RT Journal Article
JF 16th Euromicro Conference on Parallel, Distributed and Network-Based Processing (PDP 2008)
YR 2008
VO 00
IS
SP 581
TI An Optimized Double Cache Technique for Efficient Use of Forward-secure Signature Schemes
A1 Luca Albertalli,
A1 Diana Berbecaru,
K1 generic FSS schemes
K1 double cache technique
K1 backward secrecy
AB The greatest threat against the security of a digital signature scheme is the exposure of the secret (signing) key, due to the compromise of the security of the underlying system or machine storing the key. This attack is known as key exposure attack, and hypothetically any security service that is provided via an online server digitally signing in real time the data (e.g. timestamping server) is exposed to such an attack. In this paper we perform one step forward towards optimizing the usage of Forward Secure Signature (FSS) schemes on large scale to mitigate key exposure attacks. First of all, we have performed extended tests with the already implemented OpenSSL-based libfss library, which supports several generic FSS schemes, such as ISum, BMTree or MMM schemes. We observed that one critical phase is the key update phase, which typically requires a large amount of time and resources. Thus, we propose an optimization technique for ISum scheme?s implementation (named double cache updating technique), which makes use of two dedicated caches: one for the keys and one for the intermediate (hash) nodes. The results obtained are encouraging since the proposed double cache technique provides a constant key update time and a low memory footprint.
PB IEEE Computer Society, [URL:http://www.computer.org]
SN 1066-6192
LA English
DO 10.1109/PDP.2008.64
LK http://doi.ieeecomputersociety.org/10.1109/PDP.2008.64