Exploiting social networks for threshold signing: attack-resilience vs. availability

Digital signatures are an important security mechanism, especially when non-repudiation is desired. However, non-repudiation is meaningful only when the private signing keys and functions are adequately protected --- an assumption that is very difficult to accommodate in the real world because computers (and thus cryptographic keys and functions) could be relatively easily compromised. One approach to resolving, or at least alleviating, this problem is to use threshold cryptography. But how should such techniques be employed in the real world? In this paper we propose exploiting social networks whereby average users take advantage of their trusted ones to help secure their cryptographic keys. While the idea is simple from an individual user's perspective, we aim to understand the resulting systems from a whole-system perspective. Specifically, we propose and investigate two measures of the resulting systems: attack-resilience, which captures the security consequences due to the compromise of some computers and thus the compromise of the cryptographic key shares stored on them; availability, which captures the effect when computers are not always responsive (due to the peer-to-peer nature of social networks).
Date: December 31, 2008
Book Title: 3rd ACM Symposium on Information, Computer and Communications Security (ASIACCS’08), pp 325-336, ACM
Type: Article

Bibtex


@Article{Exploiting_social_networks_for_threshold,
  author = "Shouhuai Xu and Xiaohu Li and Paul Parker",
  title = "{Exploiting social networks for threshold signing: attack-resilience vs. availability}",
  month = "December",
  year = "2008",
  journal = "3rd ACM Symposium on Information, Computer and Communications Security (ASIACCS’08), pp 325-336, ACM",
}