benefit from using the asymmetric
Messages protected by participants’ public keys in Figure 2 that were
once secure are rendered insecure by
a PFW. The vulnerability of these encrypting public keys is compensated in
Figure 3 by supplemental messages to
reinstate acceptable security using the
asymmetric secrecy property. These
messages consist of communications
between participants and the server to
exchange secure session keys through
the secure channels provided by the
server’s public key.
Along with existing communication
between participant and server, some
of these supplemental messages are
concatenated with existing messages.
For example, the first two messages in
Figure 2 and Figure 3 perform equivalent actions, though the communication in Figure 3 derives added benefit
from the server’s longer keys. When in-ter-participant communications require
additional security (such as message
3 in Figure 2, originally protected by
PUB), another two messages (such as
3-2 and 3-3 in Figure 3) must be introduced to achieve the security requirement. Note the functionality of
message 3 in Figure 2 is replaced by
messages 3-1 to 3-3 in Figure 3.
In our key-exchange protocol,
though two extra messages are required to maintain long-term confidentiality, this added load is required
only when the participants are constructing new secure communications channels when a PFW exists.
The key exchanges are performed only
once per session. This additional overhead is marginal and should be within
the CA’s capacity. Even if that capacity
is exhausted, additional servers can
scale the service and solve the capacity problem in a centralized manner.
Security of cryptographic algorithms
is the most important element in
network applications concerning
confidentiality and authenticity. All
these network activities are based
on trust due to cryptography. Mod-
ern cryptographic methods provide
robust tools for short-term security,
but how can they guarantee files en-
crypted today are also secure until
their planned expiration date? Many
measures have been proposed in the
literature, but most focus on the sig-
nature rather than privacy and lack re-
alistic considerations. In this article,
we have defined PFW to highlight the
insecure period encountered by an en-
crypted file and quantify its long-term
We wish to express our gratitude to
Michael Chang ( email@example.com)
for discussions and his review of the
English in this article.
1. barker, e., barker, w., burr, w., Polk, w., and smid, M.
NIST Special Publication 800-57: Recommendation
for Key Management. national Institute of standards
and technology, gaithersburg, Md, May 2007; http://
2. buchmann j., May, a. and vollmer, u. Perspective for
cryptographic long-term security. Commun. ACM 49,
9 (sept. 2006), 50–55.
3. burrows, M., abadi, M., and needham, r. a logic
of authentication. ACM Transactions on Computer
Systems 8, 1 (feb. 1990), 18–36.
4. Cavallar, s., dodson, b., lenstra, a.k., lioen, w.,
Montgomery, P.l., Murphy, b., riele, h., aardal, k.,
gilchrist, j., guillerm, j., leyland, P., Marchand, j.,
Morain, f., Muffett, a., Putnam, C., and zimmermann,
P. factorization of a 512-bit rsa modulus. In
Proceedings of the 19th International Conference on
Theory and Application of Cryptographic Techniques,
b. Preneel, ed. springer-verlag, berlin, heidelberg,
Chi-Sung Laih (1956–2010) was a much-loved and
respected distinguished professor in the department of
electrical engineering of national Cheng kung university,
tainan City, taiwan.
Shang-Ming Jen ( firstname.lastname@example.org) is a Ph.d.
student in the department of electrical engineering of
national Cheng kung university, tainan City, taiwan.
Chia-Yu Lu ( email@example.com) is a Ph.d. student in the
department of electrical engineering of national Cheng
kung university, tainan City, taiwan.
© 2012 aCM 0001-0782/12/01 $10.00