TY - JOUR
T1 - Maintaining authenticated communication in the presence of break-ins
AU - Canetti, Ran
AU - Halevi, Shai
AU - Herzberg, Amir
PY - 2000
Y1 - 2000
N2 - We study the problem of maintaining authenticated communication over untrusted communication channels, in a scenario where the communicating parties may be occasionally and repeatedly broken into for transient periods of time. Once a party is broken into, its cryptographic keys are exposed and perhaps modified. Yet, when aided by other parties it should be able to regain its ability to communicate in an authenticated way. We present a mathematical model for this highly adversarial setting, exhibiting salient properties and parameters, and then describe a practically appealing protocol for solving this problem. A key element in our solution is devising a proactive distributed signature (PDS) scheme in our model. The PDS schemes known in the literature are designed for a model where authenticated communication is available. We therefore show how these schemes can be modified to work in our model, where no such primitives are available a priori. In the process of devising these schemes, we also present a new definition of PDS schemes (and of distributed signature schemes in general). This definition may be of independent interest.
AB - We study the problem of maintaining authenticated communication over untrusted communication channels, in a scenario where the communicating parties may be occasionally and repeatedly broken into for transient periods of time. Once a party is broken into, its cryptographic keys are exposed and perhaps modified. Yet, when aided by other parties it should be able to regain its ability to communicate in an authenticated way. We present a mathematical model for this highly adversarial setting, exhibiting salient properties and parameters, and then describe a practically appealing protocol for solving this problem. A key element in our solution is devising a proactive distributed signature (PDS) scheme in our model. The PDS schemes known in the literature are designed for a model where authenticated communication is available. We therefore show how these schemes can be modified to work in our model, where no such primitives are available a priori. In the process of devising these schemes, we also present a new definition of PDS schemes (and of distributed signature schemes in general). This definition may be of independent interest.
KW - Authentication protocols
KW - Break-ins
KW - Distributed signatures
KW - Proactive protocols
KW - Proactive signatures
KW - Recovery
UR - http://www.scopus.com/inward/record.url?scp=4944253148&partnerID=8YFLogxK
U2 - 10.1007/s001459910004
DO - 10.1007/s001459910004
M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???
AN - SCOPUS:4944253148
SN - 0933-2790
VL - 13
SP - 61
EP - 105
JO - Journal of Cryptology
JF - Journal of Cryptology
IS - 1
ER -