Cryptosystems Robust against “Dynamic Faults” Meet Enterprise Needs for Organizational “Change Control”

  • Yair Frankel
  • Moti Yung
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1648)


Business organizations are dynamic, thus they must have sufficient flexibility in expectation of future structural changes (change in personnel, policies, internal reorganizations, external restructuring, etc.). This issue is becoming increasingly important in recent years since nowadays firms operate in a more dynamic and flexible business environ- ment. As automation progresses, it is expected that cryptography will become a major control tool in organizations. Here we discuss what cryp- tography can provide to enable and manage this business environment of mutating organizations. The main thesis we put forth is the following: “Cryptographic designs traditionally concerned with mechanistic fault tolerance, in which faults are dynamic can, in turn, be the base for a ‘flexible design for control functions' in today's business environment.”

We show how combining various key management techniques which are robust against “dynamic faults” with proper semantically rich “enter- prise view management techniques” - provides a flexible enterprise cryp- tographic control. Such control can anticipate dynamic changes of the business entity. We demonstrate how to manage group entities which are either visible externally (using modified certification technology) as well as entities whose internal workings are hidden (using certification tech- nology and proactive protocol technology when extended to withstand failing and rejoining elements).


Signature Scheme Business Entity Authorization Rule Dynamic Fault View Management 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. BFL96.
    M. Blaze, J. Feigenbaum and J. Lacey, Decentralized Trust Management, IEEE Security and Privacy, 1996.Google Scholar
  2. DDFY.
    A. De Santis, Y. Desmedt, Y. Frankel, and M. Yung, How to Share a Function Securely, ACM STOC 94, pp. 522–533.Google Scholar
  3. DF91.
    Y. Desmedt and Y. Frankel, Shared Generation of Authenticators and Signatures Crypto 91, pp. 457–469.Google Scholar
  4. DM98.
    L. Downes and C. Mui, unleashing the Killer App: digital strategies for market dominance, Harvard Business School Press, 1998.Google Scholar
  5. E98.
    C.M. Ellison, SPKI Certificate Document. 1998. (Document available also in URL
  6. FL98.
    B. Fox and B. LaMacchia, Certificate Revocation: Mechanisms and Meaning, Financial Cryptography 98, pp. 158–164.Google Scholar
  7. F89.
    Y. Frankel, A practical protocol for large group oriented networks, In J.J. Quisquater and J. Vandewalle, editor, Advances in Cryptology Proc. of Eurocrypt’ 89, pp. 56–61.Google Scholar
  8. FGM1.
    Y.Y. Frankel, P. Gemmel, P. MacKenzie and M. Yung Optimal Resilience Proactive Public Key Systems, FOCS 97.Google Scholar
  9. GHY87.
    Z. Galil, S. Haber and M. Yung, Cryptographic Computations: Secure Fault Tolerant Protocols in the Public Key Model, Crypto 87, pp. 135–155.Google Scholar
  10. HS91.
    S. Haber and W.S. Stornetta, How to Time-Stamp a Digital Document, Journal of Cryptography, v. 3 n. 2, 1991, Springer International, pp. 99–112.Google Scholar
  11. HJJKY97.
    A. Herzberg, M. Jakobsson, S. Jarecki, H. Krawczyk, M. Yung, Proactive Public-Key and Signature Schemes, ACM CCS 97.Google Scholar
  12. HBM98.
    R.J. Hayton, J.M. Bacon and K. Moody, Access Control in an Open Distributed Environment, IEEE Security and Privacy, 98, pp. 3–14.Google Scholar
  13. L71.
    B. Lampson, Protection, 5-th Princeton Symp. on Information Sciences 71, (Published 74 in ACM’s Operating Systems Review)Google Scholar
  14. LN98.
    H. Lehti and P. Nikander, Certifying Trust, PKC 98, LNCS Springer 1431, pp. 83–98.Google Scholar
  15. OY91.
    R. Ostrovsky and M. Yung, How to withstand mobile virus attacks, Proc. of the 10th ACM Symposium on the Principles of Distributed Computing, 1991, pp. 51–61.Google Scholar
  16. RL.
    R. Rivest and B. Lampson, SDSI-A simple distributed security infrastructure, (See also, cis/sdsi.html)

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • Yair Frankel
    • 1
  • Moti Yung
    • 1
  1. 1.CertCoNY

Personalised recommendations