WebCrySIL - Web Cryptographic Service Interoperability Layer

Florian Reimair, Peter Teufl, Thomas Zefferer

2015

Abstract

Today’s applications need to work with a heterogeneous collection of platforms. Servers, desktops, mobile devices, and web browsers share data and workload. Many of these applications handle sensitive data or even have security as their core feature. Secure messaging, password storage, encrypted cloud storage applications or alike make use of cryptographic algorithms and protocols. These algorithms and protocols require keys. The keys in turn have to be provisioned, securely stored, and shared between various devices. Unfortunately, handling the keys and the availability of cryptographic APIs evokes non-trivial challenges in current heterogeneous platform environments. Also, the implementation of APIs supporting cryptographic protocols on arbitrary platforms require significant effort, which is a major challenge when new cryptographic protocols become available. Our approach, the Crypto Service Interoperability Layer (CrySIL), enables applications to securely store/use/share key material and supports a wide range of cryptographic protocols and algorithms on heterogeneous platforms. CrySIL complements existing solutions that mitigate the aforementioned problems through central services by allowing for more flexible deployment scenarios. In this work, we explain the motivation of CrySIL, describe its architecture, highlight its deployment in a typical heterogeneous application use case and reflect on achievements and shortcomings.

References

  1. Ateniese, G., Fu, K., Green, M., and Hohenberger, S. (2006). Improved proxy re-encryption schemes with applications to secure distributed storage.
  2. Bellare, M., Boldyreva, A., and O Neill, A. (2007). Deterministic and Efficiently Searchable Encryption. In Proceedings of the International Cryptology Conference on Advances in Cryptology (CRYPTO), pages 535-552. Springer.
  3. Camenisch, J. and Shoup, V. (2003). Practical Verifiable Encryption and Decryption of Discrete Logarithms. In Boneh, D., editor, CRYPTO 2003: Advances in Cryptology, volume 2729 of Lecture Notes in Computer Science, pages 126-144. Springer Berlin Heidelberg.
  4. Egele, M., Brumley, D., Fratantonio, Y., and Kruegel, C. (2013). An empirical study of cryptographic misuse in android applications. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS 7813, pages 73-84, New York, New York, USA. ACM Press.
  5. Fahl, S., Harbach, M., Muders, T., Smith, M., Baumgärtner, L., and Freisleben, B. (2012). Why eve and mallory love android. In Proceedings of the 2012 ACM conference on Computer and communications security - CCS 7812, page 50, New York, New York, USA. ACM Press.
  6. Hanser, C. and Slamanig, D. (2013). Blank digital signatures. In Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security - ASIA CCS 7813, page 95, New York, New York, USA. ACM Press.
  7. IDC (2014). Worldwide Wearable Computing Market Gains Momentum with Shipments Reaching 19.2 Million in 2014 and Climbing to Nearly 112 Million in 2018, Says IDC. https://www.businesswire.com/news/home/ 20140410005050/en/Worldwide-Wearable-ComputingMarket-Gains-Momentum-Shipments. last visited on March, 25th 2015.
  8. Leitold, H., Hollosi, A., and Posch, R. (2002). Security architecture of the Austrian citizen card concept. 18th Annual Computer Security Applications Conference, 2002. Proceedings.
  9. Naehrig, M., Lauter, K., and Vaikuntanathan, V. (2011). Can homomorphic encryption be practical? In Proceedings of the 3rd ACM workshop on Cloud computing security workshop - CCSW 7811, pages 113-124. ACM Press.
  10. Parliament, E. U. and Council (2000). Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures. Offcial Journal of the European Communities, L 013:12-20.
  11. Trusted Computing Group (2011). TCG TPM specification version 1.2 revision 116. http:// www.trusted computinggroup.org/resources/tpm main specification. last visited on January 29, 2013.
  12. van Hoboken, J. V. J., Arnbak, A., and van Eijk, N. (2012). Cloud Computing in Higher Education and Research Institutions and the USA Patriot Act. SSRN Electronic Journal.
Download


Paper Citation


in Harvard Style

Reimair F., Teufl P. and Zefferer T. (2015). WebCrySIL - Web Cryptographic Service Interoperability Layer . In Proceedings of the 11th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST, ISBN 978-989-758-106-9, pages 35-44. DOI: 10.5220/0005488400350044


in Bibtex Style

@conference{webist15,
author={Florian Reimair and Peter Teufl and Thomas Zefferer},
title={WebCrySIL - Web Cryptographic Service Interoperability Layer},
booktitle={Proceedings of the 11th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,},
year={2015},
pages={35-44},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005488400350044},
isbn={978-989-758-106-9},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 11th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,
TI - WebCrySIL - Web Cryptographic Service Interoperability Layer
SN - 978-989-758-106-9
AU - Reimair F.
AU - Teufl P.
AU - Zefferer T.
PY - 2015
SP - 35
EP - 44
DO - 10.5220/0005488400350044