Abstract
Firewalls typically filter network traffic at several different layers. At application layer, filtering is based on various security relevant information encapsulated into protocol messages. The major obstacle for efficient verification of authenticity of messages at application layer is the difficulty of verifying digital signatures without disclosure of content protected by encryption. This is due to a traditional paradigm of generating a digital signature of a message and then encrypting the signature together with the message to preserve confidentiality, integrity, non-repudiation and authenticity. To overcome this limitation, a scheme shall be proposed for enabling signature verification without disclosing the content of messages. To provide maximum efficiency, the scheme is based on digital signcryption.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
R. Anderson and R. Needham. Robustness principles for public key protocols. In D. Coppersmith, editor, Advances in Cryptology-CRYPTO’95, volume 963 of Lecture Notes in Computer Science, pages 236–247. Springer-Verlag, 1995.
F. M. Avolio and M. J. Ranum. A network perimeter with secure external access. In Proceedings of the 3rd Annual System Administration, Networking and Security Conference (SANS III), pages 1–14. Open Systems Conference Board, 1994.
F. Bao and R. H. Deng. A signcryption scheme with signature directly verifiable by public key. In H. Imai and Y. Zheng, editors, Public Key Cryptography-PKC’98, volume 1431 of Lecture Notes in Computer Science, pages 55–59. Springer-Verlag, 1998.
M. Bellare and P. Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In Proceedings of the 1st ACM Conference on Computer and Communications Security, pages 62–73. ACM Press, 1993.
M. Bellare and P. Rogaway. The exact security of digital signatures-how to sign with RSA and Rabin. In U.M. Maurer, editor, Advances in Cryptology-EUROCRYPT’96, volume 1070 of Lecture Notes in Computer Science, pages 399–416. Springer-Verlag, 1996.
S. M. Bellowin and W. R. Cheswick. Firewalls and Internet Security. Addison-Wesley, 1994.
D. Boneh. The decision Diffie-Hellman problem. In x, editor, Proceedings of the 3rd Algorithmic Number Theory Symposium, volume 1423 of Lecture Notes in Computer Science, pages 48–63. Springer-Verlag, 1998.
R. Canetti, O. Goldreich, and S. Halevi. The random oracle methodology, revisited. In Proceedings of the 30th Annual ACM Symposium on Theory of Computing, pages 9–9. ACM Press, 1998. (to appear).
M. Chen and E. Hughes. Protocol failures related to order of encryption and signature-computation of discrete logarithms in RSA groups. In C. Boyd and E. Dawson, editors, Information Security and Privacy-ACISP’98, volume 1438 of Lecture Notes in Computer Science, pages 238–249. Springer-Verlag, 1998.
W. Diffie and M. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, IT-22(6):644–654, November1976.
T. ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. In G. R. Blakley and D. Chaum, editors, Advances in Cryptology-CRYPTO’84, volume 196 of Lecture Notes in Computer Science, pages 10–18. Springer-Verlag, 1985.
T. ElGamal. A public-key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, IT-31(4):469–472, July 1985.
U. Feige, A. Fiat, and A. Shamir. Zero-knowledge proofs of identity. Journal of Cryptology, 1:77–94, 1988.
A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identification and signature problems. In A. M. Odlyzko, editor, Advances in Cryptology-CRYPTO’86, volume 263 of Lecture Notes in Computer Science, pages 186–194. Springer-Verlag, 1987.
S. Goldwasser, S. Micali, and R. L. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal of Computing, 17(2):281–308, April 1988.
A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of Applied Cryptography. CRC Press, 1996.
National Institute of Standards and Technology, U.S. Department of Commerce. Digital Signature Standard. Federal Information Processing Standards Publication (FIPS PUB) 186, 1994.
K. Nyberg and R. A. Rueppel. A new signature scheme based on the DSA giving message recovery. In Proceedings of the 1st ACM Conference on Computer and Communications Security, pages 58–61. ACM Press, 1993.
K. Nyberg and R. A. Rueppel. Message recovery for signature schemes based on the discrete logarithm problem. Designs, Codes and Cryptography, 7:61–81, 1996.
K. Ohta and T. Okamoto. On concrete security treatment of signatures derived from identification. In H. Krawczyk, editor, Advances in Cryptology-CRYPTO’98, volume 1462 of Lecture Notes in Computer Science, pages 354–369. Springer-Verlag, 1998.
R. Oppliger. Internet security: Firewalls and beyond. Communications of the ACM, 40(5):92–102, May 1997.
D. Pointcheval and J. Stern. Provably secure blind signature schemes. InU. M. Maurer, editor, Advances in Cryptology-ASIACRYPT’96, volume 1070 of Lecture Notes in Computer Science, pages 387–398. Springer-Verlag, 1996.
D. Pointcheval and J. Stern. Security proofs for signature schemes. In U. M. Maurer, editor, Advances in Cryptology-EUROCRYPT’96, volume 1070 of Lecture Notes in Computer Science, pages 387–398. Springer-Verlag, 1996.
D. Pointcheval and J. Stern. Security arguments for digital signatures and blind signatures. Journal of Cryptology, 9:9–9, 1999.
M. O. Rabin. Digitalized signatures and public key functions as intractable as factorization. Technical Report MIT/LCS/TR-212, MIT Laboratory for Computer Science, January 1979.
R. L. Rivest, A. Shamir, and L. M. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120–126, February 1978.
C.-P. Schnorr. Efficient identification and signatures for smart cards. In G. Brassard, editor, Advances in Cryptology-CRYPTO’89, volume 435 of Lecture Notes in Computer Science, pages 239–252. Springer-Verlag, 1990.
C.-P. Schnorr. Efficient signature generation by smart cards. Journal of Cryptology, 4(3):161–174, 1991.
H. Zheng and G. R. Blakley. Authenticryption: Secrecy with authentication. Manuscript, 1998.
Y. Zheng. Digital signcryption or how to achieve cost(signature & encryption)/9g cost(signature) + cost(encryption). In B. S. Kaliski, editor, Advances in Cryptology-CRYPTO’97, volume 1294 of Lecture Notes in Computer Science, pages 165–179. Springer-Verlag, 1997.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gamage, C., Leiwo, J., Zheng, Y. (1999). Encrypted Message Authentication by Firewalls. In: Public Key Cryptography. PKC 1999. Lecture Notes in Computer Science, vol 1560. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-49162-7_6
Download citation
DOI: https://doi.org/10.1007/3-540-49162-7_6
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-65644-9
Online ISBN: 978-3-540-49162-0
eBook Packages: Springer Book Archive