Key escrow

About: Key escrow is a research topic. Over the lifetime, 1162 publications have been published within this topic receiving 19616 citations.

Data verification in information-centric networking with efficient revocable certificateless signature

Abstract: Information-centric networking (ICN), a strong candidate for future internet architecture, consists of two kinds of packets, interest and data packets, both of which carry the name of data content to be requested (or delivered). The data packet is associated with a public key signature so that the data receiver can verify the data packet's correctness, integrity and provenance. Certificate-based signature (based on Public Key Infrastructure-PKI) and ID-based signature have been proposed to meet this purpose. In this paper, we propose to apply certificateless signature to fulfill this aim, because it not only mitigates the demand of PKI (for certificate-based signature), but also eliminates the key escrow problem (for identity-based signature), while still being able to leverage the ICN's naming feature. Moreover, it is essentially important to allow efficient user revocation for any signature scheme to better meet applications' demand. Motivated by these, we propose an efficient revocable certificateless signature scheme, greatly reducing the revocation complexity from linear (with respect to the works in the literature) to logarithmic complexity. The proposed scheme is based on the two key techniques, cover set and secret sharing technique, and is provably secure in the random oracle model. In addition, we present the case study of applying the proposed revocable certificateless signature in the ICN and evaluate the scheme's performance to show its feasibility.

A Certificateless Ring Signature Scheme with High Efficiency in the Random Oracle Model

Abstract: Ring signature is a kind of digital signature which can protect the identity of the signer. Certificateless public key cryptography not only overcomes key escrow problem but also does not lose some advantages of identity-based cryptography. Certificateless ring signature integrates ring signature with certificateless public key cryptography. In this paper, we propose an efficient certificateless ring signature; it has only three bilinear pairing operations in the verify algorithm. The scheme is proved to be unforgeable in the random oracle model.

Practical verifiable encryption and decryption of discrete logarithms

Abstract: This paper addresses the problem of designing practical protocols for proving properties about encrypted data. To this end, it presents a variant of the new public key encryption of Cramer and Shoup based on Paillier's decision composite residuosity assumption, along with efficient protocols for verifiable encryption and decryption of discrete logarithms (and more generally, of representations with respect to multiple bases). This is the first verifiable encryption system that provides chosen ciphertext security and avoids inefficient cut-and-choose proofs. The presented protocols have numerous applications, including key escrow, optimistic fair exchange, publicly verifiable secret and signature sharing, universally composable commitments, group signatures, and confirmer signatures.

Threshold Proxy Re-Signature

Abstract: The focus of this paper is to design an efficient and secure solution addressing the key escrow problem in proxy re-signature schemes, i.e., the proxy knows the user's private key, which damages the essential requirement - "non-repudiation" property of proxy re-signature schemes. In this paper, we first define the security model for threshold proxy re-signature scheme, and then propose two threshold proxy re-signature schemes based on Ateniese's (see ACM CCS, p.310-319, 2005) and Shao Jun's (see Progress in Cryptology - INDOCRYPT 2007, vol.4859 of LNCS, p.197-209, 2007) approach. To our knowledge, there is no threshold proxy re-signature scheme that has been formally presented yet.

Secure communication using identity based encryption

Abstract: Secured communication has been widely deployed to guarantee confidentiality and integrity of connections over untrusted networks, e.g., the Internet. Although secure connections are designed to prevent attacks on the connection, they hide attacks inside the channel from being analyzed by Intrusion Detection Systems (IDS). Furthermore, secure connections require a certain key exchange at the initialization phase, which is prone to Man-In-The-Middle (MITM) attacks. In this paper, we present a new method to secure connection which enables Intrusion Detection and overcomes the problem of MITM attacks. We propose to apply Identity Based Encryption (IBE) to secure a communication channel. The key escrow property of IBE is used to recover the decryption key, decrypt network traffic on the fly, and scan for malicious content. As the public key can be generated based on the identity of the connected server and its exchange is not necessary, MITM attacks are not easy to be carried out any more. A prototype of a modified TLS scheme is implemented and proved with a simple client-server application. Based on this prototype, a new IDS sensor is developed to be capable of identifying IBE encrypted secure traffic on the fly. A deployment architecture of the IBE sensor in a company network is proposed. Finally, we show the applicability by a practical experiment and some preliminary performance measurements.