Abstract
Key recovery is a technology that allows the owner of encrypted data or a trusted third party to recover encrypted data, mostly by reconstructing lost decryption key. In [HLG99], Harn et al proposed a Global Key Recovery System (GKRS) that combines the functions of the key recovery authorities and the public key certification authorities (CAs). Among other features, user-dominance, i.e., a user is allowed to select his own public-private key pair and especially a public element for verifying the validity of the public-private key pair, is considered extremely important by [HLG99] for wide acceptance of GKRS. In this paper, we attack the RSA version of GKRS by showing that its user-dominant feature and the corresponding key verification scheme employed by the CAs allow for fraud by users against CAs. We then propose an improvement to the original GKRS. The improved system makes the probability of user fraud negligibly small.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Y. Frankel and M. Yung, Escrow Encryption System Visited: Attack, Analysis and Designs. Advances in Cryptology, Crypto’ 95, LNCS 0963, Springer-Verlag, pp. 222–235, 1995.
L. Harn, H. Y. Lin and G. Gong, A Global Key Recovery System, Proceedings of the International Workshop on Cryptographic Techniques & E-Commerce, Hong Kong, pp. 81–85, 1999.
J. Kilian and T. Leighton, Failsafe Key Escrow, Technical Report 636, MIT Lab, for Computer Science, 1994.
J. Kilian and E. Petrank, Identity Escrow, Advances in Cryptology, Crypto’ 98, LNCS 1462, 1998.
A. K. Lenstra, P. Winkler, Y. Yacobi, A Key Escrow System with Warrant Bounds, Adances in Cryptology, Crypto’ 95, LNCS 963, pp. 197–207, 1995
S. Micali, Fair Public-Key Cryptosystems, Technical Report 579, MIT Lab, for Computer Science, 1993.
J. G. Nieto, K. Viswanathan, C. Boyd and E. Dawson, Key Recovery System for the Commerical Environment, Security and Privacy (ACISP’ 2000), Springer-Verlag, pp. 149–162, 2000.
K. Viswanathan, C. Boyd and E. Dawson, Publicly Verifiable Key Escrow with Limited Time Span, Information Security and Privacy (ACISP’ 99), LNCS 1587, Springer-Verlag, pp. 36–51, 1999.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yang, Y., Bao, F., Deng, R.H. (2002). Security Analysis and Improvement of the Global Key Recovery System. In: Batten, L., Seberry, J. (eds) Information Security and Privacy. ACISP 2002. Lecture Notes in Computer Science, vol 2384. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45450-0_2
Download citation
DOI: https://doi.org/10.1007/3-540-45450-0_2
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-43861-8
Online ISBN: 978-3-540-45450-2
eBook Packages: Springer Book Archive