166 research outputs found
Towards a Flexible Intra-Trustcenter Management Protocol
This paper proposes the Intra Trustcenter Protocol (ITP), a flexible and
secure management protocol for communication between arbitrary trustcenter
components. Unlike other existing protocols (like PKCS#7, CMP or XKMS) ITP
focuses on the communication within a trustcenter. It is powerful enough for
transferring complex messages which are machine and human readable and easy to
understand. In addition it includes an extension mechanism to be prepared for
future developments.Comment: 12 pages, 0 figures; in The Third International Workshop for Applied
PKI (IWAP2004
The Key Authority - Secure Key Management in Hierarchical Public Key Infrastructures
We model a private key`s life cycle as a finite state machine. The states are
the key`s phases of life and the transition functions describe tasks to be done
with the key. Based on this we define and describe the key authority, a trust
center module, which potentiates the easy enforcement of secure management of
private keys in hierarchical public key infrastructures. This is done by
assembling all trust center tasks concerning the crucial handling of private
keys within one centralized module. As this module resides under full control
of the trust center`s carrier it can easily be protected by well-known
organizational and technical measures.Comment: 5 pages, 2 figure
Outflanking and securely using the PIN/TAN-System
The PIN/TAN-system is an authentication and authorization scheme used in
e-business. Like other similar schemes it is successfully attacked by
criminals. After shortly classifying the various kinds of attacks we accomplish
malicious code attacks on real World Wide Web transaction systems. In doing so
we find that it is really easy to outflank these systems. This is even
supported by the users' behavior. We give a few simple behavior rules to
improve this situation. But their impact is limited. Also the providers support
the attacks by having implementation flaws in their installations. Finally we
show that the PIN/TAN-system is not suitable for usage in highly secure
applications.Comment: 7 pages; 2 figures; IEEE style; final versio
An Evaluated Certification Services System for the German National Root CA - Legally Binding and Trustworthy Transactions in E-Business and E-Government
National Root CAs enable legally binding E-Business and E-Government
transactions. This is a report about the development, the evaluation and the
certification of the new certification services system for the German National
Root CA. We illustrate why a new certification services system was necessary,
and which requirements to the new system existed. Then we derive the tasks to
be done from the mentioned requirements. After that we introduce the initial
situation at the beginning of the project. We report about the very process and
talk about some unfamiliar situations, special approaches and remarkable
experiences. Finally we present the ready IT system and its impact to
E-Business and E-Government.Comment: 6 pages; 1 figure; IEEE style; final versio
Intrinsically Legal-For-Trade Objects by Digital Signatures
The established techniques for legal-for-trade registration of weight values
meet the legal requirements, but in praxis they show serious disadvantages. We
report on the first implementation of intrinsically legal-for-trade objects,
namely weight values signed by the scale, that is accepted by the approval
authority. The strict requirements from both the approval- and the
verification-authority as well as the limitations due to the hardware of the
scale were a special challenge. The presented solution fulfills all legal
requirements and eliminates the existing practical disadvantages.Comment: 4 pages, 0 figure
A Review of existing GDPR Solutions for Citizens and SMEs
The GDPR grants data subjects certain rights, like the right to access their
data from companies, but in practice multiple problems exist with exercising
these rights such as unknown data holders or interpreting the received data.
Small and medium enterprises on the other hand need to facilitate the
obligations given by the GDPR, but often lack proper systems, staff and other
resources to do so effectively. For the GDPR to be effective in practice, these
problems need to be addressed. With the work at hand we provide an overview of
existing software solutions for these problems (from an internet research),
discuss to which degree they solve the various problems and what issues remain.Comment: 46 page
Privacy Dashboards for Citizens and GDPR Services for Small Data Holders: A Literature Review
Citizens have gained many rights with the GDPR, e.g. the right to get a copy
of their personal data. In practice, however, this is fraught with problems for
citizens and small data holders. We present a literature review on solutions
promising relief in the form of privacy dashboards for citizens and GDPR
services for small data holders. Covered topics are analyzed, categorized and
compared. This is ought to be a step towards both enabling citizens to exercise
their GDPR rights and supporting small data holders to comply with their GDPR
duties.Comment: 27 page
In-packet Bloom filters: Design and networking applications
The Bloom filter (BF) is a well-known space-efficient data structure that
answers set membership queries with some probability of false positives. In an
attempt to solve many of the limitations of current inter-networking
architectures, some recent proposals rely on including small BFs in packet
headers for routing, security, accountability or other purposes that move
application states into the packets themselves. In this paper, we consider the
design of such in-packet Bloom filters (iBF). Our main contributions are
exploring the design space and the evaluation of a series of extensions (1) to
increase the practicality and performance of iBFs, (2) to enable
false-negative-free element deletion, and (3) to provide security enhancements.
In addition to the theoretical estimates, extensive simulations of the multiple
design parameters and implementation alternatives validate the usefulness of
the extensions, providing for enhanced and novel iBF networking applications.Comment: 15 pages, 11 figures, preprint submitted to Elsevier COMNET Journa
Towards Managing the Migration to Post-Quantum-Cryptography
As soon as cryptographically relevant quantum computers exist, they can break
today's prevalent asymmetric cryptographic algorithms. Organizations (and the
IT society) have to plan on migrating to quantum-resilient cryptographic
measures, also known as post-quantum cryptography (PQC). However, this is a
difficult task, and to the best of our knowledge, there is no generalized
approach to manage such a complex migration for cryptography used in IT
systems. PMMP helps organizations manage the migration to PQC and establish
crypto-agility. Having finished the initial theoretical design phase, we are
now looking to promote PMMP to encourage practitioners to join the effort and
work with us to develop it further.Comment: 20 page
- …