An attack on the proactive RSA signature scheme in the URSA ad hoc network access control protocol

ACM Workshop on Security of ad hoc and Sensor Networks Pub Date : 2004-10-25 DOI:10.1145/1029102.1029105

Stanislaw Jarecki, Nitesh Saxena, J. Yi

{"title":"An attack on the proactive RSA signature scheme in the URSA ad hoc network access control protocol","authors":"Stanislaw Jarecki, Nitesh Saxena, J. Yi","doi":"10.1145/1029102.1029105","DOIUrl":null,"url":null,"abstract":"Recently, Luo, et al. in a series of papers [17, 14, 13, 18, 15] proposed a set of protocols for providing ubiquitous and robust access control [URSA] in mobile ad hoc networks without relying on a centralized authority. The URSA protocol relies on the new proactive RSA signature scheme, which allows members in an ad hoc group to make access control decisions in a distributed manner. The proposed proactive RSA signature scheme is assumed secure as long as no more than an allowed threshold of participating members is simultaneously corrupted at any point in the lifetime of the scheme.\n In this paper we show an attack on this proposed proactive RSA scheme, in which an admissible threshold of malicious group members can completely recover the group RSA secret key in the course of the lifetime of this scheme. Our attack stems from the fact that the threshold signature protocol which is a part of this proactive RSA scheme leaks some seemingly innocuous information about the secret signature key. We show how the corrupted members can in uence the execution of the scheme in such a way so that the slowly leaked information is used to reconstruct the entire shared secret.","PeriodicalId":380051,"journal":{"name":"ACM Workshop on Security of ad hoc and Sensor Networks","volume":"15 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2004-10-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"52","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Workshop on Security of ad hoc and Sensor Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1029102.1029105","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 52

Abstract

Recently, Luo, et al. in a series of papers [17, 14, 13, 18, 15] proposed a set of protocols for providing ubiquitous and robust access control [URSA] in mobile ad hoc networks without relying on a centralized authority. The URSA protocol relies on the new proactive RSA signature scheme, which allows members in an ad hoc group to make access control decisions in a distributed manner. The proposed proactive RSA signature scheme is assumed secure as long as no more than an allowed threshold of participating members is simultaneously corrupted at any point in the lifetime of the scheme. In this paper we show an attack on this proposed proactive RSA scheme, in which an admissible threshold of malicious group members can completely recover the group RSA secret key in the course of the lifetime of this scheme. Our attack stems from the fact that the threshold signature protocol which is a part of this proactive RSA scheme leaks some seemingly innocuous information about the secret signature key. We show how the corrupted members can in uence the execution of the scheme in such a way so that the slowly leaked information is used to reconstruct the entire shared secret.

查看原文本刊更多论文

针对URSA自组网访问控制协议中主动RSA签名方案的攻击

最近，Luo等人在一系列论文[17,14,13,18,15]中提出了一套协议，用于在移动自组织网络中提供无处不在的鲁棒访问控制[URSA]，而不依赖于集中授权。URSA协议依赖于新的主动RSA签名方案，该方案允许临时组中的成员以分布式方式做出访问控制决策。只要在方案的生命周期内任何时候同时损坏的参与成员不超过一个允许的阈值，那么所提出的主动RSA签名方案就是安全的。在本文中，我们展示了对该提议的主动RSA方案的攻击，其中恶意组成员的可接受阈值可以在该方案的生命周期内完全恢复组RSA秘钥。我们的攻击源于这样一个事实，即作为主动RSA方案一部分的阈值签名协议泄露了一些关于秘密签名密钥的看似无害的信息。我们展示了损坏的成员如何以这样一种方式影响方案的执行，以便使用缓慢泄露的信息来重建整个共享秘密。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ACM Workshop on Security of ad hoc and Sensor Networks

自引率

0.00%

发文量