Abstract
The term proxy certificate is used to describe a certificate that is issued by an end user for the purpose of delegating responsibility to another user so that the latter can perform certain actions on behalf of the former. Such certificates have been suggested for use in a number of applications, particularly in distributed computing environments where delegation of rights is common. In this paper, we present a new concept called proof-carrying proxy certificates. Our approach allows to combine the verification of the validity of the proxy certificate and the authorization decision making in an elegant way that enhances the privacy of the end user. In contrast with standard proxy certificates that are generated using standard (public-key) signature schemes, the proposed certificates are generated using a signature scheme for which the validity of a generated signature proves the compliance of the signer with a credential-based policy. We present a concrete realization of our approach using bilinear pairings over elliptic curves and we prove its security under adapted attack models.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Appel, A., Felten, E.: Proof-carrying authentication. In: ACM Conference on Computer and Communications Security, pp. 52–62 (1999)
Backes, M., Camenisch, J., Sommer, D.: Anonymous yet accountable access control. In: WPES 2005: Proceedings of the 2005 ACM workshop on Privacy in the electronic society, pp. 40–46. ACM Press, New York (2005)
Bagga, W., Crosta, S., Molva, R.: An application of policy-based signature: Proof-carrying proxy certificates. Institut Eurecom, Research Report RR-06-169 (April 2006)
Bagga, W., Molva, R.: Policy-based cryptography and applications. In: S. Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 72–87. Springer, Heidelberg (2005)
Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–368. Springer, Heidelberg (2002)
Basney, J., Nejdl, W., Olmedilla, D., Welch, V., Winslett, M.: Negotiating trust on the grid. In: 2nd WWW Workshop on Semantics in P2P and Grid Computing, New York, USA (May 2004)
Choi, J., Sakurai, K., Park, J.: Proxy certificates-based digital fingerprinting scheme for mobile communication. In: IEEE 37th Annual 2003 International Carnahan Conference on Security, pp. 587–594. IEEE Computer Society Press, Los Alamitos (2003)
Claessens, J., Preneel, B., Vandewalle, J.: (how) can mobile agents do secure electronic transactions on untrusted hosts? a survey of the security issues and the current solutions. ACM Trans. Inter. Tech. 3(1), 28–48 (2003)
Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)
Organization for Economic Cooperation and Development (OECD). Recommendation of the council concerning guidelines governing the protection of privacy and transborder flows of personal data (1980), http://www.oecd.org/home/
Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988)
Herranz, J.: A formal proof of security of Zhang and Kim’s ID-based ring signature scheme. In: WOSIS 2004, pp. 63–72. INSTICC Press (2004) ISBN 972-8865-07-4
Lee, B., Kim, K.: Self-certified signatures. In: Menezes, A., Sarkar, P. (eds.) INDOCRYPT 2002. LNCS, vol. 2551, pp. 199–214. Springer, Heidelberg (2002)
Lin, C., Wu, T.: An identity-based ring signature scheme from bilinear pairings. Cryptology ePrint Archive, Report 2003/117 (2003), http://eprint.iacr.org/
Necula, G.: Proof-carrying code. In: POPL 1997: Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pp. 106–119. ACM Press, New York (1997)
Clifford Neuman, B.: Proxy-based authorization and accounting for distributed systems. In: International Conference on Distributed Computing Systems, pp. 283–291 (1993)
Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. Journal of Cryptology: the journal of the International Association for Cryptologic Research 13(3), 361–396 (2000)
Smart, N.P.: Access control using pairing based cryptography. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 111–121. Springer, Heidelberg (2003)
Tuecke, S., Welch, V., Engert, D., Pearlman, L., Thompson, M.: Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile. RFC 3820 (June 2004)
Zhang, F., Kim, K.: ID-based blind signature and ring signature from pairings. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 533–547. Springer, Heidelberg (2002)
Zhang, F., Safavi-Naini, R., Susilo, W.: An efficient signature scheme from bilinear pairings and its applications. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 277–290. Springer, Heidelberg (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bagga, W., Crosta, S., Molva, R. (2006). Proof-Carrying Proxy Certificates. In: De Prisco, R., Yung, M. (eds) Security and Cryptography for Networks. SCN 2006. Lecture Notes in Computer Science, vol 4116. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11832072_22
Download citation
DOI: https://doi.org/10.1007/11832072_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-38080-1
Online ISBN: 978-3-540-38081-8
eBook Packages: Computer ScienceComputer Science (R0)