Efficient Certification and Zero-Knowledge Proofs of Knowledge on Infrastructure Topology Graphs

Digital signature schemes are a foundational cryptographic building block in certification and the projection of trust. Based on a signature scheme on committed graphs, we propose a framework of certification and proof methods to sign topology graphs and to prove properties of their certificates in zero-knowledge. This framework allows an issuer, such as an auditing system, to sign the topology representation of an infrastructure. The prover, such as an infrastructure provider, can then convince a verifier of topology properties including connectivity and isolation without disclosing the blueprint of the topology itself. By that, we can certify the structure of critical systems while still maintaining confidentiality. We offer zero-knowledge proofs of knowledge for a general specification language of security goals for virtualized infrastructures such that high-level security goals can be proven over topology certificates. We offer an efficient and practical construction, built upon the Camenisch-Lysyanskaya signature scheme, honest-verifier proofs and the strong RSA assumption.

[1]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[2]  Victor Shoup,et al.  A computational introduction to number theory and algebra , 2005 .

[3]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[4]  Manuel Blum,et al.  How to Prove a Theorem So No One Else Can Claim It , 2010 .

[5]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.

[6]  Yiannis Tsiounis,et al.  Easy Come - Easy Go Divisible Cash , 1998, EUROCRYPT.

[7]  Matthias Schunter,et al.  Automated Information Flow Analysis of Virtualized Infrastructures , 2011, ESORICS.

[8]  Jan Camenisch,et al.  Proving in Zero-Knowledge that a Number Is the Product of Two Safe Primes , 1998, EUROCRYPT.

[9]  Michael T. Goodrich,et al.  Efficient Authenticated Data Structures for Graph Connectivity and Geometric Search Problems , 2009, Algorithmica.

[10]  Joan Feigenbaum,et al.  Structural cloud audits that protect private information , 2013, CCSW.

[11]  Yuqiong Sun,et al.  Cloud Verifier: Verifiable Auditing Service for IaaS Clouds , 2013, 2013 IEEE Ninth World Congress on Services.

[12]  Craig Gentry,et al.  Pinocchio: Nearly Practical Verifiable Computation , 2013, 2013 IEEE Symposium on Security and Privacy.

[13]  Bryan Ford,et al.  Auditing the Structural Reliability of the Clouds Ennan , 2013 .

[14]  Cristina V. Lopes,et al.  Efficient Verification of Web-Content Searching Through Authenticated Web Crawlers , 2012, Proc. VLDB Endow..

[15]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[16]  Jan Camenisch,et al.  A Signature Scheme with Efficient Protocols , 2002, SCN.

[17]  Daniele Catteddu,et al.  Cloud Computing: Benefits, Risks and Recommendations for Information Security , 2009 .

[18]  Mihir Bellare,et al.  Transitive Signatures Based on Factoring and RSA , 2002, ASIACRYPT.

[19]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[20]  Dawn Xiaodong Song,et al.  Homomorphic Signature Schemes , 2002, CT-RSA.

[21]  Jan Camenisch,et al.  Efficient group signature schemes for large groups , 1997 .

[22]  Ivan Damgård,et al.  An Integer Commitment Scheme based on Groups with Hidden Order , 2001, IACR Cryptol. ePrint Arch..

[23]  Ed Dawson,et al.  Batch zero-knowledge proof and verification and its applications , 2007, TSEC.

[24]  Jan Camenisch,et al.  Efficient Group Signature Schemes for Large Groups (Extended Abstract) , 1997, CRYPTO.

[25]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[26]  Jan Camenisch,et al.  Efficient Attributes for Anonymous Credentials , 2012, TSEC.

[27]  Thomas Groß,et al.  A Virtualization Assurance Language for Isolation and Deployment , 2011, 2011 IEEE International Symposium on Policies for Distributed Systems and Networks.

[28]  Jonathan Katz,et al.  ALITHEIA: Towards Practical Verifiable Graph Processing , 2014, CCS.

[29]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[30]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[31]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[32]  Fabrice Boudot,et al.  Efficient Proofs that a Committed Number Lies in an Interval , 2000, EUROCRYPT.

[33]  Silvio Micali,et al.  Transitive Signature Schemes , 2002, CT-RSA.

[34]  Abhi Shelat,et al.  Efficient Protocols for Set Membership and Range Proofs , 2008, ASIACRYPT.

[35]  Sebastian Mödersheim,et al.  Automated verification of virtualized infrastructures , 2011, CCSW '11.

[36]  Stefan Brands,et al.  Rapid Demonstration of Linear Relations Connected by Boolean Operators , 1997, EUROCRYPT.

[37]  Thomas Groß Certification and Efficient Proofs of Committed Topology Graphs , 2014, IACR Cryptol. ePrint Arch..

[38]  Tatsuaki Okamoto,et al.  Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations , 1997, CRYPTO.