A Distributed and Secure Architecture for Signature and Decryption Delegation Through Remote Smart Cards

The established legal value of digital signatures and the growing availability of identity-based digital services are progressively extending the use of smart cards to all citizens, opening new challenging scenarios. Among them, motivated by concrete applications, secure and practical delegation of digital signatures and decryptions is becoming more and more critical. Unfortunately, all secure delegation systems proposed so far include various drawbacks with respect to some of the main functional requirements of any practical system. With the purpose of proposing a truly practical solution for signature and decryption delegation, in this chapter the authors put forth the notion of a “Proxy Smart Card System,” a distributed system that allows a smart card owner to delegate part of its computations to remote users. They first stress the problematic aspects concerning the use of known proxy-cryptography schemes in synergy with current standard technologies, which in turn motivates the need of proxy smart card systems. Then they formalize the security and functional requirements of a proxy smart card system, identifying the involved parties, the adversary model, and the usability properties. Finally, the authors present the design and analysis of a proxy smart card system, which implements the required functionalities outperforming the current state of the art.

[1]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[2]  Byoungcheon Lee,et al.  Secure Mobile Agent Using Strong Non-designated Proxy Signature , 2001, ACISP.

[3]  Eiji Okamoto,et al.  Proxy signatures for delegating signing operation , 1996, CCS '96.

[4]  Young-Seol Kim,et al.  Provably Secure Proxy Blind Signature Scheme , 2006, Eighth IEEE International Symposium on Multimedia (ISM'06).

[5]  Chengyu Hu,et al.  A New Type of Proxy Ring Signature Scheme with Revocable Anonymity , 2007 .

[6]  Giuseppe Cattaneo,et al.  Proxy Smart Card Systems , 2010, WISTP.

[7]  Chengyu Hu,et al.  A New Type of Proxy Ring Signature Scheme with Revocable Anonymity and No Info Leaked , 2007, MCAM.

[8]  Zhang Feng,et al.  A proxy blind signature scheme based on elliptic curve with proxy revocation , 2007, SNPD.

[9]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[10]  Blake Ramsdell,et al.  S/MIME Version 3 Message Specification , 1999, RFC.

[11]  Fagen Li,et al.  Deniable Proxy-Anonymous Signatures , 2008, 2008 The 9th International Conference for Young Computer Scientists.

[12]  Xiaolei Dong,et al.  Efficient ID-Based One-Time Proxy Signature and Its Application in E-Cheque , 2006, CANS.

[13]  Byoungcheon Lee,et al.  Strong Proxy Signature and its Applications , 2000 .

[14]  Andrew S. Tanenbaum,et al.  Disallowing Unauthorized State Changes of Distributed Shared Objects , 2000, SEC.

[15]  Ping Wei,et al.  Anonymous Proxy Authorization Signature Scheme with Forward Security , 2008, 2008 International Conference on Computer Science and Software Engineering.

[16]  Zhenfu Cao,et al.  Improvement of Yang et al.'s threshold proxy signature scheme , 2007, J. Syst. Softw..

[17]  Yuan Yumin,et al.  A Threshold Proxy Signature Scheme with Nonrepudiation and Anonymity , 2006, ISCIS.

[18]  Xiaoping Wu,et al.  Cryptanalysis and Improvement of Two Blind Proxy Signature Schemes , 2008, 2008 International Conference on Computer Science and Software Engineering.

[19]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[20]  Andrew S. Tanenbaum,et al.  A law-abiding peer-to-peer network for free-software distribution , 2001, Proceedings IEEE International Symposium on Network Computing and Applications. NCA 2001.

[21]  Ian T. Foster,et al.  A security architecture for computational grids , 1998, CCS '98.

[22]  Georg Fuchsbauer,et al.  Anonymous Proxy Signatures , 2008, SCN.