Abstract
This paper presents a robust software token that was developed to protect user’s digital identity by simple software-only techniques. This work is closely related to Hoover and Kausik’s software smart cards, and MacKenzie and Reiter’s networked cryptographic devices, in the fact that user’s private key is protected by postulating a remote server rather than tamper-resistance. The robust software token is aimed to be richer than the related schemes in terms of security, efficiency and flexibility. A two-party RSA scheme was carefully applied for the purpose, in a way of considering practical construction rather than theoretical framework.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
M. Bellare and R. Sandhu, “The security of practical two-party RSA signature schemes,” Manuscript, 2001.
D. Boneh and M. Franklin, “Efficient generation of shared RSA keys,” Advances in Cryptology — Crypto’97, Lecture Notes in Computer Science, Vol. 1294, Springer-Verlag, pp.425–439, 1997.
S. Brands, Rethinking public key infrastructures and digital certificates, The MIT Press, p.11 and pp.219–224, 2000.
C. Boyd, “Digital multisignatures,” Cryptography and Coding, Oxford University Press, pp.241–246, 1989.
D. Chaum, “Blind signatures for untraceable payments,” Advances in Cryptology — Crypto’82, Lecture Notes in Computer Science, Vol. 1440, Springer-Verlag, pp.199–203, 1983.
W. Ford and B. Kaliski, “Server-assisted generation of a strong secret from a password,” In Proceedings of the International Workshops on the Enabling Technologies: Infrastructure for Collaborative Enterprise, IEEE, June 2000
Y. Frankel, P. MacKenzie, and M. Yung, “Robust efficient distributed RSA key generation,” In Proceedings of the ACM Symposium on Theory of Computing, pp.663–672, 1998.
R. Ganesan, “Yaksha: Augmenting Kerberos with public key cryptography,” In Proceedings of the ISOC Network and Distributed System Security Symposium, February 1995.
R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin, “Robust and efficient sharing of RSA functions,” Advances in Cryptology — Crypto’96, Lecture Notes in Computer Science, Vol. 1109, Springer-Verlag, pp.157–172, 1996.
N. Gilboa, “Two party RSA key generation,” Advances in Cryptology — Crypto’99, Lecture Notes in Computer Science, Vol. 1666, Springer-Verlag, pp.116–129, 1999.
D. Hoover, B. Kausik, “Software smart cards via cryptographic camouflage,” In Proceedings of the IEEE Symposium on Security and Privacy, 1999.
T. Kwon, “On the difficulty of protecting private keys in software,” Information. Security — ISC 2002, Lecture Notes in Computer Science, Vol. 2433, Springer-Verlag, September 2002. A revised version can be found at http://dasan.sejong.ac.kr/~tkwon/research/difficulty.pdf.
T. Kwon, “Virtual Software Tokens — A practical way to secure PKI roaming,” Infrastructure Security — InfraSec 2002, Lecture Notes in Computer Science, Vol. 2437, Springer-Verlag, October 2002.
T. Kwon, “Robust Software Tokens — Yet another method for securing user’s digital identity,” A full version can be found at http://dasan.sejong.ac.kr/~tkwon/research/rst.pdf.
P. MacKenzie and M. Reiter, “Networked cryptographic devices resilient to capture,” In Proceedings of the IEEE Symposium on Security and Privacy, 2001, a full and updated version is DIMACS Technical Report 2001-19, May 2001.
A. Menezes, P. van Oorschot, and S. Vanstone, Handbook of Applied Cryptography, CRC Press, pp.287–291, pp.312–315, 1997.
R. Perlman and C. Kaufman, “Secure password-based protocol for downloading a private key,” In Proceedings of the ISOC Network and Distributed System Security Symposium, February 1999.
G. Poupard and J. Stern, “Generation of shared RSA keys by two parties,” Advances in Cryptology — Asiacrypt’98, Lecture Notes in Computer Science, Vol. 1514, Springer-Verlag, pp.11–24, 1998.
PKCS #5, “Password-based encryption standard,” RSA Laboratories Technical Note, Version 2.0, 1999.
R. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,” Communications of the ACM, vol.21, pp.120–126, 1978.
V. Shoup, “Practical Threshold Signatures,” Advances in Cryptology — Eurocrypt’00, Lecture Notes in Computer Science, Vol. 1807, Springer-Verlag, pp.207–220, 2000.
M. Wiener, “Cryptanalysis of short RSA secret exponents,” IEEE Transactions on Information Theory, vol.36, no.3, May 1990.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kwon, T. (2003). Robust Software Tokens — Yet Another Method for Securing User’s Digital Identity. In: Safavi-Naini, R., Seberry, J. (eds) Information Security and Privacy. ACISP 2003. Lecture Notes in Computer Science, vol 2727. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45067-X_41
Download citation
DOI: https://doi.org/10.1007/3-540-45067-X_41
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40515-3
Online ISBN: 978-3-540-45067-2
eBook Packages: Springer Book Archive