Privacy Enhancements for Hardware-Based Security Modules

The increasing growth in the use of Hardware Security Modules (HSMs) towards identification and authentication of a security endpoint have raised numerous privacy and security concerns. HSMs have the ability to tie a system or an object, along with its users to the physical world. However, this enables tracking of the user and/or an object associated with the HSM. Current systems do not adequately address the privacy needs and as such are susceptible to various attacks.

[1]  Kaisa Nyberg,et al.  Advances in Cryptology — EUROCRYPT'98 , 1998 .

[2]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[3]  Donald W. Davies,et al.  Advances in Cryptology — EUROCRYPT ’91 , 2001, Lecture Notes in Computer Science.

[4]  Qiu Xiao The Composite Discrete Logarithm and Secure Authentication , 2004 .

[5]  Jan Camenisch,et al.  Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials , 2002, CRYPTO.

[6]  Ueli Maurer,et al.  Advances in Cryptology — EUROCRYPT ’96 , 2001, Lecture Notes in Computer Science.

[7]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[8]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[9]  Manuel Blum,et al.  A Simple Unpredictable Pseudo-Random Number Generator , 1986, SIAM J. Comput..

[10]  Shafi Goldwasser,et al.  Advances in Cryptology — CRYPTO’ 88: Proceedings , 1990, Lecture Notes in Computer Science.

[11]  Jacques Stern,et al.  Security Proofs for Signature Schemes , 1996, EUROCRYPT.

[12]  David Chaum,et al.  Transferred Cash Grows in Size , 1992, EUROCRYPT.

[13]  Jan Camenisch,et al.  Separability and Efficiency for Generic Group Signature Schemes , 1999, CRYPTO.

[14]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[15]  Amit Sahai,et al.  Pseudonym Systems (Extended Abstract) , 2000 .

[16]  Jacques Stern,et al.  Security Analysis of a Practical "on the fly" Authentication and Signature Generation , 1998, EUROCRYPT.

[17]  Andrew Odlyzko,et al.  Advances in Cryptology — CRYPTO’ 86 , 2000, Lecture Notes in Computer Science.

[18]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[19]  Lidong Chen Access with Pseudonyms , 1995, Cryptography: Policy and Algorithms.

[20]  Arto Salomaa,et al.  Public-Key Cryptography , 1991, EATCS Monographs on Theoretical Computer Science.

[21]  Ed Dawson,et al.  Cryptography: Policy and Algorithms , 1996, Lecture Notes in Computer Science.

[22]  Douglas R. Stinson,et al.  Advances in Cryptology — CRYPTO’ 93 , 2001, Lecture Notes in Computer Science.

[23]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[24]  Rainer A. Rueppel Advances in Cryptology — EUROCRYPT’ 92 , 2001, Lecture Notes in Computer Science.

[25]  Matthew K. Franklin,et al.  Joint Encryption and Message-Efficient Secure Computation , 1993, CRYPTO.

[26]  Ivan Damgård,et al.  Payment Systems and Credential Mechanisms with Provable Security Against Abuse by Individuals , 1988, CRYPTO.

[27]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[28]  Marc Girault,et al.  Self-Certified Public Keys , 1991, EUROCRYPT.

[29]  David Chaum,et al.  A Secure and Privacy-protecting Protocol for Transmitting Personal Information Between Organizations , 1986, CRYPTO.