论文信息 - The Yaksha security system

The Yaksha security system

emerging information infrastructure, it is impor tan t that we look for similar flexibility. The Yaksha security system is a security technology [4, 5] capable of reusing a single security infrastructure to pe r fo rm various security f u n c t i o n s a u t h e n t i c a t i o n , key cooperat ion of the participants. Clearly, encrypting information being communica ted or stored could put the third parties at a significant disadvantage. Techniques for providing secure communicat ions and storage with intentional backdoors that allow exchange, digital signatures, and key escrow. This legitimate third parties access to the information fall article describes how the Yaksha security system can be used for key escrow. It is commonly accepted that encrypted communications and data storage make up an essential componen t of our emerging information infrastructure. into the broad category of what may be described as key escrow systems• T h r o u g h o u t this article, we use the te rm authority synonymously with legitimate third party. When the authority is the government and the participants are citizens, the entire concept is fairly controSomewhat more controversial is the concept that cerversial, as has been well documented in the pages of this tain third pa r t i e smother than those communica t ing or storing informat ion---may have a legitimate right.to seek access to the information without the active magazine [12] and other publications. In this context, the system that dominates the discussion is the so-called Escrow Encrypuon Standard or Clipper System [3]. An

Ravi Ganesan | R. Ganesan

[1] Adi Shamir,et al. A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[2] Roger M. Needham,et al. Using encryption for authentication in large networks of computers , 1978, CACM.

[3] Dorothy E. Denning,et al. A taxonomy for key escrow encryption systems , 1996, CACM.

[4] John Linn,et al. Privacy enhancement for Internet electronic mail: Part II - certificate-based key management , 1987, RFC.

[5] Steve Kent,et al. Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management , 1989, RFC.

[6] Theodore Y. Ts'o,et al. Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[7] Bruce Schneier,et al. Applied cryptography : protocols, algorithms, and source codein C , 1996 .

[8] Bernard P. Zajac. Applied cryptography: Protocols, algorithms, and source code in C , 1994 .

[9] Bruce Schneier,et al. Applied cryptography (2nd ed.): protocols, algorithms, and source code in C , 1995 .

[10] Lewis M. Branscomb,et al. To tap or not to tap , 1993, CACM.

[11] Ravi Ganesan,et al. Yaksha: augmenting Kerberos with public key cryptography , 1995, Proceedings of the Symposium on Network and Distributed System Security.

[12] Simon Blake-Wilson,et al. Digital Signatures and Public-key Cryptography , 1995 .