Fine-grained Control of Security Capabilities
We present a new approach for fine-grained control over users' security privileges (fast revocation of credentials) centered around the concept of an on-line semi-trusted mediator (SEM). The use of a SEM in conjunction with a simple threshold variant of the RSA cryptosystem (mediated RSA) offers a number of practical advantages over current revocation techniques. The benefits include simplified validation of digital signatures, efficient certificate revocation for legacy systems and fast revocation of signature and decryption capabilities. This paper discusses both the architecture and the implementation of our approach as well as its performance and compatibility with the existing infrastructure. Experimental results demonstrate its practical aspects.
Information Security and Trust
ACM Transactions on Internet Technology
BONEH, D.; DING, Xuhua; and Tsudik, Gene.
Fine-grained Control of Security Capabilities. (2004). ACM Transactions on Internet Technology. 4, (1), 60-82. Research Collection School Of Information Systems.
Available at: http://ink.library.smu.edu.sg/sis_research/783