Public Key Infrastructure: 4th European PKI Workshop: Theory and Practice, EuroPKI 2007, Palma de Mallorca, Spain, June 28-30, 2007, Proceedings (Lecture Notes in Computer Science, 4582)

Title Page
Preface
Organization
Table of Contents
Authorization Architectures for Privacy-Respecting Surveillance
	From Physical to Digital: A Short Visit to the Zoo
	An Architecture Model for Authorizations
	Pseudonyms with Technical Purpose Binding of Disclosure
	An Architecture Model for Privacy-Respecting Authorizations
	Comparing Architectures
	Mapping Existing Architectures to the Model
		Architectures with Pseudonymizing Management
		Architectures with Pseudonymizing Certifier
		Architectures with Pseudonymizing Authorizer
		Architectures with Pseudonymizing Service
	Related Work
	Conclusion
Privacy-Preserving Revocation Checking with Modified CRLs
	Introduction and Motivation
	Related Work
	Privacy-Preserving CRL Querying
		(Non-Privacy-Preserving) Revocation Checking
		Privacy Preserving Revocation Checking
	Practical Considerations
		CRL Generation and Size
		Freshness Considerations
		Forcing Uniform Distribution
		Query Range Generation
	Analysis
	Future Directions and Conclusions
	References
	Certificate Revocation Techniques
E-Passports as a Means Towards the First World-Wide Public Key Infrastructure
	Introduction
	Building a Country Public Key Infrastructure
	Digital Signatures as the Basic Tool for Passport Authenticity and Integrity
	Establishing Global Trust
	Security and Privacy Issues
	E-Passport as a Client Digital Certificate
	Exploiting E-Passports in Other Applications
	Conclusions
	References
An Interdomain PKI Model Based on Trust Lists
	Introduction
	Trust Models and Challenges
		Trust Models
		Trust Development Challenges
	Architecture Description
		Architecture Entities
		Architecture Main Elements
	Architecture Function
		User Trust List Creation
		User Trust List Management
		Certificate Evaluation
	Conclusions
	References
One-More Extension of Paillier Inversion Problem and Concurrent Secure Identification
	Introduction
	The One-More Paillier Inversion Problem
		The Paillier Inversion Problem
		The One-More Paillier Inversion Problem
	The Equivalence
	The Concurrent Secure Identification Scheme
	Conclusion
	The RSA Inversion Problem and the One-More RSA Inversion Problem
An Efficient Signcryption Scheme with Key Privacy
	Introduction
	The Definition and Security Models of Signcryption with Key Privacy
	Preliminaries
		YWD Signcryption Scheme [22]
		Tan’s Attacks Against the YWD Scheme
	Simple and Efficient Signcryption with Key Privacy
		Our Construction
		Security Analysis
		Performance
	Conclusion
Direct Chosen-Ciphertext Secure Hierarchical ID-Based Encryption Schemes
	Introduction
	Preliminaries
		Selective-ID Security Model for HIBE
		Complexity Assumptions
	Chosen Ciphertext Secure HIBE from the BB$_\\rm 1$ Scheme
		Construction
		Security
	Chosen Ciphertext Secure HIBE from the BBG Scheme
		Construction
		Security
		Conclusion
Certificate-Based Signature: Security Model and Efficient Construction
	Introduction
	Models of the Certificate-Based Signature
		Bilinear Pairing
		Outline of the Certificate-Based Signature
		Key Replacement Attack in Certificate-Based System
		A Concrete Key Replacement Attack
	Adversaries and Oracles
		Adversary Oracles
		Security Against the Key Replacement Adversary $\\mathcal A_{I}$
		Security Against the Certifier $\\mathcal A_{II}$
	Concrete Scheme
	Security Analysis
	Efficiency Comparison
	Conclusion
	Proof of Theorem
	Proof of Theorem
Time Capsule Signature: Efficient and Provably Secure Constructions
	Introduction
		Related Work
		Paper Organization
	Preliminaries
	Time Capsule Signature
		Definition
		Adversarial Model
		Discussion
	Identity-Based Trapdoor Relation (IDTR)
		Implementations of IDTR
	Generic Construction of Time Capsule Signature
		Security Analysis
	Distinguishable Time Capsule Signature
		Extended IDTR
		A Generic Construction of Extended IDTR
		Extended Time Capsule Signature
	Conclusion
A New Variant for an Attack Against RSA Signature Verification Using Parameter Field
	Introduction
	The Bleichenbacher’s Attack
	The Variant: The New Attack on “Parameters” Field
		The Algorithm
		An Example
		Extentions to Different Parameters
	Analysis
		Conditions for Successful Forgeries
		Conditions with Other Public Exponents
		Comparison with the Bleichenbacher’s Original Attack
	Vulnerabilities in Several Existing Libraries
	Possibilities for Other Similar Exploits
	Conclusion
		Summary
		Recommendations for Implementors
AutoPKI: A PKI Resources Discovery System
	Introduction
	The PKI Resource Query Protocol
		Resource Query Authority (RQA)
		The Message Format
	Prototype
		The Extended DHCP Client and Server
		PRQP Library
		RQA Server
	Evaluation
		Performance
		Solving the Problem
	Related Work
		Certificate Extensions
		DNS Service Records
		Web Services
		Local Network Oriented Solutions
	Conclusions
Bootstrapping a Global SSO from Network Access Control Mechanisms
	Introduction
	DAMe Project: Adding Authorization to Eduroam
	eduGAIN
	Single Sign-On Scenario
	Single Sign-On Proposal for DAMe
		SSO Architecture
		Network Authentication
		Token Delivery
		Resource Access Using SSO
	Related Work
	Conclusions and Future Work
Anonymous $k$-Show Credentials
	Introduction
	Review of the Idemix Credential System
		General Setting
		System Parameters and Notations
		Establishing a Pseudonym with an Organization
		Obtaining a Credential from an Organization
		Showing a Credential to an Organization
	Extension to $k$-Show Credentials
		Establishing a Pseudonym with an Organization for Obtaining Revocable Credentials
		Obtaining a $k$-Show Revocable Credential from an Organization
		Showing a Revocable $k$-Show Credential to an Organization
		Local User Identification and Credential Revocation
		Global User Identification and Credential Revocation
	Related Work
	Conclusion
On Partial Anonymity in Secret Sharing
	Introduction
		Contribution and Plan of This Paper
	Secret Sharing
	Anonymity and Partial Anonymity in Secret Sharing
	Some Constructions
	Conclusion
Anonymous Identification and Designated-Verifiers Signatures from Insecure Batch Verification
	Introduction
		Linkable Ring Signatures
		Strong Designated Verifier Signatures
		Ad Hoc Anonymous Identification
	Preliminaries
		Bilinear Pairings and Related Complexity Assumption
		Identity-Based Ring Signatures
		Identity-Based Strong Designated Verifier Signatures
		Identity-Based Ad Hoc Anonymous Identification
	Turning an Attack into a Scheme
		Review of Cui $et al.$’s Scheme
		Attack of the Batch Verification Algorithms
		Building a Ring Signature Scheme
		Efficiency
		Linkability
		Security Analysis
	Short Strong Designated Verifier Signature
		Proposed Construction
		Security Analysis
	Ad Hoc Anonymous Identification
		Proposed Protocol
		Security Analysis
		Extension Against Concurrent Man-In-The-Middle Attack
		Discussion
	Conclusion
	Definitions of Security
		Identity-Based Ring Signature Scheme
		Identity-Based Strong Designated Verifier Signature Scheme
		Identity-Based Ad Hoc Anonymous Identification Scheme
	Strong One-Time Signature
OpenHSM: An Open Key Life Cycle Protocol for Public Key Infrastructure’s Hardware Security Modules
	Introduction
	Protocols
		Premises
	Initialisation and Creation of Administrator Group
		Messages Exchange
		Key Objectives of the Sub-protocol
	Creation of Operators Group
		Messages Exchange
		Key Objectives of the Sub-protocol
	Application’s Asymmetric Key Generation
		Messages Exchange
		Key Objectives of the Protocol
	Application’s Asymmetric Key Usage
		Messages Exchange
		Key Objectives of the Protocol
	Implementation Issues
		Prototype
	Conclusions
	Appendix A: Conventions
Two Worlds, One Smart Card: An Integrated Solution for Physical Access and Logical Security Using PKI on a Single Smart Card
	Introduction
	How Many Keys Do We Need?
		Access to Physical Objects
		Access to Digital Objects
	Functional Architecture
	TheUseCase
	Technical Architecture
		End-User Certificates, Certificate Authorities, and PKI Hierarchy
		End-User PKI Key Generation and Certificate Creation Process
	How a New Employee Is Entered into the System
	Conclusions
		Security Level
		User Experiences
		Summary
On the Robustness of Applications Based on the SSL and TLS Security Protocols
	Introduction
	SSL/TLS Protocol Details
		SSL/TLS Connection Phases
		Overview of SSL/TLS Records
	Truncation Attack
		SSLv3/TLSv1 Truncation Attack
		MITMSSL Tool
	Experiments with SSLv3/TLSv1 Truncation Attack
		Testing Environment
		SSL/TLS in Mozilla Firefox
		SSL/TLS in Mozilla
		SSL/TLS in Internet Explorer
		SSL/TLS in WGet
		SSL/TLS in CUrl
		SSL/TLS in OpenSSL
	Conclusions and Future Work
Using WebDAV for Improved Certificate Revocation and Publication
	Introduction
	Reappraising Revocation
		A New Model for Revocation
	The WebDAV Protocol and Its Use with X.509
	Using WebDAV in PERMIS
		Deriving Unique Names for Certificates and CRLs
		Certificate Extensions
	Discussion and Conclusions
Reducing the Computational Cost of Certification Path Validation in Mobile Payment
	Introduction
	Background
		Mobile Payment Scenarios
		Certification Path Validation
		Hierarchical Architecture
		Hash Chains
	Related Works
	Trust Relationship Using Two Hash Chains (TRUTHC)
		Issuing Certificates
		Verifying Certificates
		Integration into X.509 Certificates
		Security Properties
	Evaluation of Computational Cost
		Number of Cryptographic Operations
		Computational Cost
	Conclusions
Security-by-Contract: Toward a Semantics for Digital Signatures on Mobile Code
	Introduction
		Contribution of the Paper
	The Security-by-Contract Life-Cycle
	How a Contract Should Look Like?
	Contract Specification
	Contract Matching Algorithm
		Applying the Generic Matching Algorithm to Automata-Based Rule Specifications
	Related Work
	Conclusion
Applicability of Public Key Infrastructures in Wireless Sensor Networks
	Introduction
	Wireless Sensor Networks
	Public Key Cryptography Primitives for Sensor Networks
		Existing PKC Primitives
		HW and SW Prototypes
	Public Key Infrastructures in Sensor Networks
		Adapting PKI for Sensor Networks
		Other PKI Functions in Sensor Networks
	Conclusions
Spatial-Temporal Certification Framework and Extension of X.509 Attribute Certificate Framework and SAML Standard to Support Spatial-Temporal Certificates
	Introduction
	Spatial-Temporal Certification Framework
		Goal and General Model
		Requirements
		Mechanisms to Provide Spatial-Temporal Certification Services
	Extension of X.509 Attribute Certificate Framework and SAML Standard
	Conclusions and Future Work
Electronic Payment Scheme Using Identity-Based Cryptography
	Introduction
	Previous Works
		Existing Proposals for E-Wallet
		Identity-Based Encryption
	An Identity-Based Encryption for Online E-Wallet System
	Conclusion
Undeniable Mobile Billing Schemes
	Introduction
	Mobile Billing Systems
	CJC Scheme and Its Vulnerabilities
		Review of the CJC Scheme
		Vulnerabilities in the CJC Scheme
	The Proposed Scheme
	Analysis of the Proposed Scheme
		Security
		Efficiency
	Conclusion
Universally Composable Signcryption
	Introduction
	Signcryption
	Secure Messaging in the UC Framework
	Securely Realizing \\mathcal{F}$_{\\rm SC}$
	Concluding Remarks
Chord-PKI: Embedding a Public Key Infrastructure into the Chord Overlay Network
	Introduction
	The Chord-PKI
		A High-Level Description of Chord-PKI
		Setup
		Node Certification
		Certificate Revocation
		Certificate and CRL Storage
		Certificate and CRL Lookup
		Trust and Reputation Models
	Analysis of the Chord-PKI
		Performance Issues
		Security Analysis
	Conclusions and Future Work
Privacy Protection in Location-Based Services Through a Public-Key Privacy Homomorphism
	Introduction
		Contribution and Plan of This Paper
	TTP-Free Location Privacy
		Computing the Centroid
		Masking the Locations
	Location Privacy Based on a Public-Key Privacy Homomorphism
		Our Proposal
		Security
	Conclusions and Future Work
A Critical View on RFC 3647
	Introduction
	Structure Problems
	Structure Problems
	Outdated Content
	Problems with Non-english CPS/CP Documents
	Conclusion and Possible Solutions
Author Index