Keeping data accessible for at most a finite period of time is an important and difficult problem to solve. Let us consider the scenario where a company is electing its president. According to their rules, the ballots should be readable for at most three months after the election. We are dealing with the problem to ensure that the documents will indeed be destroyed, because even after deleting them, copies may remain accessible on media of some election group members.
This thesis describes the system design and implementation of the secure Ephemerizer System that was first introduced by Radia Perlman in 2005. The system is designed to enable users to keep data for a finite period of time before making the data unrecoverable by destroying the keys with which the data was encrypted. The task of the Ephemerizer System service is to create, advertise, and destroy keys required for the Ephemerizer System’s functionalities. We designed the Ephemerizer System Service’s security by placing the sensitive key management modules into a Trusted Computing Base (TCB). Our compartmentalized approach distributes security requirements at different sensitivity levels into different protection domains…
Contents
1 Introduction
1.1 Notation
1.2 Usage Scenarios
1.3 Technologies Background
1.3.1 Javacard Technology
1.3.1.1 Smart cards
1.3.1.2 The reader side application
1.3.1.3 The card side application
1.3.2 Trusted Computing Base
1.3.3 Web Services
1.4 Typographic Conventions
2 Problem Statement
3 Ephemerizer System and Its Protocols
3.1 Previous Work
3.1.1 Ephemeral Key Management
3.2 Secure Channel Between Service Consumers and EPHEMER-IZER SYSTEM
4 System View
i4.1 EPHEMERIZER SERVICE Infrastructure
4.2 EPHEMERIZER SERVICE Initialization
4.3 Administrator View
4.3.1 Database Administration
4.3.2 Javacard Administration
4.4 User View
4.4.1 Ephemeral Key Pair Request
4.4.2 Ephemeral Key Pair Retrieval
4.4.3 Encryption Procedure
4.4.4 Decryption Procedure
5 System Design
5.1 Detail Scenarios
5.1.1 Request of Ephemeral Key
5.1.2 Decryption Procedures
5.2 Determination of Security Level
5.2.1 Ephemeral Key Management Modules
5.2.2 Bell-LaPadula Model
5.2.3 AES Engine
5.2.4 Expiration Validator
5.3 Javacard Module
5.3.1 Invocation Model of Javacard
5.3.2 On-card Time Validator
5.3.3 On-card AES module for Ephemeal Key Pairs
5.3.4 RSA Generator
5.4 Card Accessor
5.5 WEBSERVICE HANDLER
5.6 Mutual Authenticaiton Between EPHEMERIZER SERVICE and Administrator
6 Implementation
6.1 WEBSERVICE HANDLER
6.1.1 Data Mapping
6.1.2 Deployment
ii6.1.3 Ant for WEBSERVICE HANDLER
6.1.4 Database Layer
6.1.5 Card Accessor
6.2 Javacard
6.2.1 Javacard Applets Installation
6.2.1.1 APDU script modification
6.2.1.2 Ant for Javacard
6.2.2 Javacard Applets
6.2.2.1 Applets dispatcher
6.2.2.2 Applets stub-skeleton
6.2.2.3 Object deletion mechanism
6.2.2.4 Transmission of data segments
7 Experience
7.1 Database
7.2 Compartmentalized Approach
7.3 Javacard
7.4 Webservices
7.5 Message Decrypter
8 Conclusion and Future Research
8.1 Limitations
8.1.1 Enhanced TCB Platform
8.1.2 Reasons for Choice of the Javacard as TCB
8.2 Future Research
Bibliography
Author: Xu, Shangjin
Source: Linköping University
Download URL 2: Visit Now