On the Certificate Revocation Problem in the Maritime Sector

Maritime shipping is currently undergoing rapid digitalization, but with increasing exposure to cyber threats, there is a need to improve the security of the ship communication technology used during operations across international waters, as well as close to local shores and in ports. To this aid, there are ongoing standardization efforts for an international maritime Public Key Infrastructure, but the inherent properties of limited connectivity and bandwidth make certificate revocation a problematic affair compared to traditional Internet systems. The main contribution of this paper is an analysis of certificate revocation techniques based on how they fulfil fundamental maritime requirements and simulated usage over time. Our results identify CRLs (with Delta CRLs) and CRLite as the two most promising candidates. Finally, we outline the pros and cons with these two different solutions.publishedVersio

PKIX Certificate Status in Hybrid MANETs

Certificate status validation is a hard problem in general but it is particularly complex in Mobile Ad-hoc Networks (MANETs) because we require solutions to manage both the lack of fixed infrastructure inside the MANET and the possible absence of onnectivity to trusted authorities when the certification validation has to be performed. In this sense, certificate acquisition is usually assumed as an initialization phase. However, certificate validation is a critical operation since the node needs to check the validity of certificates in real-time, that is, when a particular certificate is going to be used. In such MANET environments, it may happen that the node is placed in a part of the network that is disconnected from the source of status data at the moment the status checking is required. Proposals in the literature suggest the use of caching mechanisms so that the node itself or a neighbour node has some status checking material (typically on-line status responses or lists of revoked certificates). Howeve to the best of our knowledge the only criterion to evaluate the cached (obsolete) material is the time. In this paper, we analyse how to deploy a certificate status checking PKI service for hybrid MANET and we propose a new criterion based on risk to evaluate cached status data that is much more appropriate and absolute than time because it takes into account the revocation process.Peer ReviewedPostprint (author’s final draft

Information Security Synthesis in Online Universities

Information assurance is at the core of every initiative that an organization executes. For online universities, a common and complex initiative is maintaining user lifecycle and providing seamless access using one identity in a large virtual infrastructure. To achieve information assurance the management of user privileges affected by events in the user's identity lifecycle needs to be the determining factor for access control. While the implementation of identity and access management systems makes this initiative feasible, it is the construction and maintenance of the infrastructure that makes it complex and challenging. The objective of this paper1 is to describe the complexities, propose a practical approach to building a foundation for consistent user experience and realizing security synthesis in online universities.Comment: 20 page

Nuevo criterio para la estimación de información de estado de certificados en MANET

En general, la validación del estado de certificados es una operación crítica, que adquiere una mayor complejidad en las redes móviles ad-hoc (Mobile Ad-hoc Networks, MANETs). Los usuarios de las redes MANET precisan de soluciones para gestionar tanto la falta de una infraestructura fija dentro de la red, como la posible ausencia de conexión a autoridades de confianza en el momento de efectuarse la validación del certificado. No obstante, la validación del certificado supone comprobar la validez de certificados en tiempo real, es decir, en el momento en que se vaya a operar con un certificado en particular. En tales entornos MANET, un nodo podría no tener conexión a la fuente de información de datos de estado cuando necesitara comprobar la validez de un certificado. En este artículo analizamos cómo desplegar un servicio de comprobación del estado de certificados PKI (Public Key Infrastructure) para redes MANET. Asimismo, se propone un nuevo criterio que resulta más apropiado y absoluto que los que han sido considerados hasta la fecha, como puede ser el tiempo transcurrido desde que se emitió la información de estado del certificado. El nuevo criterio que exponemos en este artículo tiene en cuenta el proceso global de revocación y se basa en el riesgo para evaluar los datos de estado cacheado

TLS Connection Validation by Web Browsers: Why do Web Browsers still not agree?

The TLS protocol is the primary technology used for securing web transactions. It is based on X.509 certificates that are used for binding the identity of web servers’ owners to their public keys. Web browsers perform the validation of X.509 certificates on behalf of web users. Our previous research in 2009 showed that the validation process of web browsers is inconsistent and flawed. We showed how this situation might have a negative impact on web users. From 2009 until now, many new X.509 related standards have been created or updated. In this paper, we performed an increased set of experiments over our 2009 study in order to highlight the improvements and/or regressions in web browsers’ behaviours

Ampliación y mejora de servicios en la infraestructura de clave pública para e-ciencia de la UNLP (PKIGrid UNLP)

La Universidad Nacional de La Plata cuenta con una infraestructura de clave pública (PKIGrid UNLP) para emisión de certificados para Argentina acreditada por TAGPMA la cual soporta las actividades de e-ciencia de la comunidad académica argentina. En esta tesina de grado se presenta una alternativa a la tecnología que se utiliza actualmente en PKIGrid UNLP para la infraestructura de clave pública, proponiendo mejoras a los servicios existentes y evaluando la posibilidad de incorporar nuevos servicios.Facultad de Informátic

Uma estratégia de publicação do status de chaves públicas em redes centradas na informação

Orientador : Carlos Alberto MazieroDissertação (mestrado) - Universidade Federal do Paraná, Setor de Ciências Exatas, Programa de Pós-Graduação em Informática. Defesa: Curitiba, 11/08/2017Inclui referências : p. 73-75Resumo: As redes centradas na informação (Information-Centric Networking - ICN) representam uma abordagem para aprimorar a infraestrutura da Internet, introduzindo dados nomeados como primitiva de rede. Os conteúdos tornam-se independentes de localização, aplicação, armazenamento e meios de transporte, permitindo o armazenamento em cache. Os benefícios esperados são melhorias na segurança, escalabilidade e redução da utilização de banda. Os conteúdos são nomeados pelos seus publicadores e precisam ser assinados digitalmente para garantir a sua integridade e proveniência. Para assinar os conteúdos, o publicador precisa utilizar os recursos disponibilizados por um sistema de infraestrutura de chaves públicas. Uma vez assinado, o conteúdo é servido aos clientes que devem recuperar a chave pública correspondente para validá-lo. Essa chave deve estar de acordo com as regras impostas pelo modelo de confiança adotado e precisa ser válida, ou seja, não pode ter sido revogada. Uma vez que uma chave é revogada, é necessário notificar os seus usuários. Este trabalho apresenta uma abordagem de um serviço para divulgação do status das chaves utilizadas para validação dos conteúdos. Este trabalho propõe um serviço distribuído e atualizado por replicação, visando melhorar sua robustez e diminuir o tempo necessário à propagação da informação do status das chaves na rede. Os principais resultados mostram que o serviço proposto pode reduzir significativamente o tempo de recuperação do status da chave, refletindo o estado atual do certificado. Os resultados também apontam que quando o consumidor recupera as informações de status da chave pelo serviço de consulta em vez do cache, ele obtém uma informação mais precisa. Palavras-chave: Segurança, Redes Centradas em Informações, Revogação de chaves.Abstract: The Information Centric Networks (ICN) is an approach to improve the Internet infrastructure, introducing data named as network primitive. The contents are independent of location, application, transport, allowing the storage in cache. The expected benefits are improvements in security, scalability, and reduced bandwidth usage. The contents are named by their publishers and must be digitally signed to ensure their provenance. To sign the contents the publisher must use the resources provided by a public key infrastructure system. Once signed, the content is offered to customers, which should retrive the corresponding public key to validate it. This key must be valid in conformity with the rules enforced by the trust model and must be valid, i.e. it should not have been revoked. Once a key is revoked, its users should be notified. This paper proposes a service approach to disseminate key status information of the keys used to validate the contents. Main results shows that the proposed service is able to significantly reduce key status retrieval time, reflecting the actual state of the certificate. When the consumer retrieves the key status information by our query service instead of the cache, it gets a more accurate information. Keywords: Security, Information Centric Networking, Key Revocation

Certificate status information distribution and validation in vehicular networks

Vehicular ad hoc networks (VANETs) are emerging as an functional technology for providing a wide range of applications to vehicles and passengers. Ensuring secure functioning is one of the prerequisites for deploying reliable VANETs. The basic solution envisioned to achieve these requirements is to use digital certificates linked to a user by a trusted third party. These certificates can then be used to sign information. Most of the existing solutions manage these certificates by means of a central Certification Authority (CA). According to IEEE 1609.2 standard, vehicular networks will rely on the public key infrastructure (PKI). In PKI, a CA issues an authentic digital certificate for each node in the network. Therefore, an efficient certificate management is crucial for the robust and reliable operation of any PKI. A critical part of any certificate-management scheme is the revocation of certificates. The distribution of certificate status information process, as well as the revocation process itself, is an open research problem for VANETs.In this thesis, firstly we analyze the revocation process itself and develop an accurate and rigorous model for certificate revocation. One of the key findings of our analysis is that the certificate revocation process is statistically self-similar. As none of the currently common formal models for revocation is able to capture the self-similar nature of real revocation data, we develop an ARFIMA model that recreates this pattern. We show that traditional mechanisms that aim to scale could benefit from this model to improve their updating strategies.Secondly, we analyze how to deploy a certificate status checking service for mobile networks and we propose a new criterion based on a risk metric to evaluate cached status data. With this metric, the PKI is able to code information about the revocation process in the standard certificate revocation lists. Thus, users can evaluate a risk function in order to estimate whether a certificate has been revoked while there is no connection to a status checking server. Moreover, we also propose a systematic methodology to build a fuzzy system that assists users in the decision making process related to certificate status checking.Thirdly, we propose two novel mechanisms for distributing and validating certificate status information (CSI) in VANET. This first mechanism is a collaborative certificate status checking mechanism based on the use based on an extended-CRL. The main advantage of this extended-CRL is that the road-side units and repository vehicles can build an efficient structure based on an authenticated hash tree to respond to status checking requests inside the VANET, saving time and bandwidth. The second mechanism aims to optimize the trade- off between the bandwidth necessary to download the CSI and the freshness of the CSI. This mechanism is based on the use of a hybrid delta-CRL scheme and Merkle hash trees, so that the risk of operating with unknown revoked certificates remains below a threshold during the validity interval of the base-CRL, and CAs have the ability to manage this risk by setting the size of the delta-CRLs. Finally, we also analyze the impact of the revocation service in the certificate prices. We model the behavior of the oligopoly of risk-averse certificate providers that issue digital certificates to clients facing iden- tical independent risks. We found the equilibrium in the Bertrand game. In this equilibrium, we proof that certificate providers that offer better revocation information are able to impose higher prices to their certificates without sacrificing market share in favor of the other oligarchs.Las redes vehiculares ad hoc (VANETs) se están convirtiendo en una tecnología funcional para proporcionar una amplia gama de aplicaciones para vehículos y pasajeros. Garantizar un funcionamiento seguro es uno de los requisitos para el despliegue de las VANETs. Sin seguridad, los usuarios podrían ser potencialmente vulnerables a la mala conducta de los servicios prestados por la VANET. La solución básica prevista para lograr estos requisitos es el uso de certificados digitales gestionados a través de una autoridad de certificación (CA). De acuerdo con la norma IEEE 1609.2, las redes vehiculares dependerán de la infraestructura de clave pública (PKI). Sin embargo, el proceso de distribución del estado de los certificados, así como el propio proceso de revocación, es un problema abierto para VANETs.En esta tesis, en primer lugar se analiza el proceso de revocación y se desarrolla un modelo preciso y riguroso que modela este proceso conluyendo que el proceso de revocación de certificados es estadísticamente auto-similar. Como ninguno de los modelos formales actuales para la revocación es capaz de capturar la naturaleza auto-similar de los datos de revocación, desarrollamos un modelo ARFIMA que recrea este patrón. Mostramos que ignorar la auto-similitud del proceso de revocación lleva a estrategias de emisión de datos de revocación ineficientes. El modelo propuesto permite generar trazas de revocación sintéticas con las cuales los esquemas de revocación actuales pueden ser mejorados mediante la definición de políticas de emisión de datos de revocación más precisas. En segundo lugar, se analiza la forma de implementar un mecanismo de emisión de datos de estado de los certificados para redes móviles y se propone un nuevo criterio basado en una medida del riesgo para evaluar los datos de revocación almacenados en la caché. Con esta medida, la PKI es capaz de codificar la información sobre el proceso de revocación en las listas de revocación. Así, los usuarios pueden estimar en función del riesgo si un certificado se ha revocado mientras no hay conexión a un servidor de control de estado. Por otra parte, también se propone una metodología sistemática para construir un sistema difuso que ayuda a los usuarios en el proceso de toma de decisiones relacionado con la comprobación de estado de certificados.En tercer lugar, se proponen dos nuevos mecanismos para la distribución y validación de datos de estado de certificados en VANETs. El primer mecanismo está basado en el uso en una extensión de las listas estandares de revocación. La principal ventaja de esta extensión es que las unidades al borde de la carretera y los vehículos repositorio pueden construir una estructura eficiente sobre la base de un árbol de hash autenticado para responder a las peticiones de estado de certificados. El segundo mecanismo tiene como objetivo optimizar el equilibrio entre el ancho de banda necesario para descargar los datos de revocación y la frescura de los mismos. Este mecanismo se basa en el uso de un esquema híbrido de árboles de Merkle y delta-CRLs, de modo que el riesgo de operar con certificados revocados desconocidos permanece por debajo de un umbral durante el intervalo de validez de la CRL base, y la CA tiene la capacidad de gestionar este riesgo mediante el ajuste del tamaño de las delta-CRL. Para cada uno de estos mecanismos, llevamos a cabo el análisis de la seguridad y la evaluación del desempeño para demostrar la seguridad y eficiencia de las acciones que se emprenden