Distributing security-mediated PKI
نویسنده
چکیده
The security-mediated approach to PKI offers several advantages, such as instant revocation and compatibility with standard RSA tools. In this paper, we present a design and prototype that addresses its trust and scalability problems. We use trusted computing platforms linked with peer-to-peer networks to create a network of trustworthy mediators and improve availability. We use threshold cryptography to build a back-up and migration technique which allows recovery from a mediator crashing while also avoiding having all mediators share all secrets. We then use strong forward secrecy with this migration, to mitigate the damage should a crashed mediator actually be compromised.
منابع مشابه
A New PKI-based Single Sign-On Protocol for a Diminutive Security Device, PANDA, in a Ubiquitous Security Environment
This paper describes the issues and challenges in the design of a new PKI-based security infrastructure enhanced with single sign-on and delegation technology for a diminutive security device in a ubiquitous security environment. In order to provide the PKI-based ubiquitous security infrastructure in consideration of the issues, we propose a PKI-based single signon protocol that provides a user...
متن کاملUniversally Composable Authentication and Key-Exchange with Global PKI
Message authentication and key exchange are two of the most basic tasks of cryptography. Solutions based on public-key infrastructure (PKI) are prevalent. Still, the state of the art in composable security analysis of PKI-based authentication and key exchange is somewhat unsatisfactory. Specifically, existing treatments either (a) make the unrealistic assumption that the PKI is accessible only ...
متن کاملSecurity middleware for enhancing interoperability of Public Key Infrastructure
This paper describes a security middleware for enhancing the interoperability of public key infrastructure (PKI). Security is a key concern in e-commerce and is especially critical in cross-enterprise transactions. Public key cryptography is widely accepted as an important mechanism for addressing the security needs of e-commerce transactions because of its ability to implement nonrepudiation. ...
متن کاملPKI in B2C E-Commerce
General purpose (open) and application-specific (closed) PKIs are two main categories of PKI that support a variety of cryptographic operations for providing secure environment. SSL/TLS and SET are two distinct security protocols utilising these PKI categories for securing e-commerce transactions. While the former protocol categorised as a general purpose PKI has been playing an important role ...
متن کاملSecuring Database using Public Key Infrastructure A Proposed DB PKI Architecture
Database security concerns the use of a broad range of information security controls to protect databases potentially including the data, the database applications or stored functions, the database systems, the database servers and the associated network links against compromises of their confidentiality, integrity and availability. It involves various types or categories of controls, such as t...
متن کامل