This thesis discusses security and availability properties of threshold cryptography. Firstly, we survey basic cryptographic algorithms and cryptographic building blocks related to threshold cryptography. Then, we introduce a new security requirement ...
This thesis discusses security and availability properties of threshold cryptography. Firstly, we survey basic cryptographic algorithms and cryptographic building blocks related to threshold cryptography. Then, we introduce a new security requirement "user-controllability" on the deployment of threshold cryptography and then propose a new model of threshold cryptography called as User Controllable Threshold Signature (UCTS); to give controllability for activating threshold functions to the owner of a secret. Owing to user-controllability, the user does not need to worry about abuse of threshold functions on the actual deployment. We propose two kinds of methods to make the existing threshold cryptosystems user-controllable; RSA based UCTS and Schnorr based UCTS. Additionally, to eliminate the necessity of the confidential channels between communication parties in Schnorr based UCTS, we propose a new two party signature scheme.
Then, we focus key renewal and key recovery to make UCTS proactive. The scheme proposed in this thesis is called as Proactive User Controllable Secret Sharing (PUCSS). According to the initiator of PUCSS, there are two types of methods: user-oriented PUCSS and server-oriented PUCSS. After performace simulations, we set up the following deployment strategies; server-oriented PUCSS requires higher computation cost and communication cost than user-oriented PUCSS. However, the user consumes less computation cost and hires conveniently the distributed system for threshold protection without taking care of renewal and recovery in the server-oriented PUCSS.
Then, we have designed a secure distributed system, called as Robust Distributed Cryptographic Operation System (RDCOS), and its seven operational protocols: registration protocol, initialization protocol, threshold service protocol, key renewal protocol, accusation protocol, refreshment protocol and key recovery protocol. RDCOS was based on UCTS for the cryptographic operation and hash chain for the status management of servers in the distributed system.
In this these, two application protocols for building secure mobility are proposed. At first, a new certified e-mail system with low computational overhead for mobile users is proposed. The system uses threshold cryptography and server supported signature as cryptographic primitives. The system guarantees the following properties: fairness, authentication, confidentiality, non-repudiation and secure against conspiracy attack. The new certified e-mail system is suitable for users who want to send their secure e-mails by using their mobile devices with limited computing power or battery. At second, we consider security requirements for admission control in Intelligent spaces. To guarantee security requirements, we propose a new threshold proxy signature scheme which guarantees proxy-protected, strong unforgeability, strong undeniability and prevention of misuse. Based on the proposed threshold proxy signature scheme, we design protocols for admission control and evaluated the performance by simulation. Since a foreign user attending in an intelligent space does not need to create a new identity or role for accessing resources in the intelligent space, our model can be properly applied to the ubiquitous computing environment as a new model for group admission control.