Publication Type
Conference Proceeding Article
Version
publishedVersion
Publication Date
7-2002
Abstract
Key recovery is a technology that allows the owner of encrypted data or a trusted third party to recover encrypted data, mostly by reconstructing lost decryption key. In [HLG99], Harn et al proposed a Global Key Recovery System (GKRS) that combines the functions of the key recovery authorities and the public key certification authorities (CAs). Among other features, user-dominance, i.e., a user is allowed to select his own public-private key pair and especially a public element for verifying the validity of the public-private key pair, is considered extremely important by [HLG99] for wide acceptance of GKRS. In this paper, we attack the RSA version of GKRS by showing that its user-dominant feature and the corresponding key verification scheme employed by the CAs allow for fraud by users against CAs. We then propose an improvement to the original GKRS. The improved system makes the probability of user fraud negligibly small.
Keywords
Safety analysis, Decryption, Public key, Certification, Cryptanalysis, Private key, Fraud
Discipline
Information Security
Research Areas
Cybersecurity
Publication
Information Security and Privacy: 7th Australasian Conference, ACISP 2002 Melbourne, Australia, July 3-5, 2002: Proceedings
Volume
2384
First Page
17
Last Page
24
ISBN
9783540454502
Identifier
10.1007/3-540-45450-0_2
Publisher
Springer
City or Country
Berlin
Citation
YANG, Yanjiang; BAO, Feng; and DENG, Robert H..
Security Analysis and Improvement of the Global Key Recovery System. (2002). Information Security and Privacy: 7th Australasian Conference, ACISP 2002 Melbourne, Australia, July 3-5, 2002: Proceedings. 2384, 17-24.
Available at: https://ink.library.smu.edu.sg/sis_research/1102
Copyright Owner and License
Publisher
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
https://doi.org/10.1007/3-540-45450-0_2