scispace - formally typeset
Search or ask a question
Topic

Key escrow

About: Key escrow is a research topic. Over the lifetime, 1162 publications have been published within this topic receiving 19616 citations.


Papers
More filters
Patent
17 Jul 2000
TL;DR: In this paper, the authors proposed an escrow system in which a user can provide a password or other secret information for later retrieval by entering a series of information uniquely describing himself or herself.
Abstract: The invention employs a voluntary identification/definition phase performed, for example, shortly after a computer is purchased, and a secret information retrieval phase. In the definition phase, the true owner/customer defines an escrow record which provides self-identification data together with encrypted password data. The present invention prompts a user to voluntarily escrow password or other secret information for later retrieval by entering a series of information uniquely describing himself or herself. The identification indicia is combined with the secret information (such as the user's encryption password) and is then encrypted under the control of the trustee's public key. The combined information may be encrypted, for example, under a random symmetric key (such as DES) which is then encrypted under the trustee's public key. After unique identification data has been entered, the user is asked to select a password to protect the system. Thereafter, all the personal identifying data, together with the password, is encrypted with the trustee's public key and is stored, for example, in the user's computer as an escrow security record. The password is then used to encrypt all data on the user's disk. If at some point in time in the future, the user forgets the password, the retrieval phase of the applicant's invention is performed. Under such circumstances, the user contacts the trustees, e.g., the vendor or manufacturer. The trustee utilizes documentary, evidence presented by the alleged legitimate user and determines whether such evidence matches with the previously encrypted escrow information stored in the escrow record created by the user. If they agree, then the trustee has confidence that the true owner is making the request, and that revealing the secret key will not betray the owner's interest.

153 citations

Proceedings ArticleDOI
01 Apr 1997
TL;DR: This work provides schemes to perform partial key escrow in a verifiable manner in a public-key encryption setting and shows that other proposals for verifiable partial key Escrow suffer from the early recovery problem, and thus do not in fact offer an advantage over standard key-escrow schemes.

153 citations

Journal ArticleDOI
TL;DR: A remote authentication protocol featured with nonrepudiation, client anonymity, key escrow resistance, and revocability for extra-body communication in the WBANs, and a certificateless anonymous remote authentication with revocation is constructed by incorporating the proposed encryption scheme and signature scheme.
Abstract: To ensure the security and privacy of the patient’s health status in the wireless body area networks (WBANs), it is critical to secure the extra-body communication between the smart portable device held by the WBAN client and the application providers, such as the hospital, physician or medical staff. Based on certificateless cryptography, this paper proposes a remote authentication protocol featured with nonrepudiation, client anonymity, key escrow resistance, and revocability for extra-body communication in the WBANs. First, we present a certificateless encryption scheme and a certificateless signature scheme with efficient revocation against short-term key exposure, which we believe are of independent interest. Then, a certificateless anonymous remote authentication with revocation is constructed by incorporating the proposed encryption scheme and signature scheme. Our revocation mechanism is highly scalable, which is especially suitable for the large-scale WBANs, in the sense that the key-update overhead on the side of trusted party increased logarithmically in the number of users. As far as we know, this is the first time considering the revocation functionality of anonymous remote authentication for the WBANs. Both theoretic analysis and experimental simulations show that the proposed authentication protocol is provably secure in the random oracle model and highly practical.

151 citations

Posted Content
TL;DR: In this paper, a self-generated certificate public key encryption (SGC-PKC) was proposed to solve the Denial-of-Decryption (DoD) attack.
Abstract: Certificateless Public Key Cryptography (CL-PKC) enjoys a number of features of Identity-Based Cryptography (IBC) while without having the problem of key escrow. However, it does suffer to an attack where the adversary, Carol, replaces Alice’s public key by someone’s public key so that Bob, who wants to send an encrypted message to Alice, uses Alice’s identity and other’s public key as the inputs to the encryption function. As a result, Alice cannot decrypt the message while Bob is unaware of this. We call it Denial-of-Decryption (DoD) Attack as its nature is similar to the well known Denial-of-Service (DoS) Attack. Based on CL-PKC, we propose a new paradigm called Self-Generated-Certificate Public Key Cryptography (SGC-PKC) that captures the DoD Attack. We also provide a generic construction of a self-generated-certificate public key encryption scheme in the standard model. Our generic construction uses certificateless signature and certificateless encryption as the building block. In addition, we further propose a certificateless signature and a certificateless encryption scheme with concrete implementation that are all provably secure in the standard model, which are the first in the literature regardless of the generic constructions by Yum and Lee which may contain security weaknesses as pointed out by others. We believe these concrete implementations are of independent interest.

140 citations

Journal ArticleDOI
TL;DR: This paper revisits attribute-based data sharing scheme in order to solve the key escrow issue but also improve the expressiveness of attribute, so that the resulting scheme is more friendly to cloud computing applications.
Abstract: Ciphertext-policy attribute-based encryption (CP-ABE) is a very promising encryption technique for secure data sharing in the context of cloud computing. Data owner is allowed to fully control the access policy associated with his data which to be shared. However, CP-ABE is limited to a potential security risk that is known as key escrow problem, whereby the secret keys of users have to be issued by a trusted key authority. Besides, most of the existing CP-ABE schemes cannot support attribute with arbitrary state. In this paper, we revisit attribute-based data sharing scheme in order to solve the key escrow issue but also improve the expressiveness of attribute, so that the resulting scheme is more friendly to cloud computing applications. We propose an improved two-party key issuing protocol that can guarantee that neither key authority nor cloud service provider can compromise the whole secret key of a user individually. Moreover, we introduce the concept of attribute with weight, being provided to enhance the expression of attribute, which can not only extend the expression from binary to arbitrary state, but also lighten the complexity of access policy. Therefore, both storage cost and encryption complexity for a ciphertext are relieved. The performance analysis and the security proof show that the proposed scheme is able to achieve efficient and secure data sharing in cloud computing.

137 citations


Network Information
Related Topics (5)
Encryption
98.3K papers, 1.4M citations
85% related
Routing protocol
46.5K papers, 901.8K citations
80% related
Wireless ad hoc network
49K papers, 1.1M citations
79% related
Key distribution in wireless sensor networks
59.2K papers, 1.2M citations
78% related
Server
79.5K papers, 1.4M citations
78% related
Performance
Metrics
No. of papers in the topic in previous years
YearPapers
20241
202351
202289
202150
202072
201958