News & Events
The Advanced Network Colloquium Series

This talk will present an overview of the SUCSES research project conducted jointly by UC Irvine and Stanford. The projec's main goal is to develop novel methods for providing cryptographic services --such as key generation, digital signatures and encryption -- that allow for immediate (or, at least, fast) revocation and finely-granular control. Other goals include aiding weakcomputing devices in using public key cryptography as well as simplifying certificate management by means of identity-based encryption.

We first present a new approach to fast certificate revocation centered around the concept of an on-line semi-trusted mediator (SEM). The use of a SEM in conjunction with a simple threshold variant of the RSA cryptosystem (mediated RSA) offers a number of practical advantages over current revocation techniques. Our approach simplifies validation of digital signatures and enables certificate revocation within legacy systems. It also provides immediate revocation of all securtiy capabilities. This paper discusses both the architecture and implementation of our approach as well as performance and compatibility with the existing infrastructure. Our results show that threshold cryptography is practical for certificate revocation.

Next, we will explore practical and conceptual implications of using Server-Aided Signatures (SAS). SAS is a signature method that utilizes the very same SEM concept as mRSA, but with a different underlying mechanism. SEMs aid regular users small, resource-limited devices in computing heavy-weight (normally expensive) digital signatures, SAS also offers fast certificate revocation, signature causality and reliable timestamping. It also has some interesting features such as built-in attack detection for users and DoS resistance for SEMs.

Dr. Gene Tsudik is an Associate Professor in Information and Computer Science Department at UC Irvine. He has been active in the area of network security and applied cryptography since 1987. He received his Ph.D. in Computer Science from USC in 1991 for his work on access control in inter-networks. He was one of the designers of VISA protocols or inter-domain access control (ancestors of modern firewalls), and a key participant in the initial research efforts on policy-based routing in the Internet.

While at IBM Research, Dr. Tsudik led the development of KryptoKnight, a network authentication and access control service that later became the IBM NetSP product. He also participated in the European Community sponsored project on Security Management and was involved in a number of research activities on mobile networking, smartcards, and intelligent agents. hew was the designer of Babel, a highly-secure anonymous Internet remailer. As a key member of a small team of IBM securty experts, he took part in the design of the iKP protocol family---the very first solution for secure payment over the Internet. He subsequently led the iKP development effort that culminated in the first trial and deployment of secure electronic credit-card payment.

At USC/ISI, Dr. Tsudik has been conducting sponsored research in electronic commerce, security infrastructure for large-scale meta-computing, secure group communications and routing in ad hoc networks. Since coming to UC Irvine in January 2000, he continued his research on these topics and initiated new research efforts in multicast security, digital signatures and anonymous communication.

Dr. Tsudik has over 50 refereed publications in the areas of cryptography, computer security and internetworking.

A videotape of this seminar is available from the Center for Satellite and Hybrid Communication Networks (CSHCN).

CSHCN students and faculty may check out a videotape from the CSHCN Library in the Engineering Annex Building.

Others may purchase a videotape from CSHCN. A complete paper copy of the speaker's slides accompanies the tape.

To order a videotape or for more information, contact Diane Hicks by phone at (301) 405-7900 or by e-mail at dhicks@isr.umd.edu.