scispace - formally typeset
Search or ask a question
Topic

Key escrow

About: Key escrow is a research topic. Over the lifetime, 1162 publications have been published within this topic receiving 19616 citations.


Papers
More filters
Book ChapterDOI
24 Apr 2006
TL;DR: This work provides a model of security against a fully-adaptive chosen ciphertext attacker, who may be a rogue key generation centre or any coalition of rogue users, and presents a generic construction and also a concrete algorithm based on bilinear pairings.
Abstract: We introduce the notion of security-mediated certificateless (SMC) cryptography. This allows more lightweight versions of mediated cryptography while maintaining the ability for instantaneous revocation of keys. Moreover, our solutions avoid key escrow, which has been used in all previous mediated cryptography algorithms. We provide a model of security against a fully-adaptive chosen ciphertext attacker, who may be a rogue key generation centre or any coalition of rogue users. We present a generic construction and also a concrete algorithm based on bilinear pairings. Our concrete scheme is more efficient than the identity-based mediated encryption scheme of Baek and Zheng in PKC 2004 which is provably secure in a comparable security model. In addition, our proposals can be easily extended to support distributed security mediators.

69 citations

Journal ArticleDOI
TL;DR: This paper proposes a secure data retrieval scheme using CP-ABE for decentralized DTNs where multiple key authorities manage their attributes independently and demonstrates how to apply the proposed mechanism to securely and efficiently manage the confidential data distributed in the disruption-tolerant military network.
Abstract: Mobile nodes in military environments such as a battlefield or a hostile region are likely to suffer from intermittent network connectivity and frequent partitions. Disruption-tolerant network (DTN) technologies are becoming successful solutions that allow wireless devices carried by soldiers to communicate with each other and access the confidential information or command reliably by exploiting external storage nodes. Some of the most challenging issues in this scenario are the enforcement of authorization policies and the policies update for secure data retrieval. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising cryptographic solution to the access control issues. However, the problem of applying CP-ABE in decentralized DTNs introduces several security and privacy challenges with regard to the attribute revocation, key escrow, and coordination of attributes issued from different authorities. In this paper, we propose a secure data retrieval scheme using CP-ABE for decentralized DTNs where multiple key authorities manage their attributes independently. We demonstrate how to apply the proposed mechanism to securely and efficiently manage the confidential data distributed in the disruption-tolerant military network.

69 citations

Book ChapterDOI
27 Aug 1995
TL;DR: The Escrow Encryption Standard and its realization - the Clipper chips - suggest a new type of encryption scheme and requirements and concerns are reviewed and design approaches to systems with desired properties of key escrow are suggested.
Abstract: The Escrow Encryption Standard and its realization - the Clipper chips - suggest a new type of encryption scheme. We present a few basic and somewhat subtle issues concerning escrow encryption systems. We identify and perform attacks on the actual Clipper and other recent designs (fair cryptosystems, TIS software escrow, etc.). We review requirements and concerns and suggest design approaches to systems with desired properties of key escrow.

69 citations

Journal ArticleDOI
TL;DR: This paper proposes a new pairing-free CLAKA protocol that has better performance and is provably secure in a very strong security model-the extended Canetti-Krawczyk (eCK) model.
Abstract: Since certificateless public key cryptography (CLPKC) has received widespread attention due to its efficiency in avoiding key escrow problems in identity-based public key cryptography (ID-PKC), the certificateless authenticated key agreement (CLAKA) protocol, an important part of CLPKC, has been studied a great deal. Most CLAKA protocols are built from pairings which need costly operations. To improve the performance, several pairing-free CLAKA protocols have been proposed. In this paper, we propose a new pairing-free CLAKA protocol. Compared with the related protocols, our protocol has better performance. Also, our protocol is provably secure in a very strong security model-the extended Canetti-Krawczyk (eCK) model.

69 citations

01 Apr 1996
TL;DR: A new approach to key escrow is introduced, applicable to any encryption algorithm, which makes it veriiably computationally possible for an authority to only selectively wiretap a small number of individual users, and computationally prohibitive to launch large scale wiretapping.
Abstract: The widespread need for encryption for private communication and stored information poses a problem when there exists an authority, such as the governement or business employer, who under some predetermined set of circumstances, needs to be able to obtain access to information and communication of selected users. Key-escrow is the main solution considered to ensure the ability of an authority to wiretap communictaion. The main objection to all current Key-escrow proposals is that they assume complete faith in the authority and its trustees. If the authorities do not follow the rules, or are replaced by an un-trustworthy authority tomorrow, they can immediately recover the secret keys of all users, and embark on massive wiretapping automatically scanning everyone's e-mail and computer les. We introduce a new approach to key escrow called veriiable encapsulated key escrow (VEKE), applicable to any encryption algorithm, which makes it veriiably computationally possible for an authority to only selectively wiretap a small number of individual users, and computationally prohibitive to launch large scale wiretapping. This is achieved by imposing a time delay between the obtaining the escrowed information of a user and obtaining the user secret key. We achieve VEKE by a new cryptographic tool called veriiable cryptographic time capsules (VCTC). The capsules are ways of strongly encoding information, which allow an authority to verify that it can obtain the contents of the capsule after (and only after) a speciied amount of time delay. When applied to key-escrow, the content of the capsules are secret-keys of users, and the amount of time it takes to open these capsules is a parameter which is set such that it is computationally possible to open a few of them, but computationally hard to open large numbers of them. When several trustees are available, the time capsule is split amongst them via a secret sharing scheme. When trustees pull their pieces together, they can recover the capsule and start computing toward opening it. VCTC's can be constructed under the general assumption that claw-free trapdoor functions exist. For the purpose of key-escrow for the RSA cryptosystem (and the Diie and Hellman cryptosystem), we give very eecient implementations of VCTC based on the particular assumption that factoring integers is hard (respectively, the assumption that the discrete logarithm is hard to compute). Although conceived for the purpose of wiretapping and in the context of key-escrow, VCTC can be used for \sending information into the …

66 citations


Network Information
Related Topics (5)
Encryption
98.3K papers, 1.4M citations
85% related
Routing protocol
46.5K papers, 901.8K citations
80% related
Wireless ad hoc network
49K papers, 1.1M citations
79% related
Key distribution in wireless sensor networks
59.2K papers, 1.2M citations
78% related
Server
79.5K papers, 1.4M citations
78% related
Performance
Metrics
No. of papers in the topic in previous years
YearPapers
20241
202351
202289
202150
202072
201958