Trustworthiness and Quality of Context Information

Context-aware service platforms use context information to customize their services to the current users’ situation. Due to technical limitations in sensors and context reasoning algorithms, context information does not always represent accurately the reality, and Quality of Context (QoC) models have been proposed to quantify this inaccuracy. The problems we have identified with existing QoC models is that they do not follow a standard terminology and none of them clearly differentiate quality attributes related to instances of context information (e.g. accuracy and precision) from trustworthiness, which is a quality attribute related to the context information provider. In this paper we propose a QoC model and management architecture that supports the management of QoC trustworthiness and also contributes to the terminology alignment of existing QoC models.\ud In our QoC model, trustworthiness is a measurement of the reliability of a context information provider to provide context information about a specific entity according to a certain quality level. This trustworthiness value is used in our QoC management architecture to support context-aware service providers in the selection of trustworthy context\ud providers. As a proof of concept to demonstrate the feasibility of our work we show a prototype implementation of our QoC model and management architecture

Compressed nested certificates provide more efficient PKI

Certificate verification in PKI is a complex and time consuming process. In the classical PKI methodology, in order to obtain a public key and to accept a certificate as valid, a verifier needs to extract a certificate path from the PKI and to verify the certificates on this path recursively. Levi proposed a nested certificate model vvith the aim to simplify and speed up certificate verification. Such a nested certificate-based PKI significantly improves certificate verification, but it also requires a large increase in the number of issued certificates, which makes this model impractical for real life deployment. In order to solve this drawback of nested PKI, while retaining its speed in certificate verification, we propose in this paper the innovative concept of a compressed nested certificate, which is a significantly modified version of the nested certificate model. Compressed nested certificate PKI deploys compressed nested certificates which speed up and simplify certificate verification while keeping certificate load to a minimum, thus providing implementers the option of integrating it into the existing PKI model or building it separately as an independent model.<br /

Use of Nested Certificates for Efficient, Dynamic and Trust Preserving Public Key Infrastructure

Certification is a common mechanism for authentic public key distribution. In order to obtain a public key, verifiers need to extract a certificate path from a network of certificates, which is called Public Key Infrastructure (PKI), and verify the certificates on this path recursively. This is the classical methodology. Nested certification is a novel methodology for efficient certificate path verification. Basic idea is to issue special certificates – called nested certificates – for other certificates. Nested certificates can be used together with classical certificates in Public Key Infrastructures (PKIs). Such a PKI, which is called Nested certificate based PKI (NPKI), is proposed in this paper as an alternative to classical PKI. The concept of “certificates for other certificates ” results in nested certificate paths in which the first certificate is verified cryptographically while others are verified by just fast hash computations. Thus, we can employ efficiently verifiable nested certificate paths instead of classical certificate paths. NPKI is a dynamic system and involves several authorities in order to add a new user to the system. This uses the authorities ’ idle time to the benefit of the verifiers. We formulate the trade-off between the nested certification overhead and the time improvement on certificate path verification. This trade-off is numerically analyzed for a 4-level 20-ary balanced tree-shaped PKI an

Use of Nested Certificates for Efficient, Dynamic and Trust Preserving Public Key Infrastructure

Certification is a common mechanism for authentic public key distribution. In order to obtain a public key, verifiers need to extract a certificate path from a network of certificates, which is called Public Key Infrastructure (PKI), and verify the certificates on this path recursively. This is the classical methodology. Nested certification is a novel methodology for efficient certificate path verification. Basic idea is to issue special certificates – called nested certificates – for other certificates. Nested certificates can be used together with classical certificates in Public Key Infrastructures (PKIs). Such a PKI, which is called Nested certificate based PKI (NPKI), is proposed in this paper as an alternative to classical PKI. The concept of “certificates for other certificates ” results in nested certificate paths in which the first certificate is verified cryptographically while others are verified by just fast hash computations. Thus, we can employ efficiently verifiable nested certificate paths instead of classical certificate paths. NPKI is a dynamic system and involves several authorities in order to add a new user to the system. This uses the authorities ’ idle time to the benefit of the verifiers. We formulate the trade-off between the nested certification overhead and the time improvement on certificate path verification. This trade-off is numerically analyzed for a 4-level 20-ary balanced tree-shaped PKI and it has been shown that the extra cost of nested certification is in acceptable limits in order to generate quickly verifiable certificate paths for certain applications. Moreover, PKI-to-NPKI transition preserves the existin

NBPKI: uma ICP baseada em autoridades notariais

Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico, Programa de Pós-Graduação em Ciência de Computação, Florianópolis, 2011Infraestrutura de Chaves Públicas tem sido implementadas considerando o tradicional modelo de certificação digital baseado em serviços tais como autoridades de registro, autoridades de carimbo do tempo e autoridades certificadoras: um certificado digital certificando uma chave é somente emitido pela autoridade certificadora após a verificação pela autoridade de registro dos atributos da chave e de sua posse pelo titular. Nesse modelo, certificados podem ser revogados, o que implica, necessariamente, pela parte confiante, na verificação do seu status, antes que possa ser usado tanto para a verificação de um token de autenticação quanto para a verificação de uma assinatura digital. Esse modelo tem sido regulamentado e amplamente utilizado tanto por empresas e governos de todo o mundo quanto integrado em sistemas computacionais. Este trabalho apresenta uma visão crítica deste modelo, o que tem dificultado e encarecido sua adoção, bem como das alternativas existentes na literatura. Também apresenta-se uma nova alternativa ao modelo - denominada de Infraestrutura de Chaves Públicas baseadas em Autoridades Notariais - eliminando-se processos e serviços complementares que deixam de ser necessários. Mostra-se que o novo modelo é mais simples de ser implementado, mais fácil de se definir um justo modelo de negócio, além de simplificar o processo de verificação de assinatura

Security in Computer and Information Sciences

This open access book constitutes the thoroughly refereed proceedings of the Second International Symposium on Computer and Information Sciences, EuroCybersec 2021, held in Nice, France, in October 2021. The 9 papers presented together with 1 invited paper were carefully reviewed and selected from 21 submissions. The papers focus on topics of security of distributed interconnected systems, software systems, Internet of Things, health informatics systems, energy systems, digital cities, digital economy, mobile networks, and the underlying physical and network infrastructures. This is an open access book