be validated explicitly by certificates. Our investigations reveal that the existing eCK- secure CL-AKA protocols are vulnerable to basic impersonation attacks and Man-in-the-middle attacks by the Key Generation Center (KGC). Moreover, public key replacement attacks by other malicious users can prevent communicating entities from ever agreeing upon a valid session key. In order to mitigate the aforementioned vulnerabilities, we propose the first eCK secure CL-AKA scheme with security against public key replacement attacks by the KGC, as well as, the external adversaries. Contrary to the conventional CL-AKA protocols, the proposed scheme does not have a partial private key escrow at the KGC and does not require secure authenticated channels for the transmission of the partial private keys from the KGC to individual users. Furthermore, we cryptanalyze two of the most recently proposed CL-AKA protocols, to illustrate their lack of eCK security and discuss the flaws in their security proofs. Comparative analysis of the proposed scheme with other CL-AKA protocols in the literature reveals that the proposed scheme offers better efficiency and security.

A novel authentication protocol for vehicle network

Abstract: The identity of the vehicle is the only legal identification of the vehicle at the trusted center. It is directly related to the information of the vehicle user, and the anonymous authentication of the vehicle identity is an embodiment of the user privacy protection. Based on this, an on-board network anonymous authentication protocol is designed on the basis of certificateless signature scheme. The protocol does not require certificate management and there is no key escrow problem. The results show that the protocol authentication efficiency is significantly higher than that of the certificate-based authentication protocol and the identity-based authentication protocol, while satisfying the requirements of anonymity, non-repudiation, mutual authentication, conditional privacy protection and Anti-replay aggression.

On a Threshold Key Escrow Scheme

Abstract: Proposes a multistage threshold key escrow scheme, based on Elgamal public key cryptosystem and shamir threshold method, This scheme can effectively resist subliminal channel attack, prevent supervision agency to have too much power, verify the secret pieces of the user's private key, and disclose the failure or corrupted escrow agents

Auto-recoverable Auto-certifiable Cryptosystems (A Survey)

Abstract: In this paper we survey the recent work on Auto-Recoverable Auto-Certifiable Cryptosystems. This notion has been put forth to solve the "software key escrow" problem in an efficient manner within the context of a Pubic Key Infrastructure (PKI). This survey presents the exact specification of the problem which is based on what software key escrow can hope to achieve. The specification attempts to separate the truly difficult technical issues in the area from the ones that are only seemingly difficult. We then review the work in Eurocrypt '98 and PKC '99, which gives an efficient reduction to a software key escrow system from a certified public key system (PKI). Namely, we show how to construct an escrowed PKI for essentially the same cost and effort required for a regular PKI. More specifically, the schemes presented are as efficient for users to use as a PKI, do not require tamper-resistant hardware (i.e., they can be distributed in software to users), and the schemes are shadow public key resistant as defined in Crypto '95 by Kilian and Leighton (namely, they do not allow the users to publish public keys other then the ones certified). The schemes enable the efficient verification of the fact that a given user's private key is escrowed properly. They allow the safe and efficient recovery of keys (and plaintext messages) which is typical in emergency situations such as in the medical area, in secure file systems, and in criminal investigations. We comment that we do not advocate nor deal with the policy issues regarding the need of governments to control access to messages; our motivation is highly technical: in cases that escrow is required or needed we would like to minimize its effect on the overall PKI deployment. We then briefly mention forthcoming developments in the area which include further flexibility/compatibility requirements for auto-recoverable cryptosystems, as well as design of such systems which are based on traditional public key methods (RSA and discrete logs).

Two Classes of Robust Threshold Key Escrow Schemes

Abstract: The definition of robust threshold key escrow scheme (RTKES) is proposed in this paper. Namely, in RTKES, malice escrow agency fail to obtain the system secret key or user抯 secret key, even if the number of malice escrow agency is more than or equal to the value of threshold. Clearly, the problem of 搖ser抯 secret key completely depends on the trusted escrow agency?is solved if RTKES exists. In this paper, it is proved that the RTKES does exist, and some concrete designs of two classes of RTKES are given. In these schemes, the problem of 搊nce monitor, monitor for ever?is solved effectively, every escrow agency can verify correctness of the secret shadow that he escrows during secret shadow distribution and monitor agency can exactly decide which escrow agency forges or tampers secret shadow during monitor procedure. Since the proposed RTKES is also threshold key escrow scheme, when an escrow agency or few agencies is not cooperating, monitor agency can easily reconstruct session key to monitor as long as there are other k effective escrow agencies. In addition, it also resists against LEAF feedback attack.