Minimal Information Disclosure in a Centralized Authorization System

Abstract We propose a centralized authorization system, in which user authorizations cannot be retrieved in a computationally feasible way without cooperation of user, authorization server and end-servers. A certain level of anonymity is also guaranteed to the users. The security of the protocol is based on standard cryptographic assumptions. We show that the complexity of the protocol compares to that of the SSL handshake protocol.

[1]  Tim Kindberg,et al.  An authorization infrastructure for nomadic computing , 2002, SACMAT '02.

[2]  Yves Deswarte,et al.  An Intrusion-Tolerant Security Server for an Open Distributed System , 1990, ESORICS.

[3]  Qian Wang,et al.  Plutus: Scalable Secure File Sharing on Untrusted Storage , 2003, FAST.

[4]  Daniel A. Menascé,et al.  Performance of public-key-enabled Kerberos authentication in large networks , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[5]  Marc Langheinrich,et al.  A Privacy Awareness System for Ubiquitous Computing Environments , 2002, UbiComp.

[6]  Marvin A. Sirbu,et al.  Distributed authentication in Kerberos using public key cryptography , 1997, Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security.

[7]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[8]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .