D5.4 Security Protocols Reference Component Library

Contributing Partners 

SIC, OTE, TUG, FOKUS, ATOS, AIT, KGH

Executive Summary 

The CREDENTIAL project requires several fundamental cryptographic primitives, algorithms and protocols. Those components are developed and documented within the scope of this deliverable.
As the resulting library is used within platform dependent software on client side as well as on server side it was decided to split the library into three basic components, the Java Library for Cryptographic Primitives, the Android Crypto Library with Key Management Implementation and the PRE/RS File Format Library resulting in a modular and ecient framework.
The Java Library for Cryptographic Primitives is used to implement all platform independent cryptographic algorithms and protocols. In the first instance, as one of CREDENTIAL’s most important and fundamental base component, those are proxy re-encryption schemes suitable for practical usage. To be more precise, they do not only provide required security features and properties, but they are also able to process large datasets using hybrid encryption and they are interoperable with other related standards, e.g., PKCS#8 and X509. A second fundamental library component is the provision of redactable signature primitives. The implemented signature scheme is built upon dynamic accumulators and supports basically redaction of list and set data types. Finally, the library oers a scheme allowing the combination of the aforementioned primitives: redacting proxy re-encrypted ciphertext. PRE/RS File Format Library on the other hand is a library supplementing the Java Library for Cryptographic Primitives by adding support for CREDENTIAL specific file formats for the proxy re-encryption/redactable signature combination, encapsulating CREDENTIAL specific implementations from the generic cryptographic library. The Android Crypto Library with Key Management Implementation finally provides mechanisms to generate and store all necessary cryptographic keys securely on Android devices using the hardware-based TrustZone as the secure haven. Furthermore, it provides a façade for making the usage of Java Library for Cryptographic Primitives more convenient for CREDENTIAL purposes by simplifying respectively abstracting the underlying complexity.
Initially, the following document describes the settings for this deliverable. After introducing the CREDENTIAL project itself together with the pilot scenarios, the scope of this library is defined next to the relations to other deliverables to be more accurately. A high-level overview of the implemented components is provided in further consequence, including a basic overview of proxy re-encryption, redactable signatures, the combination of the latter and key storage. Afterwards, dierent usage scenarios of this library are listed, leading to the design decision of splitting up the library in the three aforementioned components Java Library for Cryptographic Primitives, PRE/RS File Format Library respectively Android Crypto Library with Key Management Implementation. The resulting libraries are described in detail within the next three sections, each. Those sections contain explanations of the subcomponents as well as performed adoptions to make the results more suitable for practical scenarios. Special focus is also dedicated to the parametrization, usage examples, and API documentation. The document is topped o with a short evaluation. Additionally, class diagrams of the most important component groups are attached in the appendix.