Risk Management in Public Key Infrastructure

Nowadays it is almost impossible not to hear or read about the risks of using computer systems. Top management is becoming more interested in risk management process and their analysis regarding the use of information technologies within their organization. This is due primarily to the Internet boom and high level of dependence of their business to information systems. Risk management is the process that allows IT managers to balance the operational and economic costs of protective measures and obtain assets in mission capability by securing the IT systems and data that help their organizations performances. In this paper we present the risk management processes, the main services offered by the Public Key Infrastructure and security risks that may arise in implementing Public Key Infrastructure.risk management; public key infrastructure; PKI services; PKI risks.

Internet X.509 Public Key Infrastructure Operational Protocols -- LDAPv3

This document describes the features of the Lightweight Directory Access Protocol v3 that are needed in order to support a public key infrastructure based on X.509 certificates and CRLs

Public Key Infrastructure based on Authentication of Media Attestments

Many users would prefer the privacy of end-to-end encryption in their online communications if it can be done without significant inconvenience. However, because existing key distribution methods cannot be fully trusted enough for automatic use, key management has remained a user problem. We propose a fundamentally new approach to the key distribution problem by empowering end-users with the capacity to independently verify the authenticity of public keys using an additional media attestment. This permits client software to automatically lookup public keys from a keyserver without trusting the keyserver, because any attempted MITM attacks can be detected by end-users. Thus, our protocol is designed to enable a new breed of messaging clients with true end-to-end encryption built in, without the hassle of requiring users to manually manage the public keys, that is verifiably secure against MITM attacks, and does not require trusting any third parties

BlockPKI: An Automated, Resilient, and Transparent Public-Key Infrastructure

This paper describes BlockPKI, a blockchain-based public-key infrastructure that enables an automated, resilient, and transparent issuance of digital certificates. Our goal is to address several shortcomings of the current TLS infrastructure and its proposed extensions. In particular, we aim at reducing the power of individual certification authorities and make their actions publicly visible and accountable, without introducing yet another trusted third party. To demonstrate the benefits and practicality of our system, we present evaluation results and describe our prototype implementation.Comment: Workshop on Blockchain and Sharing Economy Application

LPKI - A Lightweight Public Key Infrastructure for the Mobile Environments

The non-repudiation as an essential requirement of many applications can be provided by the asymmetric key model. With the evolution of new applications such as mobile commerce, it is essential to provide secure and efficient solutions for the mobile environments. The traditional public key cryptography involves huge computational costs and is not so suitable for the resource-constrained platforms. The elliptic curve-based approaches as the newer solutions require certain considerations that are not taken into account in the traditional public key infrastructures. The main contribution of this paper is to introduce a Lightweight Public Key Infrastructure (LPKI) for the constrained platforms such as mobile phones. It takes advantages of elliptic curve cryptography and signcryption to decrease the computational costs and communication overheads, and adapting to the constraints. All the computational costs of required validations can be eliminated from end-entities by introduction of a validation authority to the introduced infrastructure and delegating validations to such a component. LPKI is so suitable for mobile environments and for applications such as mobile commerce where the security is the great concern.Comment: 6 Pages, 6 Figure

Public Key Infrastructure

U ovom radu bavili smo se infrastrukturom javnog ključa u oznaci PKI. Pogledali smo neke bitnije dijelove od kojih se PKI sastoji i ukratko ih opisali. Nakon toga, pogledali smo jedan protokol koji se koristi u praksi, a to je SSL protokol kojega smo ilustrirali na primjeru. Objasnili smo pojam certifikata koji je građevna jedinica PKI-ja i uz to dali primjer ceritfikata. Opisali smo model koji daje jasna pravila koja određuju način na koji će se graditi put certifikata, a to je model povjerenja. Naveli smo neke primjere modela povjerenja i opisali ih na primjerima. U poglavlju nakon toga rekli smo nešto o budućnosti PKI-a i na kraju smo objasnili kriptografiju baziranu na identitetu, tj. obradili smo Cocksovu enkripcijsku shemu baziranu na identitetu, kao jedan oblik ove kriptografije.This paper aims to discuss the Public-key Infrastructure in the PKI label, which includes and describes some of the more important parts of the PKI. One of the more used protocols, SSL, was presented along with an example. In this paper certificates as the founding blocks of PKI were also more thoroughly explained, as well as a model that provides clear rules which define the certificates path si built, the trust model for which more examples are provided. The chapter after that discusses the future of PKI and identity-based cryptography, such as the Cocks Identity-based Encryption Scheme

An identity-based key infrastructure suitable for messaging applications

Abstract—Identity-based encryption (IBE) systems are relatively recently proposed; yet they are highly popular for messaging applications since they offer new features such as certificateless infrastructure and anonymous communication. In this paper, we intended to propose an IBE infrastructure for messaging applications. The proposed infrastructure requires one registration authority and at least one public key generator and they secret share the master secret key. In addition, the PKG also shares the same master secret with each user in the system in a different way. Therefore, the PKG will never be able to learn the private keys of users under non-collusion assumption. We discuss different aspects of the proposed infrastructure such as security, key revocation, uniqueness of the identities that constitute the main drawbacks of other IBE schemes. We demonstrate that our infrastructure solves many of these drawbacks under certain assumptions