The Delegation Problem and Practical PKI-Based Solutions

Delegation is a process where a delegator grants or authorizes all or some of his/her power to another a delegate to work on his/her behalf. In an office, it is common for officers to delegate their power to subordinates. In a digital environment (e.g. a secure enterprise information system with confidential electronic documents), how delegation can be handled properly is still an open question. In this paper, we address the delegation problem in the context of a secure information system, lay down a set of requirements from the users’ point of view and propose several practical PKI-based schemes to solve the problem. Analysis on the proposed schemes concludes that Proxy Memo can solve the problem quite efficiently while reducing the key management problem.

[1]  Dwaine E. Clarke,et al.  SPKI/SDSI HTTP Server / Certificate Chain Discovery in SPKI/SDSI , 2001 .

[2]  Siu-Ming Yiu,et al.  Delegation of signing and decryption rights using pki proxy memo , 2004, IASTED Conf. on Software Engineering.

[3]  Byoungcheon Lee,et al.  Strong Proxy Signature and its Applications , 2000 .

[4]  Larry J. Blunk,et al.  PPP Extensible Authentication Protocol (EAP) , 1998, RFC.

[5]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[6]  A. Karimi,et al.  Master‟s thesis , 2011 .

[7]  Patrick Horster,et al.  A New Approach for Delegation Using Hierarchical Delegation Tokens , 1997, Communications and Multimedia Security.

[8]  Allan C. Rubens,et al.  Remote Authentication Dial In User Service (RADIUS) , 1997, RFC.

[9]  Diana K. Smetters,et al.  Talking to Strangers: Authentication in Ad-Hoc Wireless Networks , 2002, NDSS.

[10]  Diana K. Smetters,et al.  Secret handshakes from pairing-based key agreements , 2003, 2003 Symposium on Security and Privacy, 2003..

[11]  Eiji Okamoto,et al.  Proxy signatures for delegating signing operation , 1996, CCS '96.

[12]  W. Ford,et al.  Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption , 2000 .

[13]  David A. Wagner,et al.  Intercepting mobile communications: the insecurity of 802.11 , 2001, MobiCom '01.

[14]  Allan C. Rubens,et al.  Remote Authentication Dial In User Service (RADIUS) , 2000, RFC.

[15]  M. Mambo,et al.  Proxy Cryptosystems: Delegation of the Power to Decrypt Ciphertexts (Special Section on Cryptography and Information Security) , 1997 .

[16]  Andrew J. Maywah,et al.  An implementation of a secure web client using SPKI/SDSI certificates , 2000 .

[17]  M. Mambo,et al.  Proxy Signatures: Delegation of the Power to Sign Messages (Special Section on Information Theory and Its Applications) , 1996 .

[18]  Russ Housley,et al.  Security flaws in 802.11 data link protocols , 2003, CACM.

[19]  P. Nikander,et al.  Internet access through WLAN with XML encoded SPKI certificates , 2000 .

[20]  Nicholas C. Goffee Greenpass Client Tools for Delegated Authorization in Wireless Networks , 2004 .

[21]  Morrie Gasser,et al.  An architecture for practical delegation in a distributed system , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[22]  Óscar Cánovas A Distributed Credential Management System for SPKI-based Delegation Scenarios , 2002 .

[23]  Ronald L. Rivest,et al.  Certificate Chain Discovery in SPKI/SDSI , 2002, J. Comput. Secur..

[24]  David W. Chadwick,et al.  Role-Based Access Control With X.509 Attribute Certificates , 2003, IEEE Internet Comput..

[25]  Stephen Dohrmann,et al.  Public-key Support for Collaborative Groups , 2002 .

[26]  B. Clifford Neuman,et al.  Proxy-based authorization and accounting for distributed systems , 1993, [1993] Proceedings. The 13th International Conference on Distributed Computing Systems.

[27]  Joan Feigenbaum,et al.  The KeyNote Trust-Management System Version 2 , 1999, RFC.

[28]  Dongho Won,et al.  Proxy signatures, Revisited , 1997, ICICS.

[29]  Meiyuan Zhao,et al.  Greenpass RADIUS Tools for Delegated Authorization in Wireless Networks , 2004 .

[30]  Vijay Varadharajan,et al.  An analysis of the proxy problem in distributed systems , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.