Skip to main content
SpringerLink
Log in

Robust Software Tokens — Yet Another Method for Securing User’s Digital Identity

  • Conference paper
  • First Online:
Information Security and Privacy (ACISP 2003)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2727))

Included in the following conference series:

Abstract

This paper presents a robust software token that was developed to protect user’s digital identity by simple software-only techniques. This work is closely related to Hoover and Kausik’s software smart cards, and MacKenzie and Reiter’s networked cryptographic devices, in the fact that user’s private key is protected by postulating a remote server rather than tamper-resistance. The robust software token is aimed to be richer than the related schemes in terms of security, efficiency and flexibility. A two-party RSA scheme was carefully applied for the purpose, in a way of considering practical construction rather than theoretical framework.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. M. Bellare and R. Sandhu, “The security of practical two-party RSA signature schemes,” Manuscript, 2001.

    Google Scholar 

  2. D. Boneh and M. Franklin, “Efficient generation of shared RSA keys,” Advances in Cryptology — Crypto’97, Lecture Notes in Computer Science, Vol. 1294, Springer-Verlag, pp.425–439, 1997.

    Google Scholar 

  3. S. Brands, Rethinking public key infrastructures and digital certificates, The MIT Press, p.11 and pp.219–224, 2000.

    Google Scholar 

  4. C. Boyd, “Digital multisignatures,” Cryptography and Coding, Oxford University Press, pp.241–246, 1989.

    Google Scholar 

  5. D. Chaum, “Blind signatures for untraceable payments,” Advances in Cryptology — Crypto’82, Lecture Notes in Computer Science, Vol. 1440, Springer-Verlag, pp.199–203, 1983.

    Google Scholar 

  6. W. Ford and B. Kaliski, “Server-assisted generation of a strong secret from a password,” In Proceedings of the International Workshops on the Enabling Technologies: Infrastructure for Collaborative Enterprise, IEEE, June 2000

    Google Scholar 

  7. Y. Frankel, P. MacKenzie, and M. Yung, “Robust efficient distributed RSA key generation,” In Proceedings of the ACM Symposium on Theory of Computing, pp.663–672, 1998.

    Google Scholar 

  8. R. Ganesan, “Yaksha: Augmenting Kerberos with public key cryptography,” In Proceedings of the ISOC Network and Distributed System Security Symposium, February 1995.

    Google Scholar 

  9. R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin, “Robust and efficient sharing of RSA functions,” Advances in Cryptology — Crypto’96, Lecture Notes in Computer Science, Vol. 1109, Springer-Verlag, pp.157–172, 1996.

    Google Scholar 

  10. N. Gilboa, “Two party RSA key generation,” Advances in Cryptology — Crypto’99, Lecture Notes in Computer Science, Vol. 1666, Springer-Verlag, pp.116–129, 1999.

    Google Scholar 

  11. D. Hoover, B. Kausik, “Software smart cards via cryptographic camouflage,” In Proceedings of the IEEE Symposium on Security and Privacy, 1999.

    Google Scholar 

  12. T. Kwon, “On the difficulty of protecting private keys in software,” Information. Security — ISC 2002, Lecture Notes in Computer Science, Vol. 2433, Springer-Verlag, September 2002. A revised version can be found at http://dasan.sejong.ac.kr/~tkwon/research/difficulty.pdf.

    Google Scholar 

  13. T. Kwon, “Virtual Software Tokens — A practical way to secure PKI roaming,” Infrastructure Security — InfraSec 2002, Lecture Notes in Computer Science, Vol. 2437, Springer-Verlag, October 2002.

    Chapter  Google Scholar 

  14. T. Kwon, “Robust Software Tokens — Yet another method for securing user’s digital identity,” A full version can be found at http://dasan.sejong.ac.kr/~tkwon/research/rst.pdf.

    Google Scholar 

  15. P. MacKenzie and M. Reiter, “Networked cryptographic devices resilient to capture,” In Proceedings of the IEEE Symposium on Security and Privacy, 2001, a full and updated version is DIMACS Technical Report 2001-19, May 2001.

    Google Scholar 

  16. A. Menezes, P. van Oorschot, and S. Vanstone, Handbook of Applied Cryptography, CRC Press, pp.287–291, pp.312–315, 1997.

    Google Scholar 

  17. R. Perlman and C. Kaufman, “Secure password-based protocol for downloading a private key,” In Proceedings of the ISOC Network and Distributed System Security Symposium, February 1999.

    Google Scholar 

  18. G. Poupard and J. Stern, “Generation of shared RSA keys by two parties,” Advances in Cryptology — Asiacrypt’98, Lecture Notes in Computer Science, Vol. 1514, Springer-Verlag, pp.11–24, 1998.

    Google Scholar 

  19. PKCS #5, “Password-based encryption standard,” RSA Laboratories Technical Note, Version 2.0, 1999.

    Google Scholar 

  20. R. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,” Communications of the ACM, vol.21, pp.120–126, 1978.

    Article  MATH  MathSciNet  Google Scholar 

  21. V. Shoup, “Practical Threshold Signatures,” Advances in Cryptology — Eurocrypt’00, Lecture Notes in Computer Science, Vol. 1807, Springer-Verlag, pp.207–220, 2000.

    Google Scholar 

  22. M. Wiener, “Cryptanalysis of short RSA secret exponents,” IEEE Transactions on Information Theory, vol.36, no.3, May 1990.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Sejong University, Seoul, 143-747, Korea

    Taekyoung Kwon

Authors
  1. Taekyoung Kwon
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Information Technology and Computer Science, University of Wollongong, Wollongong, NSW, 2522, Australia

    Rei Safavi-Naini  & Jennifer Seberry  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kwon, T. (2003). Robust Software Tokens — Yet Another Method for Securing User’s Digital Identity. In: Safavi-Naini, R., Seberry, J. (eds) Information Security and Privacy. ACISP 2003. Lecture Notes in Computer Science, vol 2727. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45067-X_41

Download citation

  • DOI: https://doi.org/10.1007/3-540-45067-X_41

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-40515-3

  • Online ISBN: 978-3-540-45067-2

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation