Cryptology ePrint Archive: Report 2005/114

Intrusion-Resilient Secure Channels

Gene Itkis and Robert McNerney Jr. and Scott W. Russell

Abstract: We propose a new secure communication primitive called an \emph{Intrusion-Resilient Channel (IRC)} that limits the damage resulting from key exposures and facilitates recovery. We define security against passive but mobile and highly adaptive adversaries capable of exposing even expired past secrets. We describe an intuitive channel construction using (as a black box) existing public key cryptosystems. The simplicity of the construction belies the technical challenges in its security proof.

Additionally, we outline a general strategy for proving enhanced security for two-party protocols when an IRC is employed to secure all communication. Specifically, given a protocol proved secure against adversaries with restricted access to protocol messages, we show how the use of an IRC allows some of these adversary restrictions to be lifted. Once again, proving the efficacy of our intuitive approach turns out to be non-trivial. We demonstrate the strategy by showing that the intrusion-resilient signature scheme of [IR02] can be made secure against adversaries that expose even expired secrets.

Category / Keywords: public-key cryptography /

Publication Info: Extended abstract to appear in proceedings of Applied Cryptography and Network Security 2005

Date: received 15 Apr 2005

Contact author: srussell at cs bu edu

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Note: This is the full version. The extended abstract to appear in proceedings of Applied Cryptography and Network Security 2005.

Version: 20050415:194622 (All versions of this report)

Short URL: ia.cr/2005/114

Discussion forum: Show discussion | Start new discussion