Delegation with supervision

Delegation certificates (e.g. SPKI) support the decentralized management of access rights in organizations without the need for a centralized server to mediate every delegation operation. However, it does not allow the access rights to be delegated in a flexible way. For instance, a user cannot be granted the authorization to perform delegation of permission without granting himself/herself the authorization to exercise the associated permission at the same time. In this paper, we propose an improved delegation model, where the various users in a delegation chain may perform supervision on the delegate to exercise the delegated permission. We describe the way to support the model using SPKI as an example. Also, we describe how to support efficient authorization in delegation with supervision using proxy signature techniques.

[1]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[2]  Kuo-Yu Tsai,et al.  Cryptanalysis and improvement of nonrepudiable threshold multi-proxy multi-signature scheme with shared verification , 2007, Inf. Sci..

[3]  Silvio Micali,et al.  Accountable-subgroup multisignatures: extended abstract , 2001, CCS '01.

[4]  M. Mambo,et al.  Proxy Signatures: Delegation of the Power to Sign Messages (Special Section on Information Theory and Its Applications) , 1996 .

[5]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[6]  Siu-Ming Yiu,et al.  Supporting E.cient Authorization in Delegation with Supervision , 2005, 11th International Conference on Parallel and Distributed Systems (ICPADS'05).

[7]  Hung-Min Sun,et al.  On the Security of Some Proxy Signature Schemes , 2003, IACR Cryptol. ePrint Arch..

[8]  Jan H. P. Eloff,et al.  An access control architecture for XML documents in workflow environments , 2002, South Afr. Comput. J..

[9]  Jung Hee Cheon,et al.  An Analysis of Proxy Signatures: Is a Secure Channel Necessary? , 2003, CT-RSA.

[10]  Philip R. Zimmermann,et al.  The official PGP user's guide , 1996 .

[11]  Dongho Won,et al.  Proxy signatures, Revisited , 1997, ICICS.

[12]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[13]  Patrick Horster,et al.  A New Approach for Delegation Using Hierarchical Delegation Tokens , 1997, Communications and Multimedia Security.

[14]  David Mazières,et al.  Proactive Two-Party Signatures for User Authentication , 2003, NDSS.

[15]  Dwaine E. Clarke,et al.  SPKI/SDSI HTTP Server / Certificate Chain Discovery in SPKI/SDSI , 2001 .

[16]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[17]  Bruno Crispo Delegation of Responsibility (Transcript of Discussion) , 1998, Security Protocols Workshop.

[18]  Tuomas Aura,et al.  Distributed Access-Rights Managements with Delegations Certificates , 2001, Secure Internet Programming.

[19]  Chin-Chen Chang,et al.  A novel efficient (t, n) threshold proxy signature scheme , 2006, Inf. Sci..

[20]  Byoungcheon Lee,et al.  Strong Proxy Signature and its Applications , 2000 .

[21]  Eiji Okamoto,et al.  Proxy signatures for delegating signing operation , 1996, CCS '96.

[22]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[23]  Butler W. Lampson,et al.  Simple Public Key Certificate , 1998 .