Key escrow

About: Key escrow is a research topic. Over the lifetime, 1162 publications have been published within this topic receiving 19616 citations.

Efficient certificate‐based encryption schemes without pairing

Abstract: Recently, a lot of researches focused on identity-based encryption (IBE). The advantage of this scheme is that it can reduce the cost of the public key infrastructure by simplifying certificate management. Although IBE has its own innovations, one of its weaknesses is the key escrow problem. That is, the private key generator in IBE knows decryption keys for all identities and consequently can decrypt any ciphertexts. The certificate-based encryption (CBE) scheme proposed in EUROCRYPT 2003 provides a solution for the key escrow problem by allowing the certification authority to possess a partial decryption key that comprises the full decryption key together with the user-generated private key. In this paper, we propose new CBE schemes without pairing and prove them to be Indistinguishability under Chosen Ciphertext Attack secure in the random oracle model based on the hardness of the computational Diffie–Hellman problem. When compared with other CBE schemes, our schemes are significantly efficient in terms of performance, which makes our schemes suitable for computation-limited node (e.g., sensor, wearable device) networks. Copyright © 2016 John Wiley & Sons, Ltd.

New approach for highly secured I/O transfer with data on timer streaming

Abstract: Security is the major concern in most of the applications especially in communication network. If the storage is compromised then the data get revealed. Disruption tolerant networks (DTN) achieve secure data retrieval by exploiting external storage nodes, but there exist some authorization policy issues. This problem is solved by the ciphertext-policy attribute based encryption (CP-ABE). However implementation of the CP-ABE onto DTN has some issues like attribute revocation, key escrow, and coordination of attributes issued from different authorities. These problems are solved using the CP-ABE with multiple key authorities. The application sharing nature in cloud is also vulnerable to malicious attacks. Introduced integrity attestation framework for SaaS cloud achieves better attacker pinpointing power. Proposed work is mainly focused to find out the best from the attribute based encryption techniques and also from the integrity attestation schemes. Related work point out that the combined approach of both techniques achieve a highly secured Input/Output transfer system with a dual encryption scheme.

Handcuffing Big Brother: an Abuse-Resilient Transaction Escrow Scheme (Extended Abstract)

Abstract: We propose a practical abuse-resilient transaction escrow scheme with applications to privacy-preserving audit and monitoring of electronic transactions. Our scheme ensures correctness of escrows as long as at least one of the participating parties is honest, and it ensures privacy and anonymity of transactions even if the escrow agent is cor- rupt or malicious. The escrowed information is secret and anonymous, but the escrow agent can efficiently find transactions involving some user in response to a subpoena or a search warrant. Moreover, for applica- tions such as abuse-resilient monitoring of unusually high levels of certain transactions, the escrow agent can identify escrows with particular com- mon characteristics and automatically (i.e., without a subpoena) open them once their number has reached a pre-specified threshold. Our solution for transaction escrow is based on the use of Verifiable Random Functions. We show that by tagging the entries in the escrow database using VRFs indexed by users' private keys, we can protect users' anonymity while enabling efficient and, optionally, automatic de- escrow of these entries. We give a practical instantiation of a transaction escrow scheme utilizing a simple and efficient VRF family secure under the DDH assumption in the Random Oracle Model.

System and method of software-based commercial key escrow for pki environment

Abstract: PURPOSE: A PKI-based commercial key entrusting method and system are provided which provides PKI-roaming service without changing a system and guarantees perfect forward secrecy for a key management server managing a key recovery server. CONSTITUTION: A user A(10) generates a pair of password private key and public key and creates a key recovery block to transmit the key recovery block together with the public key to a registration server(11) in the first step(S201). The registration server transmits the key recovery block and public key to a key managing server(13) at the second step(S202). The key managing server sends a password authentication note issuance permit to the registration server at the third step(S203). The registration server shows the permit to an authentication server(12) and requests a password authentication note with respect to the public key at the fourth step(S204). The authentication server issues the password authentication note and opens the authentication note to a directory server(19) at the fifth step(S205), and transmits the authentication note to the registration server at the sixth step(S206). The registration server delivers the password authentication note to the user A at the seventh step(S207).