nach oben

Erschienen in:

2019 | OriginalPaper | Buchkapitel

LocalPKI: An Interoperable and IoT Friendly PKI

verfasst von : Jean-Guillaume Dumas, Pascal Lafourcade, Francis Melemedjian, Jean-Baptiste Orfila, Pascal Thoniel

Erschienen in: E-Business and Telecommunications

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

A public-key infrastructure (PKI) binds public keys to identities of entities. Usually, this binding is established through a process of registration and issuance of certificates by a certificate authority (CA) where the validation of the registration is performed by a registration authority. In this paper, we propose an alternative scheme, called LocalPKI , where the binding is performed by a local authority and the issuance is left to the end user or to the local authority. The role of a third entity is then to register this binding and to provide up-to-date status information on this registration. The idea is that many more local actors could then take the role of a local authority, thus allowing for an easier spread of public-key certificates in the population. Moreover, LocalPKI represents also an appropriate solution to be deployed in the Internet of Things context. Our scheme’s security is formally proven with the help of Tamarin, an automatic verification tool for cryptographic protocols.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel History-Based Throttling of Distributed Denial-of-Service Attacks

Nächstes Kapitel No Such Thing as a Small Leak: Leakage-Abuse Attacks Against Symmetric Searchable Encryption

Atzori, L., Iera, A., Morabito, G.: The internet of things: a survey. Comput. Netw. 54(15), 2787–2805 (2010). https://doi.org/10.1016/j.comnet.2010.05.010. http://www.sciencedirect.com/science/article/pii/S1389128610001568CrossRefMATH

Badrignans, B., et al.: Security architecture for point-to-point splitting protocols. In: IEEE World Congress on Industrial Control Systems Security, Cambridge, UK, p. 8, December 2017. https://hal.archives-ouvertes.fr/hal-01657605

Baek, J., Safavi-Naini, R., Susilo, W.: Certificateless public key encryption without pairing. In: Zhou, J., Lopez, J., Deng, R.H., Bao, F. (eds.) ISC 2005. LNCS, vol. 3650, pp. 134–148. Springer, Heidelberg (2005). https://doi.org/10.1007/11556992_10CrossRef

Basin, D., Cremers, C., Kim, T.H.-J., Perrig, A., Sasse, R., Szalachowski, P.: ARPKI: attack resilient public-key infrastructure. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS), pp. 382–393, November 2014 (2014). https://doi.org/10.1145/2660267.2660298

Bau, J., Mitchell, J.C.: A security evaluation of DNSSEC with NSEC3. In: Proceedings of the Network and Distributed System Security Symposium, NDSS 2010, San Diego, California, USA, 28th February–3rd March 2010. The Internet Society (2010). http://www.isoc.org/isoc/conferences/ndss/10/pdf/17.pdf

Bouzefrane, S., Garri, K., Thoniel, P.: A user-centric PKI based-protocol to manage FC2 digital identities. IJCSI Int. J. Comput. Sci. Issues 8(1), 74–80 (2011). https://hal.archives-ouvertes.fr/hal-00628633

Buterin, V., et al.: Ethereum white paper (2013)

Comon-Lundh, H., Cortier, V.: Security properties: two agents are sufficient. Sci. Comput. Program. 50(1–3), 51–71 (2004). https://doi.org/10.1016/j.scico.2003.12.002MathSciNetCrossRefMATH

Cooper, D.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280, May 2008. https://doi.org/10.17487/rfc5280. https://rfc-editor.org/rfc/rfc5280.txt

10.

Dolev, D., Yao, A.C.: On the security of public key protocols. In: Proceedings of the 22nd Annual Symposium on Foundations of Computer Science, SFCS 2081, Washington, DC, USA, pp. 350–357. IEEE Computer Society (1981). http://dx.doi.org/10.1109/SFCS.1981.32

11.

Dumas, J.-G., Lafourcade, P., Melemedjian, F., Orfila, J.-B., Thoniel, P.: LOCALPKI: a user-centric formally proven alternative to PKIX. In: Proceedings of the 14th International Joint Conference on e-Business and Telecommunications: SECRYPT, (ICETE 2017), vol. 6, pp. 187–199. INSTICC, SciTePress (2017). https://doi.org/10.5220/0006461101870199

12.

Dumas, J.-G., Lafourcade, P., Orfila, J.-B., Puys, M.: Private multi-party matrix multiplication and trust computations. In: Proceedings of the 13th International Joint Conference on e-Business and Telecommunications (ICETE 2016), pp. 61–72 (2016). https://doi.org/10.5220/0005957200610072

13.

Gentry, C.: Certificate-based encryption and the certificate revocation problem. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 272–293. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_17CrossRef

14.

Giusto, D., Iera, A., Morabito, G., Atzori, L.: The Internet of Things: 20th Tyrrhenian Workshop on Digital Communications. Springer, New York (2010). https://doi.org/10.1007/978-1-4419-1674-7CrossRefMATH

15.

Hall, W.E., Jutla, C.S.: Parallelizable authentication trees. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 95–109. Springer, Heidelberg (2006). https://doi.org/10.1007/11693383_7CrossRef

16.

Kim, T.H.-J., Huang, L.-S., Perrig, A., Jackson, C., Gligor, V.: Accountable key infrastructure (AKI): a proposal for a public-key validation infrastructure. In: Proceedings of the 22nd International Conference on World Wide Web, WWW 2013, New York, NY, USA, pp. 679–690. ACM (2013). http://doi.acm.org/10.1145/2488388.2488448

17.

Kolkman, O.M., Mekking, M., Gieben, R.M.: DNSSEC operational practices, Version 2. RFC 6781, December 2012. https://doi.org/10.17487/rfc6781. https://rfc-editor.org/rfc/rfc6781.txt

18.

Laurie, B., Langley, A., Kasper, E.: Certificate transparency. RFC 6962, June 2013. https://doi.org/10.17487/RFC6962. https://rfc-editor.org/rfc/rfc6962.txt

19.

Meier, S., Schmidt, B., Cremers, C., Basin, D.: The TAMARIN prover for the symbolic analysis of security protocols. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 696–701. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39799-8_48CrossRef

20.

Merkle, R.C.: A digital signature based on a conventional encryption function. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 369–378. Springer, Heidelberg (1988). https://doi.org/10.1007/3-540-48184-2_32CrossRef

21.

Morrison, D.R.: PATRICIA - practical algorithm to retrieve information coded in alphanumeric. J. ACM 15(4), 514–534 (1968). https://doi.org/10.1145/321479.321481CrossRef

22.

Muñoz, J.L., Esparza, O., Forné, J., Pallares, E.: H-OCSP: a protocol to reduce the processing burden in online certificate status validation. Electron. Commer. Res. 8(4), 255 (2008). https://doi.org/10.1007/s10660-008-9024-yCrossRefMATH

23.

Peylo, M., Kause, T.: Internet X.509 Public Key Infrastructure - HTTP Transfer for the Certificate Management Protocol (CMP). RFC 6712, September 2012. http://dx.doi.org/10.17487/rfc6712. https://rfc-editor.org/rfc/rfc6712.txt

24.

Reddy, R., Wallace, C.: Trust anchor management requirements. RFC 6024, RFC Editor, October 2010. https://rfc-editor.org/rfc/rfc6024.txt

25.

Ryan, M.D.: Enhanced certificate transparency and end-to-end encrypted mail. In: 21st Annual Network and Distributed System Security Symposium, NDSS 2014, San Diego, California, USA, 23–26 February 2014. The Internet Society (2014). http://www.internetsociety.org/doc/enhanced-certificate-transparency-and-end-end-encrypted-mail

26.

Santesson, S., Ankney, R., Myers, M., Malpani, A., Galperin, S., Adams, D.C.: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP. RFC 6960, June 2013. https://doi.org/10.17487/rfc6960. https://rfc-editor.org/rfc/rfc6960.txt

27.

Schmidt, B., Meier, S., Cremers, C.J.F., Basin, D.A.: Automated analysis of Diffie-Hellman protocols and advanced security properties. In: Chong, S. (ed.) 25th IEEE Computer Security Foundations Symposium, CSF 2012, Cambridge, MA, USA, 25–27 June 2012, pp. 78–94. IEEE Computer Society (2012). http://dx.doi.org/10.1109/CSF.2012.25

28.

Vcelak, J., Goldberg, S., Papadopoulos, D.: NSEC5, DNSSEC Authenticated Denial of Existence. Internet-Draft draft-vcelak-nsec5-03, Internet Engineering Task Force, September 2016 (2016, Work in Progress). https://tools.ietf.org/html/draft-vcelak-nsec5-03

29.

Yu, J., Cheval, V., Ryan, M.: DTKI: a new formalized PKI with verifiable trusted parties. Comput. J. 59(11), 1695–1713 (2016). https://doi.org/10.1093/comjnl/bxw039CrossRef

30.

Zimmermann, P.R.: The Official PGP User’s Guide. MIT Press, Cambridge (1995)

Titel: LocalPKI: An Interoperable and IoT Friendly PKI
verfasst von: Jean-Guillaume Dumas
Pascal Lafourcade
Francis Melemedjian
Jean-Baptiste Orfila
Pascal Thoniel
Verlag: Springer International Publishing
Buch: E-Business and Telecommunications
Print ISBN: 978-3-030-11038-3

Electronic ISBN: 978-3-030-11039-0

Copyright-Jahr: 2019
DOI: https://doi.org/10.1007/978-3-030-11039-0_11

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner