Towards a Flexible Intra-Trustcenter Management Protocol

This paper proposes the Intra Trustcenter Protocol (ITP), a flexible and secure management protocol for communication between arbitrary trustcenter components. Unlike other existing protocols (like PKCS#7, CMP or XKMS) ITP focuses on the communication within a trustcenter. It is powerful enough for transferring complex messages which are machine and human readable and easy to understand. In addition it includes an extension mechanism to be prepared for future developments.Comment: 12 pages, 0 figures; in The Third International Workshop for Applied PKI (IWAP2004

The Key Authority - Secure Key Management in Hierarchical Public Key Infrastructures

We model a private key`s life cycle as a finite state machine. The states are the key`s phases of life and the transition functions describe tasks to be done with the key. Based on this we define and describe the key authority, a trust center module, which potentiates the easy enforcement of secure management of private keys in hierarchical public key infrastructures. This is done by assembling all trust center tasks concerning the crucial handling of private keys within one centralized module. As this module resides under full control of the trust center`s carrier it can easily be protected by well-known organizational and technical measures.Comment: 5 pages, 2 figure

Outflanking and securely using the PIN/TAN-System

The PIN/TAN-system is an authentication and authorization scheme used in e-business. Like other similar schemes it is successfully attacked by criminals. After shortly classifying the various kinds of attacks we accomplish malicious code attacks on real World Wide Web transaction systems. In doing so we find that it is really easy to outflank these systems. This is even supported by the users' behavior. We give a few simple behavior rules to improve this situation. But their impact is limited. Also the providers support the attacks by having implementation flaws in their installations. Finally we show that the PIN/TAN-system is not suitable for usage in highly secure applications.Comment: 7 pages; 2 figures; IEEE style; final versio

An Evaluated Certification Services System for the German National Root CA - Legally Binding and Trustworthy Transactions in E-Business and E-Government

National Root CAs enable legally binding E-Business and E-Government transactions. This is a report about the development, the evaluation and the certification of the new certification services system for the German National Root CA. We illustrate why a new certification services system was necessary, and which requirements to the new system existed. Then we derive the tasks to be done from the mentioned requirements. After that we introduce the initial situation at the beginning of the project. We report about the very process and talk about some unfamiliar situations, special approaches and remarkable experiences. Finally we present the ready IT system and its impact to E-Business and E-Government.Comment: 6 pages; 1 figure; IEEE style; final versio

Intrinsically Legal-For-Trade Objects by Digital Signatures

The established techniques for legal-for-trade registration of weight values meet the legal requirements, but in praxis they show serious disadvantages. We report on the first implementation of intrinsically legal-for-trade objects, namely weight values signed by the scale, that is accepted by the approval authority. The strict requirements from both the approval- and the verification-authority as well as the limitations due to the hardware of the scale were a special challenge. The presented solution fulfills all legal requirements and eliminates the existing practical disadvantages.Comment: 4 pages, 0 figure

A Review of existing GDPR Solutions for Citizens and SMEs

The GDPR grants data subjects certain rights, like the right to access their data from companies, but in practice multiple problems exist with exercising these rights such as unknown data holders or interpreting the received data. Small and medium enterprises on the other hand need to facilitate the obligations given by the GDPR, but often lack proper systems, staff and other resources to do so effectively. For the GDPR to be effective in practice, these problems need to be addressed. With the work at hand we provide an overview of existing software solutions for these problems (from an internet research), discuss to which degree they solve the various problems and what issues remain.Comment: 46 page

Privacy Dashboards for Citizens and GDPR Services for Small Data Holders: A Literature Review

Citizens have gained many rights with the GDPR, e.g. the right to get a copy of their personal data. In practice, however, this is fraught with problems for citizens and small data holders. We present a literature review on solutions promising relief in the form of privacy dashboards for citizens and GDPR services for small data holders. Covered topics are analyzed, categorized and compared. This is ought to be a step towards both enabling citizens to exercise their GDPR rights and supporting small data holders to comply with their GDPR duties.Comment: 27 page

In-packet Bloom filters: Design and networking applications

The Bloom filter (BF) is a well-known space-efficient data structure that answers set membership queries with some probability of false positives. In an attempt to solve many of the limitations of current inter-networking architectures, some recent proposals rely on including small BFs in packet headers for routing, security, accountability or other purposes that move application states into the packets themselves. In this paper, we consider the design of such in-packet Bloom filters (iBF). Our main contributions are exploring the design space and the evaluation of a series of extensions (1) to increase the practicality and performance of iBFs, (2) to enable false-negative-free element deletion, and (3) to provide security enhancements. In addition to the theoretical estimates, extensive simulations of the multiple design parameters and implementation alternatives validate the usefulness of the extensions, providing for enhanced and novel iBF networking applications.Comment: 15 pages, 11 figures, preprint submitted to Elsevier COMNET Journa

Towards Managing the Migration to Post-Quantum-Cryptography

As soon as cryptographically relevant quantum computers exist, they can break today's prevalent asymmetric cryptographic algorithms. Organizations (and the IT society) have to plan on migrating to quantum-resilient cryptographic measures, also known as post-quantum cryptography (PQC). However, this is a difficult task, and to the best of our knowledge, there is no generalized approach to manage such a complex migration for cryptography used in IT systems. PMMP helps organizations manage the migration to PQC and establish crypto-agility. Having finished the initial theoretical design phase, we are now looking to promote PMMP to encourage practitioners to join the effort and work with us to develop it further.Comment: 20 page

SoK: Post-Quantum TLS Handshake

Transport Layer Security (TLS) is the backbone security protocol of the Internet. As this fundamental protocol is at risk from future quantum attackers, many proposals have been made to protect TLS against this threat by implementing post-quantum cryptography (PQC). The widespread interest in post-quantum TLS has given rise to a large number of solutions over the last decade. These proposals differ in many aspects, including the security properties they seek to protect, the efficiency and trustworthiness of their post-quantum building blocks, and the application scenarios they consider, to name a few. Based on an extensive literature review, we classify existing solutions according to their general approaches, analyze their individual contributions, and present the results of our extensive performance experiments. Based on these insights, we identify the most reasonable candidates for post-quantum TLS, which research problems in this area have already been solved, and which are still open. Overall, our work provides a well-founded reference point for researching post-quantum TLS and preparing TLS in practice for the quantum age