An Improvement of VeriSign's Key Roaming Service Protocol

In the past two or three years, most major Public Key Infrastructure (PKI) vendors have released products which allow users to roam from one machine to another without having to manually manage the export and import of their credentials such as private keys and corresponding certificates onto temporary media like diskettes. In this paper, we survey three popular key roaming products of Baltimore's, Entrust's and VeriSign's. We also propose key roaming system which improves VeriSign's roaming service and analyze its security.

[1]  Yvo Desmedt,et al.  Threshold Cryptosystems , 1989, CRYPTO.

[2]  Torben P. Pedersen Distributed Provers with Applications to Undeniable Signatures , 1991, EUROCRYPT.

[3]  David P. Jablon Strong password-only authenticated key exchange , 1996, CCRV.

[4]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[5]  Torben P. Pedersen A Threshold Cryptosystem without a Trusted Party (Extended Abstract) , 1991, EUROCRYPT.

[6]  Paul C. van Oorschot,et al.  On Diffie-Hellman Key Agreement with Short Exponents , 1996, EUROCRYPT.

[7]  Dan S. Wallach,et al.  Web Spoofing: An Internet Con Game , 1997 .

[8]  Burton S. Kaliski,et al.  Server-assisted generation of a strong secret from a password , 2000, Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000).

[9]  Hugo Krawczyk,et al.  Secure Distributed Key Generation for Discrete-Log Based Cryptosystems , 1999, EUROCRYPT.