Tandem: Securing Keys by Using a Central Server While Preserving Privacy
This addresses privacy and security issues for users of devices like smartphones and laptops, though it appears incremental as it builds on existing server-assisted key management approaches.
The paper tackles the problem of securely storing and processing cryptographic keys on user devices by introducing Tandem, a set of protocols that use a central server with one-time-use key-share tokens to preserve privacy, enabling key blocking and rate-limiting, and it shows minimal overhead in implementation.
Users' devices, e.g., smartphones or laptops, are typically incapable of securely storing and processing cryptographic keys. We present Tandem, a novel set of protocols for securing cryptographic keys with support from a central server. Tandem uses one-time-use key-share tokens to preserve users' privacy with respect to a malicious central server. Additionally, Tandem enables users to block their keys if they lose their device, and it enables the server to limit how often an adversary can use an unblocked key. We prove Tandem's security and privacy properties, apply Tandem to attribute-based credentials, and implement a Tandem proof of concept to show that it causes little overhead.