Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Proof-Carrying Proxy Certificates

  • Conference paper
Security and Cryptography for Networks (SCN 2006)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4116))

Included in the following conference series:

  • 965 Accesses

Abstract

The term proxy certificate is used to describe a certificate that is issued by an end user for the purpose of delegating responsibility to another user so that the latter can perform certain actions on behalf of the former. Such certificates have been suggested for use in a number of applications, particularly in distributed computing environments where delegation of rights is common. In this paper, we present a new concept called proof-carrying proxy certificates. Our approach allows to combine the verification of the validity of the proxy certificate and the authorization decision making in an elegant way that enhances the privacy of the end user. In contrast with standard proxy certificates that are generated using standard (public-key) signature schemes, the proposed certificates are generated using a signature scheme for which the validity of a generated signature proves the compliance of the signer with a credential-based policy. We present a concrete realization of our approach using bilinear pairings over elliptic curves and we prove its security under adapted attack models.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Appel, A., Felten, E.: Proof-carrying authentication. In: ACM Conference on Computer and Communications Security, pp. 52–62 (1999)

    Google Scholar 

  2. Backes, M., Camenisch, J., Sommer, D.: Anonymous yet accountable access control. In: WPES 2005: Proceedings of the 2005 ACM workshop on Privacy in the electronic society, pp. 40–46. ACM Press, New York (2005)

    Chapter  Google Scholar 

  3. Bagga, W., Crosta, S., Molva, R.: An application of policy-based signature: Proof-carrying proxy certificates. Institut Eurecom, Research Report RR-06-169 (April 2006)

    Google Scholar 

  4. Bagga, W., Molva, R.: Policy-based cryptography and applications. In: S. Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 72–87. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  5. Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–368. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  6. Basney, J., Nejdl, W., Olmedilla, D., Welch, V., Winslett, M.: Negotiating trust on the grid. In: 2nd WWW Workshop on Semantics in P2P and Grid Computing, New York, USA (May 2004)

    Google Scholar 

  7. Choi, J., Sakurai, K., Park, J.: Proxy certificates-based digital fingerprinting scheme for mobile communication. In: IEEE 37th Annual 2003 International Carnahan Conference on Security, pp. 587–594. IEEE Computer Society Press, Los Alamitos (2003)

    Chapter  Google Scholar 

  8. Claessens, J., Preneel, B., Vandewalle, J.: (how) can mobile agents do secure electronic transactions on untrusted hosts? a survey of the security issues and the current solutions. ACM Trans. Inter. Tech. 3(1), 28–48 (2003)

    Article  Google Scholar 

  9. Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)

    Google Scholar 

  10. Organization for Economic Cooperation and Development (OECD). Recommendation of the council concerning guidelines governing the protection of privacy and transborder flows of personal data (1980), http://www.oecd.org/home/

  11. Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988)

    Article  MATH  MathSciNet  Google Scholar 

  12. Herranz, J.: A formal proof of security of Zhang and Kim’s ID-based ring signature scheme. In: WOSIS 2004, pp. 63–72. INSTICC Press (2004) ISBN 972-8865-07-4

    Google Scholar 

  13. Lee, B., Kim, K.: Self-certified signatures. In: Menezes, A., Sarkar, P. (eds.) INDOCRYPT 2002. LNCS, vol. 2551, pp. 199–214. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  14. Lin, C., Wu, T.: An identity-based ring signature scheme from bilinear pairings. Cryptology ePrint Archive, Report 2003/117 (2003), http://eprint.iacr.org/

  15. Necula, G.: Proof-carrying code. In: POPL 1997: Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pp. 106–119. ACM Press, New York (1997)

    Chapter  Google Scholar 

  16. Clifford Neuman, B.: Proxy-based authorization and accounting for distributed systems. In: International Conference on Distributed Computing Systems, pp. 283–291 (1993)

    Google Scholar 

  17. Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. Journal of Cryptology: the journal of the International Association for Cryptologic Research 13(3), 361–396 (2000)

    MATH  Google Scholar 

  18. Smart, N.P.: Access control using pairing based cryptography. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 111–121. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  19. Tuecke, S., Welch, V., Engert, D., Pearlman, L., Thompson, M.: Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile. RFC 3820 (June 2004)

    Google Scholar 

  20. Zhang, F., Kim, K.: ID-based blind signature and ring signature from pairings. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 533–547. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  21. Zhang, F., Safavi-Naini, R., Susilo, W.: An efficient signature scheme from bilinear pairings and its applications. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 277–290. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institut Eurécom, Corporate Communications, 2229, route des Crêtes, B.P. 193, 06904, Sophia Antipolis, France

    Walid Bagga, Stefano Crosta & Refik Molva

Authors
  1. Walid Bagga
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stefano Crosta
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Refik Molva
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dipartimento di Informatica ed Applicazioni, Università di Salerno, via Ponte don Melillo, 84084, Fisciano (SA), Italy

    Roberto De Prisco

  2. Computer Science Department, Google Inc. and Columbia University, 1214 Amsterdam Avenue, NY 10027, New York, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bagga, W., Crosta, S., Molva, R. (2006). Proof-Carrying Proxy Certificates. In: De Prisco, R., Yung, M. (eds) Security and Cryptography for Networks. SCN 2006. Lecture Notes in Computer Science, vol 4116. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11832072_22

Download citation

  • DOI: https://doi.org/10.1007/11832072_22

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-38080-1

  • Online ISBN: 978-3-540-38081-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation