How to Avoid the Breakdown of Public Key Infrastructures - Forward Secure Signatures for Certificate Authorities
نویسندگان
چکیده
Recent attacks and publications have shown the vulnerability of hierarchical Public Key Infrastructures (PKIs) and the fatal impact of revoked Certification Authority (CA) certificates in the PKIX validity model. Alternative validity models, such as the extended shell and the chain model, improve the situation but rely on independent proofs of existence, which are usually provided using time-stamps. As time-stamps are validated using certificates, they suffer from the same problems as the PKI they are supposed to protect. Our solution to this problem is abandoning time-stamps and providing proof of existence using Forward Secure Signatures (FSS). In particular, we present different possibilities to use the chain model together with FSS, resulting in schemes that include the necessary proofs of existence into the certificates themselves.
منابع مشابه
Revocation & Non-Repudiation: When the first destroys the latter
Electronic signatures replace handwritten signatures in electronic processes. In this context, non-repudiation is one of the most desired properties – yet in practice it cannot be provided by the signature schemes themselves. Therefore, additional mechanisms in the underlying public key infrastructure are required. In this work, we present a formal treatment of that issue. We extend the formal ...
متن کاملEvaluating web PKIs
Certificate authorities serve as trusted parties to help secure web communications. They are a vital component for ensuring the security of cloud infrastructures and big data repositories. Unfortunately, recent attacks using mis-issued certificates show this model is severely broken. Much research has been done to enhance certificate management in order to create more secure and reliable cloud ...
متن کاملMaintaining security and trust in large scale public key infrastructures
In Public Key Infrastructures (PKIs), trusted Certification Authorities (CAs) issue public key certificates which bind public keys to the identities of their owners. This enables the authentication of public keys which is a basic prerequisite for the use of digital signatures and public key encryption. These in turn are enablers for ebusiness, e-government and many other applications, because t...
متن کاملPKI and digital certification infrastructure
Secure VPN technology is only possible with the use of appropriate security systems such as encryption, digital signatures, digital certificates, public/private key pairs, non-repudiation, and time-stamping. A PKI comprises a system of certificates, certificate authorities, subjects, relying partners, registration authorities, and key repositories that provide for safe and reliable communicatio...
متن کاملDecentralized Certificate Authorities
The security of TLS depends on trust in certificate authorities, and that trust stems from their ability to protect and control the use of a private signing key. The signing key is the key asset of a certificate authority (CA), and its value is based on trust in the corresponding public key which is primarily distributed by browser vendors. Compromise of a CA private key represents a single poi...
متن کامل