Survey and Taxonomy of Key Management Protocols for Wired and Wireless Networks

ABSTRACT Number of keys used to convert plaintext to ciphertext. For example, symmetric/single or asymmetric/two key/public key. Key is an element which can be either numeric or non-numeric, which when applied to a given message results in a encrypted message. Key can be implicitly or explicitly derived from plaintext. Implicit key derivation is also known as auto keying, where the derived key is a part of the plaintext. Explicit key or individual key is a key that is not a part of the plaintext. For a secure communication to take place, the life cycle of key involves: initialization, agreement, distribution and cancellation. This entire process is also known as key management

Secure Certificate Management and Device Enrollment at IoT Scale.

The Internet of Things (IoT) is expected to comprise of over 20 billion devices connected to the Internet by the year 2020, and support mission critical applications such as health care, road safety and emergency services to name a few. This massive scale of IoT device deployment, heterogeneity of devices and applications, and the autonomous nature of the decision making process introduces new security requirements and challenges. The devices must be securely bootstrapped in to the network to provide secure inter--device communication and also, the applications must be able to authenticate and authorize these devices to provide the relevant services. In today's Internet, Public Key Infrastructure (PKI) is widely used to provide authenticity, encryption and data integrity during network communication through the use of digital certificates. This thesis investigates the key aspects for deploying a PKI security solution in an IoT ecosystem, ranging from deploying certificates on new devices (bootstrapping) to complete life cycle management of these certificates. We believe that the current PKI can be, with suitable enhancements, used to provide the efficiency, scalability and flexibility needed for IoT security. This thesis provides a survey of key aspects for deploying PKI security solution in IoT ecosystem. We investigate different certificate management protocols and motivate the applicability of enhanced security over transport (EST) protocol for IoT PKI solution. In addition, we propose a PKI deployment model and the bootstrap mechanism to bring up an IoT device and provision it with a digital certificate. Furthermore, we provide a prototype implementation to demonstrate certificate enrollment procedure with an EST server

Optimizing secure communication standards for disadvantaged networks

Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2009.Cataloged from PDF version of thesis.Includes bibliographical references (p. 137-140).We present methods for optimizing standardized cryptographic message protocols for use on disadvantaged network links. We first provide an assessment of current secure communication message packing standards and their relevance to disadvantaged networks. Then we offer methods to reduce message overhead in packing Cryptographic Message Syntax (CMS) structures by using ZLIB compression and using a Lite version of CMS. Finally, we offer a few extensions to the Extensible Messaging and Presence Protocol (XMPP) to wrap secure group messages for chat on disadvantaged networks and to reduce XMPP message overhead in secure group transmissions. We present the design and implementation of these optimizations and the results that these optimizations have on message overhead, extensibility, and usability of both CMS and XMPP. We have developed these methods to extend CMS and XMPP with the ultimate goal of establishing standards for securing communications in disadvantaged networks.by Stephen Hiroshi Okano.M.Eng

Emissão distribuída e em larga escala de certificados digitais

Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico, Programa de Pós-Graduação em Ciência da Computação, Florianópolis, 2013.A emissão de certificados digitais em larga escala de forma confiável tem sido um dos maiores desafios para a implantação de infraestruturas de chaves públicas. As soluções existentes, frutos de modelos propostos na década e 1990, não se mostram adequadas quando utilizadas para a emissão distribuída de grande quantidade de certificados digitais através de uma autoridade certificadora. Entre os problemas destacam-se a dificuldade de se implantar de forma rápida novas instalações técnicas para atender uma demanda pontual de certificados digitais e o gargalo quanto à disponibilidade, eficiência e performance, relativos à verificação de dados dos requerentes em grandes regiões geográficas. Este trabalho propõe um novo modelo e uma arquitetura de um sistema para a emissão distribuída de certificados digitais em larga escala. Foi implementado um protótipo do sistema e realizada uma comparação desta nova arquitetura com outras existentes. <br