Abstract
Secret handshaking protocols allow two members of the same group to identify each other secretly, i.e., any two parties who are members of the same group will recognize each other as members, yet, a party which is not a member of this group cannot tell, by engaging some party in the handshaking protocol, whether that party is a member of this group. Unlinkability is one of the main merits of secret handshaking protocols, that is, a party engaged in at least two handshakes must not be able to link any two different handshakes to a particular party. To achieve unlinkability, almost all protocols proposed so far rely on the one-time credentials technique, where each party can use her credential only once. Hence, each party must hold enough credentials allowing her to engage in the handshakes for enough period of time (e.g. a month) without referring to the group authority for renewal. There is a severe security problem when one-time credentials are employed, that is, an active adversary may initialize with an honest party as many handshaking sessions as she can and hence, depletes all the credentials held by this party, once a party runs out of credentials she will not be able to engage in handshaking no more (Denial of Service attack, DoS). At the same time, the group authority must be able to manage enormous number of issued credentials in data structures and certificate revocation lists (CRL). Thus, on the large scale implementation (large group population), one-time credentials become impractical. In this paper, we propose a provably secure two-party secret handshaking protocol which realizes the unlinkability property using only one permanent credential for each member and avoiding the inefficient one-time credentials. At the same time, our protocol provides immediate revocation of members by the group authority without relying heavily on CRL structures. Keywords: Secret handshakes, authentication, one-time credentials, unlinkability, revocation, denial of service, anonymous RSA, mediated PKI.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
More From: International Journal of Advanced Research in Computer Science
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.