The Experts below are selected from a list of 360 Experts worldwide ranked by ideXlab platform
Russ Housley - One of the best experts on this subject based on the ideXlab platform.
-
internet x 509 public Key Infrastructure certificate image
RFC, 2011Co-Authors: Leonard Rosenthol, Stefan Santesson, Siddharth Bajaj, Russ HousleyAbstract:This document specifies a method to bind a visual representation of a certificate in the form of a certificate image to a [RFC5280] public Key certificate by defining a new otherLogos image type according to [RFC3709].
-
update to directorystring processing in the internet x 509 public Key Infrastructure certificate and certificate revocation list crl profile
RFC, 2006Co-Authors: Stefan Santesson, Russ HousleyAbstract:This document updates the handling of DirectoryString in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, which is published in RFC 3280. The use of UTF8String and PrintableString are the preferred encoding. The requirement for exclusive use of UTF8String after December 31, 2003 is removed. [STANDARDS-TRACK]
-
additional algorithms and identifiers for rsa cryptography for use in the internet x 509 public Key Infrastructure certificate and certificate revocation list crl profile
RFC, 2005Co-Authors: Jim Schaad, Russ Housley, Burt KaliskiAbstract:This document supplements RFC 3279. It describes the conventions for using the RSASSA-PSS signature algorithm, the RSAES-OAEP Key transport algorithm and additional one-way hash functions with the PKCS #1 version 1.5 signature algorithm in the Internet X.509 Public Key Infrastructure (PKI). Encoding formats, algorithm identifiers, and parameter formats are specified.
-
additional algorithms and identifiers for rsa cryptography for use in the internet x 509 public Key Infrastructure certificate and certificate revocation list crl profile
RFC, 2005Co-Authors: Jim Schaad, Russ Housley, Burt KaliskiAbstract:This document supplements RFC 3279. It describes the conventions for using the RSA Probabilistic Signature Scheme (RSASSA-PSS) signature algorithm, the RSA Encryption Scheme - Optimal Asymmetric Encryption Padding (RSAES-OAEP) Key transport algorithm and additional one-way hash functions with the Public-Key Cryptography Standards (PKCS) #1 version 1.5 signature algorithm in the Internet X.509 Public Key Infrastructure (PKI). Encoding formats, algorithm identifiers, and parameter formats are specified. [STANDARDS-TRACK]
-
algorithms and identifiers for the internet x 509 public Key Infrastructure certificate and certificate revocation list crl profile
RFC, 2002Co-Authors: L Bassham, W Polk, Russ HousleyAbstract:This document specifies algorithm identifiers and ASN.1 encoding formats for digital signatures and subject public Keys used in the Internet X.509 Public Key Infrastructure (PKI). Digital signatures are used to sign certificates and certificate revocation list (CRLs). Certificates include the public Key of the named subject.
Stephen Kent - One of the best experts on this subject based on the ideXlab platform.
-
algorithm agility procedure for the resource public Key Infrastructure rpki
RFC, 2013Co-Authors: Roque Gagliano, Sean Turner, Stephen KentAbstract:This document specifies the process that Certification Authorities (CAs) and Relying Parties (RPs) participating in the Resource Public Key Infrastructure (RPKI) will need to follow to transition to a new (and probably cryptographically stronger) algorithm set. The process is expected to be completed over a timescale of several years. Consequently, no emergency transition is specified. The transition procedure defined in this document supports only a top-down migration (parent migrates before children).
-
Signed Object Template for the Resource Public Key Infrastructure (RPKI)
2012Co-Authors: Matt Lepinski, Andrew Chi, Stephen KentAbstract:This document defines a generic profile for signed objects used in the Resource Public Key Infrastructure (RPKI). These RPKI signed objects make use of Cryptographic Message Syntax (CMS) as a standard encapsulation format.
-
certificate policy cp for the resource public Key Infrastructure rpki
RFC, 2012Co-Authors: Stephen Kent, Derrick Kong, Ronald WatroAbstract:This document describes the certificate policy for a Public Key Infrastructure (PKI) used to support attestations about Internet resource holdings. Each organization that distributes IP addresses or Autonomous System (AS) numbers to an organization will, in parallel, issue a certificate reflecting this distribution. These certificates will enable verification that the resources indicated in the certificate have been distributed to the holder of the associated private Key and that this organization is the current, unique holder of these resources.
-
public Key Infrastructure for the secure border gateway protocol s bgp
DARPA Information Survivability Conference and Exposition, 2001Co-Authors: Charles Lynn, Stephen KentAbstract:The Border Gateway Protocol (BGP) which is used to distribute routing information between autonomous systems (ASes), is a critical component of the Internet's routing Infrastructure. BGP is highly vulnerable to a variety of malicious attacks, due to its lack of secure means of verifying the authenticity and authority of BGP control traffic. Secure BGP (S-BGP) addresses most of these security vulnerabilities by using a combination of IPsec, a new BGP path attribute containing "attestations," and a public Key Infrastructure (PKI). This paper describes in detail this PKI and how it is used to support S-BGP, e.g., for verifying ownership of AS numbers and portions of the IP address space. This PKI embodies a number of unique features designed to support S-BGP security requirements and to facilitate automated access control management for the certificate and CRL repository used with S-BGP.
Xue Min Shen - One of the best experts on this subject based on the ideXlab platform.
-
a scalable public Key Infrastructure for smart grid communications
Global Communications Conference, 2013Co-Authors: Mohamed Mahmoud, Jelena Misic, Xue Min ShenAbstract:The public-Key cryptography is indispensable for securing the smart grid communications. In this paper, we propose a hierarchical and fully-connected public Key Infrastructure that considers the smart grid characteristics. In the proposed public Key Infrastructure, each certificate authority is responsible for managing the public-Key certificates for a geo-bounded small area. We also propose a novel format for the certificates that does not only bind a node's identity to its public Key but also to its privileges and permissions. Finally we propose efficient and scalable certificate- renewing scheme that can much reduce the overhead of renewing certificates. Our verifications and evaluations demonstrate that using public Key cryptography is essential for securing the smart grid and our proposals are scalable. Moreover, the simulation results demonstrate that the certificate-renewing scheme can significantly reduce the overhead of certificate renewals.
-
Complementing public Key Infrastructure to secure vehicular ad hoc networks [Security and Privacy in Emerging Wireless Networks
IEEE Wireless Communications, 2010Co-Authors: Albert Wasef, Rongxing Lu, Xiaodong Lin, Xue Min ShenAbstract:Vehicular ad hoc networks are emerging as an effective technology for providing a wide range of safety applications to by-vehicle passengers. Ensuring secure operation is one of the prerequisites for deploying reliable VANETs. In this article we argue that public Key Infrastructure is the most viable mechanism for securing VANETs as it can meet most VANET security requirements. However, PKI cannot provide certain security requirements such as location privacy, efficient authentication, and distributed and fair revocation. To complement the security services provided by PKI, we introduce complementary security mechanisms that can meet the aforementioned security requirements. Since denial of service attacks have severe consequences on network availability, which is one of the VANET security requirements, we propose a mechanism for mitigating the effect of DoS attacks in VANETs. Simulation results show that the complementary mechanisms together with PKI can efficiently secure VANETs.
Jong Hyuk Park - One of the best experts on this subject based on the ideXlab platform.
-
certificateless based public Key Infrastructure using a dnssec
Journal of Cryptology, 2015Co-Authors: Jungho Kang, Jong Hyuk ParkAbstract:With the continuous development of the internet, there has been increasing research on reliability of data shared through the network. In particular, the focus on the public Key Infrastructure (PKI) that performs functions including verifying the sender’s identity and preventing forgery based on digital certificates has been intensifying rapidly. However, existing certificate-based PKI gives rise to various problems in terms of the Certificate Authority (CA), user, and domain name system (DNS). Moreover, certificate-PKI involves cost, an authentication environment, and security, and the existing PKI system uses CA, a hierarchical structure, to process certificates. This paper aims to devise a reliable address using the DNS security extension (DNSSEC) that applies security to the existing DNS, and proposes a certificate less-based PKI that uses DNSSEC. The proposed PKI can reduce the cost of the existing certificate and address existing vulnerabilities.
S Chokhani - One of the best experts on this subject based on the ideXlab platform.
-
toward a national public Key Infrastructure
IEEE Communications Magazine, 1994Co-Authors: S ChokhaniAbstract:Reliance on electronic communications makes information more vulnerable, and users will require confidentiality, message integrity, sender authentication, and sender non-repudiation. Public Key cryptography will play an important role in providing these services. >