scholarly journals Accountable and Transparent TLS Certificate Management: An Alternate Public-Key Infrastructure with Verifiable Trusted Parties

2018 ◽  
Vol 2018 ◽  
pp. 1-16 ◽  
Author(s):  
Salabat Khan ◽  
Zijian Zhang ◽  
Liehuang Zhu ◽  
Meng Li ◽  
Qamas Gul Khan Safi ◽  
...  
Keyword(s):  
State Of The Art ◽  
Public Key Infrastructure ◽  
Transport Layer ◽  
Public Key ◽  
Security Issues ◽  
Transport Layer Security ◽  
Security Properties ◽  
Alternative Approaches ◽  
Certificate Management ◽  
Performance Results

Current Transport Layer Security (TLS) Public-Key Infrastructure (PKI) is a vast and complex system; it consists of processes, policies, and entities that are responsible for a secure certificate management process. Among them, Certificate Authority (CA) is the central and most trusted entity. However, recent compromises of CA result in the desire for some other secure and transparent alternative approaches. To distribute the trust and mitigate the threats and security issues of current PKI, publicly verifiable log-based approaches have been proposed. However, still, these schemes have vulnerabilities and inefficiency problems due to lack of specifying proper monitoring, data structure, and extra latency. We propose Accountable and Transparent TLS Certificate Management: an alternate Public-Key Infrastructure (PKI) with verifiable trusted parties (ATCM) that makes certificate management phases; certificate issuance, registration, revocation, and validation publicly verifiable. It also guarantees strong security by preventing man-in-middle-attack (MitM) when at least one entity is trusted out of all entities taking part in the protocol signing and verification. Accountable and Transparent TLS Certificate Management: an alternate Public-Key Infrastructure (PKI) with verifiable trusted parties (ATCM) can handle CA hierarchy and introduces an improved revocation system and revocation policy. We have compared our performance results with state-of-the-art log-based protocols. The performance results and evaluations show that it is feasible for practical use. Moreover, we have performed formal verification of our proposed protocol to verify its core security properties using Tamarin Prover.

The Quick UDP Internet Connection (QUIC) and Transport Layer Security 1.3 Standards

2020 ◽  
pp. 62-79
Author(s):  
Alison Harcourt ◽  
George Christou ◽  
Seamus Simpson
Keyword(s):  
Shock Waves ◽  
National Security ◽  
Security Protocols ◽  
Transport Layer ◽  
Window Of Opportunity ◽  
National Security Agency ◽  
Digital Rights ◽  
Security Issues ◽  
Internet Connection ◽  
Transport Layer Security

Chapter 4 examines the effect of Snowden on security protocols. For twenty years, Secure Sockets Layer (SSL) and its successor Transport Layer Security (TLS) provided security for Internet traffic. However, the TLS 1.2 protocol developed in 2008 suffered from a series of implementation and security issues. The 2013 Snowden revelations sent shock waves through the engineering community. The extent of the targeting of protocol vulnerabilities by security agencies had been greatly underestimated by the IETF. By 2016, Cisco, Fortinet, and Juniper revealed that the National Security Agency (NSA) had successfully targeted its firewalls for years. However, stasis within the IETF barred upgrade to TLS 1.3. The chapter analyses the emergence and contestation of potential solutions to TLS and how the parallel development of the QUIC protocol by Google opened a window of opportunity to enhance security. The agreement on TLS 1.3 in March 2018 was supported by digital rights groups.

scholarly journals Dynamic Public Key Certificates with Forward Secrecy

Electronics ◽  
2021 ◽  
Vol 10 (16) ◽  
pp. 2009
Author(s):  
Hung-Yu Chien
Keyword(s):  
Public Key Infrastructure ◽  
Public Key ◽  
Practical Reasons ◽  
Forward Secrecy ◽  
The Public ◽  
Private Key ◽  
Security Properties ◽  
The Subject ◽  
Key Exposure ◽  
Chameleon Hash

Conventionally, public key certificates bind one subject with one static public key so that the subject can facilitate the services of the public key infrastructure (PKI). In PKI, certificates need to be renewed (or revoked) for several practical reasons, including certificate expiration, private key breaches, condition changes, and possible risk reduction. The certificate renewal process is very costly, especially for those environments where online authorities are not available or the connection is not reliable. A dynamic public key certificate (DPKC) facilitates the dynamic changeover of the current public–private key pairs without renewing the certificate authority (CA). This paper extends the previous study in several aspects: (1) we formally define the DPKC; (2) we formally define the security properties; (3) we propose another implementation of the Krawczyk–Rabin chameleon-hash-based DPKC; (4) we propose two variants of DPKC, using the Ateniese–Medeiros key-exposure-free chameleon hash; (5) we detail two application scenarios.

Privacy- Enhanced Identity Management for E-Services

2007 ◽  
pp. 162-179 ◽  
Author(s):  
Claudio Agostino Ardagna ◽  
Marco Cremonini ◽  
Ernesto Damiani ◽  
Sabrina De Capitani di Vimercati ◽  
Fulvio Frati ◽  
...  
Keyword(s):  
Public Administration ◽  
Identity Management ◽  
State Of The Art ◽  
Information Privacy ◽  
Public Key Infrastructure ◽  
Public Key ◽  
Management Systems ◽  
Sensitive Information ◽  
Identity Management Systems ◽  
Modern Identity

This chapter introduces the concept of privacy-enhanced identity management for e-services supporting the users needs to protect their privacy and sensitive information. Business activities are increasingly based on the use of remote resources and e-services as well as on the interaction between different, remotely-located, parties. In this context, the electronic execution of private and/or sensitive transactions must fully preserve information privacy by managing in a trustworthy and responsible way all identity and profile information that is released to remote parties. In this chapter, we investigate the main problems concerning identity management for e-services and outline the features that the next-generation of identity management systems should provide for. State-of-the-art technology in the field of privacy-enhanced identity management systems is also compared with traditional Public Key Infrastructure (PKI) solutions. The analysis of the benefits of these modern identity management systems is presented and discussed with references also to the results of some experiences in the area of e-government, whose objective is the development of public administration privacy-aware e-services.

Data Confidentiality, Integrity, and Authentication

2019 ◽  
pp. 246-274
Author(s):  
Dhanalakshmi Senthilkumar
Keyword(s):  
Access Control ◽  
Hash Function ◽  
Transport Layer ◽  
Public Key ◽  
Data Confidentiality ◽  
Linked List ◽  
Cryptographic Hash Function ◽  
Transport Layer Security ◽  
Entire Network

Blockchain has been created in the process of development in bitcoin. It's a singly linked list of block, with each block containing a number of transactions and each list in the blocks using with cryptographic functions. The cryptographic hash function contains the hash of the previous block, timestamp, and transaction ID. Blockchain services include the authentication, confidentiality, integrity, data and resource provenance, and privacy and access control lists technologies. The authentication provider authenticates decentralized database with transactions in private-public key pair. This key-pair is used in the transport layer security with the entire network. The network legitimizes the transaction after that and adds the transaction to the blockchain. A sequence of blocks in blockchain holds the complete record of transactions like a public ledger. The integrity data written in the blockchain cannot be altered subsequently. By limiting access to the information in confidentiality, only authorized users can access the information, so that information is also protected.

Study on the Solution of PKI Interoperation

2011 ◽  
Vol 271-273 ◽  
pp. 1136-1141
Author(s):  
Yong Li Ma
Keyword(s):  
Public Key Infrastructure ◽  
Digital Certificate ◽  
Public Key ◽  
Security Policies ◽  
The Public ◽  
Security Issues ◽  
Rapid Deployment

A number of serious security issues have already occurred with the rapid deployment of electronic transaction. One approach to guaranteeing security is the public key infrastructure (PKI). PKI provides a structure of trust among its users or principals. However there are serious PKI implementation issues as different countries and different organizations may adopt different security policies and implementations. This raises the question of interoperation between these various implementations. In the paper, the author proposes a new solution using VA (Validation Authority) to achieve the digital certificate validation and resolve the general PKI interoperation problem.

Sign in / Sign up

Export Citation Format

Share Document