Encrypted Message Authentication by Firewalls

Firewalls typically filter network traffic at several different layers. At application layer, filtering is based on various security relevant information encapsulated into protocol messages. The major obstacle for efficient verification of authenticity of messages at application layer is the difficulty of verifying digital signatures without disclosure of content protected by encryption. This is due to a traditional paradigm of generating a digital signature of a message and then encrypting the signature together with the message to preserve confidentiality, integrity, non-repudiation and authenticity. To overcome this limitation, a scheme shall be proposed for enabling signature verification without disclosing the content of messages. To provide maximum efficiency, the scheme is based on digital signcryption.

[1]  Robert H. Deng,et al.  A Signcryption Scheme with Signature Directly Verifiable by Public Key , 1998, Public Key Cryptography.

[2]  Rainer A. Rueppel,et al.  Message Recovery for Signature Schemes Based on the Discrete Logarithm Problem , 1996, Des. Codes Cryptogr..

[3]  Claus-Peter Schnorr E cient Identi cation and Signatures for Smart-Cards , 1990, CRYPTO 1990.

[4]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[5]  Jacques Stern,et al.  Provably Secure Blind Signature Schemes , 1996, ASIACRYPT.

[6]  Dan Boneh,et al.  The Decision Diffie-Hellman Problem , 1998, ANTS.

[7]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[8]  Burton S. Kaliski Advances in Cryptology - CRYPTO '97 , 1997 .

[9]  D. Boneh The Decision Diie-hellman Problem , 1998 .

[10]  M. Rabin DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION , 1979 .

[11]  Jacques Stern,et al.  Security Proofs for Signature Schemes , 1996, EUROCRYPT.

[12]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[13]  R. A. Rueppel,et al.  Message recovery for signature schemes based on the discrete logarithm problem , 1994, EUROCRYPT.

[14]  William Cheswick,et al.  Firewalls and Internet Security , 1994 .

[15]  Hugo Krawczyk,et al.  Advances in Cryptology - CRYPTO '98 , 1998 .

[16]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1987, Journal of Cryptology.

[17]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[18]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[19]  Bill Cheswick,et al.  Firewalls and internet security - repelling the wily hacker , 2003, Addison-Wesley professional computing series.

[20]  Kwangjo Kim,et al.  Advances in Cryptology — ASIACRYPT '96 , 1996, Lecture Notes in Computer Science.

[21]  Yuliang Zheng,et al.  Digital Signcryption or How to Achieve Cost(Signature & Encryption) << Cost(Signature) + Cost(Encryption) , 1997, CRYPTO.

[22]  Kazuo Ohta,et al.  On Concrete Security Treatment of Signatures Derived from Identification , 1998, CRYPTO.

[23]  Ross J. Anderson,et al.  Robustness Principles for Public Key Protocols , 1995, CRYPTO.

[24]  Ueli Maurer,et al.  Advances in Cryptology — EUROCRYPT ’96 , 2001, Lecture Notes in Computer Science.

[25]  Eric Hughes,et al.  Protocol Failures Related to Order of Encryption and Signature , 1998, ACISP.

[26]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[27]  Rolf Oppliger,et al.  Internet security: firewalls and beyond , 1997, CACM.

[28]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[29]  Rainer A. Rueppel,et al.  A new signature scheme based on the DSA giving message recovery , 1993, CCS '93.

[30]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[31]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[32]  Marcus J. Ranum,et al.  A NETWORK PERIMETER WITH SECURE EXTERNAL ACCESS , 1994 .

[33]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[34]  Andrew Odlyzko,et al.  Advances in Cryptology — CRYPTO’ 86 , 2000, Lecture Notes in Computer Science.

[35]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.