We designed a secure key registration system based on the proactive secret-sharing scheme. A user can register important data such as a session key to a distributed system in a (t, n)-threshold scheme, which means that the data can be recovered if t servers cooperate (in other words, that the data cannot be revealed unless t servers collude). The proactive scheme provides stronger security against an active adversary. We designed the protocol to generate an implicit secret, to distribute shares of it, and to reconstruct the secret for proactive secret-sharing without a dealer.
We also developed a prototype of a data archiving service framework on the Internet. To allow users to access the system via a Web browser, we implemented a system based on the PKI (public key infrastructure), where the client/server authentication is done by means of X.509 certification. We also used the publish/subscribe communication model to realize interaction between key management servers, because it is easy to implement the broadcasting channels used in the share update phase
By: Masayuki Numao
Published in: RT0280 in 2002
LIMITED DISTRIBUTION NOTICE:
This Research Report is available. This report has been submitted for publication outside of IBM and will probably be copyrighted if accepted for publication. It has been issued as a Research Report for early dissemination of its contents. In view of the transfer of copyright to the outside publisher, its distribution outside of IBM prior to publication should be limited to peer communications and specific requests. After outside publication, requests should be filled only by reprints or legally obtained copies of the article (e.g., payment of royalties). I have read and understand this notice and am a member of the scientific community outside or inside of IBM seeking a single copy only.
Questions about this service can be mailed to reports@us.ibm.com .