6,287 research outputs found
LPKI - A Lightweight Public Key Infrastructure for the Mobile Environments
The non-repudiation as an essential requirement of many applications can be
provided by the asymmetric key model. With the evolution of new applications
such as mobile commerce, it is essential to provide secure and efficient
solutions for the mobile environments. The traditional public key cryptography
involves huge computational costs and is not so suitable for the
resource-constrained platforms. The elliptic curve-based approaches as the
newer solutions require certain considerations that are not taken into account
in the traditional public key infrastructures. The main contribution of this
paper is to introduce a Lightweight Public Key Infrastructure (LPKI) for the
constrained platforms such as mobile phones. It takes advantages of elliptic
curve cryptography and signcryption to decrease the computational costs and
communication overheads, and adapting to the constraints. All the computational
costs of required validations can be eliminated from end-entities by
introduction of a validation authority to the introduced infrastructure and
delegating validations to such a component. LPKI is so suitable for mobile
environments and for applications such as mobile commerce where the security is
the great concern.Comment: 6 Pages, 6 Figure
PKI Safety Net (PKISN): Addressing the Too-Big-to-Be-Revoked Problem of the TLS Ecosystem
In a public-key infrastructure (PKI), clients must have an efficient and
secure way to determine whether a certificate was revoked (by an entity
considered as legitimate to do so), while preserving user privacy. A few
certification authorities (CAs) are currently responsible for the issuance of
the large majority of TLS certificates. These certificates are considered valid
only if the certificate of the issuing CA is also valid. The certificates of
these important CAs are effectively too big to be revoked, as revoking them
would result in massive collateral damage. To solve this problem, we redesign
the current revocation system with a novel approach that we call PKI Safety Net
(PKISN), which uses publicly accessible logs to store certificates (in the
spirit of Certificate Transparency) and revocations. The proposed system
extends existing mechanisms, which enables simple deployment. Moreover, we
present a complete implementation and evaluation of our scheme.Comment: IEEE EuroS&P 201
An Elliptic Curve-based Signcryption Scheme with Forward Secrecy
An elliptic curve-based signcryption scheme is introduced in this paper that
effectively combines the functionalities of digital signature and encryption,
and decreases the computational costs and communication overheads in comparison
with the traditional signature-then-encryption schemes. It simultaneously
provides the attributes of message confidentiality, authentication, integrity,
unforgeability, non-repudiation, public verifiability, and forward secrecy of
message confidentiality. Since it is based on elliptic curves and can use any
fast and secure symmetric algorithm for encrypting messages, it has great
advantages to be used for security establishments in store-and-forward
applications and when dealing with resource-constrained devices.Comment: 13 Pages, 5 Figures, 2 Table
BlockPKI: An Automated, Resilient, and Transparent Public-Key Infrastructure
This paper describes BlockPKI, a blockchain-based public-key infrastructure
that enables an automated, resilient, and transparent issuance of digital
certificates. Our goal is to address several shortcomings of the current TLS
infrastructure and its proposed extensions. In particular, we aim at reducing
the power of individual certification authorities and make their actions
publicly visible and accountable, without introducing yet another trusted third
party. To demonstrate the benefits and practicality of our system, we present
evaluation results and describe our prototype implementation.Comment: Workshop on Blockchain and Sharing Economy Application
ViotSOC: Controlling Access to Dynamically Virtualized IoT Services using Service Object Capability
Virtualization of Internet of Things(IoT) is a concept of dynamically
building customized high-level IoT services which
rely on the real time data streams from low-level physical
IoT sensors. Security in IoT virtualization is challenging,
because with the growing number of available (building
block) services, the number of personalizable virtual
services grows exponentially. This paper proposes Service
Object Capability(SOC) ticket system, a decentralized access
control mechanism between servers and clients to effi-
ciently authenticate and authorize each other without using
public key cryptography. SOC supports decentralized
partial delegation of capabilities specified in each server/-
client ticket. Unlike PKI certificates, SOCās authentication
time and handshake packet overhead stays constant regardless
of each capabilityās delegation hop distance from the
root delegator. The paper compares SOCās security bene-
fits with Kerberos and the experimental results show SOCās
authentication incurs significantly less time packet overhead
compared against those from other mechanisms based on
RSA-PKI and ECC-PKI algorithms. SOC is as secure as,
and more efficient and suitable for IoT environments, than
existing PKIs and Kerberos
PKI Scalability Issues
This report surveys different PKI technologies such as PKIX and SPKI and the
issues of PKI that affect scalability. Much focus is spent on certificate
revocation methodologies and status verification systems such as CRLs,
Delta-CRLs, CRS, Certificate Revocation Trees, Windowed Certificate Revocation,
OCSP, SCVP and DVCS.Comment: 23 pages, 2 figure
- ā¦