Public-key cryptography is fast becoming the foundation for those applications that require security and authentication in open networks. But the widespread use of a global public-key cryptosystem requires that public-key certificates are always available and up-to-date. Problems associated to digital certificates management, like storage, retrieval, maintenance, and, specially, revocation, req...

Wireless sensor networks are being deployed for a wide variety of applications. It is an important challenge to find out practical security protocols for wireless sensor networks due to limitation of power, computation and storage resources. Symmetric key techniques are attractive due to their energy efficiency. But the drawbacks of symmetric key techniques are evident in terms of key managemen...

Secure hash functions are the unsung heroes of modern cryptography. Introductory courses in cryptography often leave them out — since they don’t have a secret key, it is difficult to use hash functions by themselves for cryptography. In addition, most theoretical discussions of cryptographic systems can get by without mentioning them. However, for secure practical implementations of public-key ...

Public key cryptography can uniquely enable trust within distributed settings. Employing it usually requires deploying a set of tools and services collectively known as a Public Key Infrastructure (PKI). PKIs have become a central asset for many organizations, due to distributed IT and users. Even though the usage of PKIs in closed and controlled environments is quite common, interoperability a...

This paper proposes a “mechanism-based PKI”, in which only a mechanism for generating user's private keys is installed on a smart card. The private key is generated inside the smart card at the event that the legitimate user gives a “seed of private key” to his/her smart card in order to sign a massage. The key exists nowhere except while users are signing a massage. Thus, users no longer need ...

Trust-management systems address the authorization problem in distributed systems. They offer several advantages over other approaches, such as support for delegation and making authorization decisions in a decentralized manner. Nonetheless, trust-management systems such as KeyNote and SPKI/SDSI have seen limited deployment in the real world. One reason for this is that both systems require a p...

In a public-key encryption scheme, if a sender is not concerned about the security of a message and is unwilling to generate costly randomness, the security of the encrypted message can be compromised. This is caused by the laziness of the sender. In this work, we characterize lazy parties in cryptography. Lazy parties are regarded as honest parties in a protocol, but they are not concerned abo...

Ring signature scheme is a cryptographic construct that enables a signer to sign on behalf of a group of n different people such that the verifier can only ensure someone in the group signed, but not exactly whom. Ring signatures are utilized in many security applications. It is tricky to deploy multi-user cryptographic construct due to the complexity involved by certificates. Specifically, rin...

One protocol (called the primary protocol) is independent of other protocols (jointly called the secondary protocol) if the question whether the primary protocol achieves a security goal never depends on whether the secondary protocol is in use. In this paper, we use multiprotocol strand spaces ([27], cf. [28]) to prove that two cryptographic protocols are independent if they use encryption in ...

This paper describes a security middleware for enhancing the interoperability of public key infrastructure (PKI). Security is a key concern in e-commerce and is especially critical in cross-enterprise transactions. Public key cryptography is widely accepted as an important mechanism for addressing the security needs of e-commerce transactions because of its ability to implement nonrepudiation. ...