D5.2 Security Protocols Early Prototype Library

Contributing Partners

SIC, OTE, TUG, FOKUS, ATOS, AIT, KGH

Executive Summary 

The CREDENTIAL project requires several fundamental cryptographic primitives, algorithms and protocols. Those components are developed and documented within the scope of this deliverable. As the resulting library is used within platform dependent software on client side as well as on server side it was decided to split the library in two components, the Java Library for Cryptographic Primitives and the Android Crypto Library with Key Management Implementation resulting in a modular and efficient framework. The former is used to implement all platform independent cryptographic algorithms and protocols. In first instance, as one of CREDENTIAL’s most important and fundamental base components, this is a proxy reencryption scheme suitable for practical usage. To be more precise, it should not only provide all required security features and properties, but it should also be able to process large datasets and it should be interoperable with other related standards, e.g., PKCS#8 and X509. The latter provides mechanisms to generate and store all necessary cryptographic keys securely on Android devices using the hardware based TrustZone as secure haven. Furthermore the latter provides a façade for making the usage of Java Library for Cryptographic Primitives more convenient for CREDENTIAL purposes by simplifying respectively abstracting the underlying complexity. In first instance the following document describes the settings for this deliverable. After introducing the CREDENTIAL project itself together with the pilot scenarios, the scope of this library is defined next to the relations to other deliverables to be more accurately. A high level overview of the implemented components is provided in further consequence, including a basic overview of proxy re-encryption and key storage. Afterwards different usage scenarios of this library are listed, leading to the design decision of splitting up the library in the two aforementioned components Java Library for Cryptographic Primitives respectively Android Crypto Library with Key Management Implementation. The resulting libraries are described in detail within the next two sections, each. Those two sections contain explanations of the subcomponents as well as performed adoptions to making the results more suitable for practical scenarios. Special focus is also dedicated to the parametrization, usage examples and API
documentation. The document is topped off with an outlook on future cryptographic algorithms, protocols and algorithms to be integrated with the second implementation iteration. Additionally class diagrams of the most important component groups are attached in the appendix.