Abstract
In this paper we give a classification of delegation schemes into four main classes. To solve the problem with simply chained tokens in cascaded delegations we introduce the concept of hierarchical delegation tokens. To realize this concept we use the Schnorr signature scheme and self—certified public keys introduced by Girault. We describe the first approach for hierarchical key generation based on an unregarded idea of Günther and the generation of designated verifier signatures. Using these tools, we present efficient delegation schemes for the four main classes, which are efficient in generating and using delegation keys compared with other existing approaches. This is one of the few works, that combines cryptographic algorithms and protocols to benefit for the complexity and the efficiency of the resulting delegation mechanisms.
Chapter PDF
Similar content being viewed by others
References
CCITT, (1988), Recommendation X.509: The Directory—Authentication Framework, Blue Book–Melbourne, Fascicle VIII.8: Data communication networks: directory, International Telecommunication Union, Geneve, 1989, pp. 48–81.
R. Cramer, T. Pedersen, (1995), Efficient and provable security amplifications, CS-R9529, Computer Science, Dept. of Algorithms and Architecture, CWI, Amsterdam, 9 pages.
M. Gasser, E. McDermott, (1990), An Architecture for Practical Delegation in a Distributed System, Proceedings of the IEEE Symposium on Research in Security and Privacy, pp. 20–30.
M. Gasser, A. Goldstein, C. Kaufman, B. Lampson, (1989), The Digital Distributed System Security Architecture, Proceedings of the 1989 National Computer Security Conference, pp. 305–319.
M. Girault, (1991), Self-Certified Public Keys, Lecture Notes in Computer Science 547, Advances in Cryptology: Proc. Eurocrypt ’81, Berlin: Springer Verlag. pp. 490–497.
C. G. Girling, (1982), Object Representation on a Heterogeneous Network, Operating Systems Review, Vol. 16, pp. 49–59.
C. G. Gunther, (1990), An identity based key exchange protocol, Lecture Notes in Computer Science 434, Advances in Cryptology: Proc. Eurocrypt ’89, Berlin: Springer Verlag, pp. 29–37.
T. Hardjono, T. Ohta, (1994), Secure end-to-end delegations in distributed systems, Computer Communications, Vol. 17, No. 3, pp. 230–238.
P. Horster, M. Michels, H. Petersen, (1994), Meta-ElGamal signature schemes, Proc. 2. ACM conference on Computer and Communications security, pp. 96–107.
International Organization for Standardization, (1990), ISO/IEC 9594 8. Information technology — Open systems interconnection — The Directory-Part 8: Authentication framework.
P. Kaijser, T. Parker, D. Pinkas, (1994), SESAME: The solution to security for open distributed systems, Computer Communications, Vol. 17, No. 7, pp. 501–518.
P.A. Karger,(1986),Authentication and Discretionary Access Control in Computer Net-works,Computers and Security, Vol. 5,pp. 314–324.
M. R. Low, B. Christianson, (1994), Self Authenticating Proxies, The Computer Journal, Vol. 37, No. 5, pp. 422–428.
B. C. Neuman, (1993), Proxy–Based Authorization and Accounting for Distributed Systems, International Conference on Distributed Computing Systems, pp. 283–291.
NIST, (1994), Federal Information Processing Standards Publication National Institute of Standards and Technology, TIPS Pub 186: Digital Signature Standard (DSS), May 19, 20 pages.
T. A. Parker, (1991), A Secure European System for Applications in a Multi-vendor Environment, Proceedings of the 14th American National Security Conference, Washington, pp. 505–513.
C. P. Schnorr, (1991), Efficient Signature generation by smart cards, Journal of Cryptology, Vol. 4, pp. 161 174.
K. R. Sollins, (1988), Cascaded Authentication, Proceedings of the 1990 IEEE’ Symposium on Research in Security and Privacy, pp. 156–163.
V. Varadharajan, P. Allen, S. Black, (1991), An Analysis of the Proxy Problem in Distributed Systems, Proceedings of the 1991 IEEE Symposium on Research in Security and Privacy, pp. 255–275.
S. M. Yen, C. S. Laih, (1993), A fast cascade exponentiation algorithm and its application on cryptography, Lecture Notes in Computer Science 718, Advances in Cryptology: Proc. Auscrypt ’82, Berlin: Springer Verlag, pp. 447 458.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1996 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Ding, Y., Horster, P., Petersen, H. (1996). A new approach for delegation using hierarchical delegation tokens. In: Horster, P. (eds) Communications and Multimedia Security II. IFIP Advances in Information and Communication Technology. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35083-7_12
Download citation
DOI: https://doi.org/10.1007/978-0-387-35083-7_12
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-5041-2931-2
Online ISBN: 978-0-387-35083-7
eBook Packages: Springer Book Archive