Abstract :
Recently, Hung-Yu Chien has proposed a new approach to authorization and authentication in distributed environments which has some merits, such as one registration for many services, etc. However, this approach requires the registration server to maintain all users´ warrants and proxy keys, thus presenting an attractive target to attackers. An intrusion-tolerant improvement of this approach is presented in this paper to eliminate this disadvantage while preserving the merits of the original one. To do this, we introduce the concept of Distributed Registration Center consisting of multiple Registration Severs, and use a cryptographic (k, n) secret sharing scheme to distribute parts of the users´ warrants and proxy keys to RSs and use a secure multi-party computation scheme to perform the signatures such that the warrant can be signed in a distributed fashion without reassembly when a legal user registrant himself/herself at the DRC. Analysis shows that under the assumption of a Diffie-Hellman decisional problem, a passive adversary gets zero knowledge about the conference key, and an active adversary cannot impersonate successfully.
