TY - GEN
T1 - Exploiting social networks for threshold signing
T2 - 2008 ACM Symposium on Information, Computer and Communications Security, ASIACCS '08
AU - Xu, Shouhuai
AU - Li, Xiaohu
AU - Parker, Paul
PY - 2008
Y1 - 2008
N2 - Digital signatures are an important security mechanism, especially when non-repudiation is desired. However, non-repudiation is meaningful only when the private signing keys and functions are adequately protected - - an assumption that is very difficult to accommodate in the real world because computers (and thus cryptographic keys and functions) could be relatively easily compromised. One approach to resolving, or at least alleviating, this problem is to use threshold cryptography. But how should such techniques be employed in the real world? In this paper we propose exploiting social networks whereby average users take advantage of their trusted ones to help secure their cryptographic keys. While the idea is simple from an individual user's perspective, we aim to understand the resulting systems from a whole-system perspective. Specifically, we propose and investigate two measures of the resulting systems: attack-resilience, which captures the security consequences due to the compromise of some computers and thus the compromise of the cryptographic key shares stored on them; availability, which captures the effect when computers are not always responsive (due to the peer-to-peer nature of social networks).
AB - Digital signatures are an important security mechanism, especially when non-repudiation is desired. However, non-repudiation is meaningful only when the private signing keys and functions are adequately protected - - an assumption that is very difficult to accommodate in the real world because computers (and thus cryptographic keys and functions) could be relatively easily compromised. One approach to resolving, or at least alleviating, this problem is to use threshold cryptography. But how should such techniques be employed in the real world? In this paper we propose exploiting social networks whereby average users take advantage of their trusted ones to help secure their cryptographic keys. While the idea is simple from an individual user's perspective, we aim to understand the resulting systems from a whole-system perspective. Specifically, we propose and investigate two measures of the resulting systems: attack-resilience, which captures the security consequences due to the compromise of some computers and thus the compromise of the cryptographic key shares stored on them; availability, which captures the effect when computers are not always responsive (due to the peer-to-peer nature of social networks).
KW - Attack-resilience
KW - Availability
KW - Social networks
KW - Threshold cryptography
KW - Threshold signing
UR - http://www.scopus.com/inward/record.url?scp=77952350757&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=77952350757&partnerID=8YFLogxK
U2 - 10.1145/1368310.1368358
DO - 10.1145/1368310.1368358
M3 - Conference contribution
AN - SCOPUS:77952350757
SN - 9781595939791
T3 - Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, ASIACCS '08
SP - 325
EP - 336
BT - Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, ASIACCS '08
Y2 - 18 March 2008 through 20 March 2008
ER -