The Experts below are selected from a list of 38622 Experts worldwide ranked by ideXlab platform
Byoungcheon Lee - One of the best experts on this subject based on the ideXlab platform.
-
Unified public key infrastructure supporting both certificatebased and id-based cryptography
2020Co-Authors: Byoungcheon LeeAbstract:Abstract-Certificate-based cryptography and ID-based cryptography have been designed under different theoretical backgrounds and they have their own advantages and drawbacks, but there have been few works which try to provide them together in an efficient way. Chen et al. [4] considered a hybrid scheme of public key infrastructure (PKI) and ID-based encryption (IBE), and also discussed various trust relationship among multiple authorities, but they have not discussed more in-depth implementation issues of the hybrid scheme. In IDbased cryptography issuing private keys to users in escrowfree way had been an important issue. Lee et al. [12], In this paper we show that these two problems can be solved by combining certificate-based and ID-based cryptography. In the proposed scheme certificate is issued to user for user-chosen public key and ID-based private key is issued to user through a private key issuing protocol. In the private key issuing protocol user is authenticated using the certificate and protocol messages are blinded using the certified public key of the user, thus the private key issuing protocol becomes private and also verifiable, which solves the authentication problem of We further present the concept of unified public key infrastructure (UPKI) in which both certificate-based and ID-based cryptosystems are provided to users in a single framework. We also show that if interactions between end users are mainly executed using ID-based cryptography, then end users don't need to manage other end users' certificates, which is a great efficiency gain than traditional PKI
-
Unified public key infrastructure Supporting Both Certificate-Based and ID-Based Cryptography
2010 International Conference on Availability Reliability and Security, 2010Co-Authors: Byoungcheon LeeAbstract:Certificate-based cryptography and ID-based cryptography have been designed under different theoretical backgrounds and they have their own advantages and drawbacks, but there have been few works which try to provide them together in an efficient way. Chen et al. considered a hybrid scheme of public key infrastructure (PKI) and ID-based encryption (IBE), and also discussed various trust relationship among multiple authorities, but they have not discussed more in-depth implementation issues of the hybrid scheme. In ID-based cryptography issuing private keys to users in escrow-free way had been an important issue. Lee et al. proposed a unique private key issuing protocol in the single authority multiple-observer (SAMO) model which can reduce the user authentication load a lot, but these schemes are subject to several attacks due to the lack of verifiable authentication of protocol messages. In this paper we show that these two problems can be solved by combining certificate-based and ID-based cryptography. In the proposed scheme certificate is issued to user for user-chosen public key and ID-based private key is issued to user through a private key issuing protocol. In the private key issuing protocol user is authenticated using the certificate and protocol messages are blinded using the certified public key of the user, thus the private key issuing protocol becomes private and also verifiable,which solves the authentication problem of. We further present the concept of unified public key infrastructure (UPKI) in which both certificate-based and ID-based cryptosystems are provided to users in a single framework. We also show that if interactions between end users are mainly executed using ID-based cryptography, then end users don't need to manage other end users' certificates, which is a great efficiency gain than traditional PKI.
Stephen Kent - One of the best experts on this subject based on the ideXlab platform.
-
algorithm agility procedure for the resource public key infrastructure rpki
RFC, 2013Co-Authors: Roque Gagliano, Sean Turner, Stephen KentAbstract:This document specifies the process that Certification Authorities (CAs) and Relying Parties (RPs) participating in the Resource public key infrastructure (RPKI) will need to follow to transition to a new (and probably cryptographically stronger) algorithm set. The process is expected to be completed over a timescale of several years. Consequently, no emergency transition is specified. The transition procedure defined in this document supports only a top-down migration (parent migrates before children).
-
Signed Object Template for the Resource public key infrastructure (RPKI)
2012Co-Authors: Matt Lepinski, Andrew Chi, Stephen KentAbstract:This document defines a generic profile for signed objects used in the Resource public key infrastructure (RPKI). These RPKI signed objects make use of Cryptographic Message Syntax (CMS) as a standard encapsulation format.
-
certificate policy cp for the resource public key infrastructure rpki
RFC, 2012Co-Authors: Stephen Kent, Derrick Kong, Ronald WatroAbstract:This document describes the certificate policy for a public key infrastructure (PKI) used to support attestations about Internet resource holdings. Each organization that distributes IP addresses or Autonomous System (AS) numbers to an organization will, in parallel, issue a certificate reflecting this distribution. These certificates will enable verification that the resources indicated in the certificate have been distributed to the holder of the associated private key and that this organization is the current, unique holder of these resources.
-
public key infrastructure for the secure border gateway protocol s bgp
DARPA Information Survivability Conference and Exposition, 2001Co-Authors: Charles Lynn, Stephen KentAbstract:The Border Gateway Protocol (BGP) which is used to distribute routing information between autonomous systems (ASes), is a critical component of the Internet's routing infrastructure. BGP is highly vulnerable to a variety of malicious attacks, due to its lack of secure means of verifying the authenticity and authority of BGP control traffic. Secure BGP (S-BGP) addresses most of these security vulnerabilities by using a combination of IPsec, a new BGP path attribute containing "attestations," and a public key infrastructure (PKI). This paper describes in detail this PKI and how it is used to support S-BGP, e.g., for verifying ownership of AS numbers and portions of the IP address space. This PKI embodies a number of unique features designed to support S-BGP security requirements and to facilitate automated access control management for the certificate and CRL repository used with S-BGP.
Russ Housley - One of the best experts on this subject based on the ideXlab platform.
-
internet x 509 public key infrastructure certificate image
RFC, 2011Co-Authors: Leonard Rosenthol, Stefan Santesson, Siddharth Bajaj, Russ HousleyAbstract:This document specifies a method to bind a visual representation of a certificate in the form of a certificate image to a [RFC5280] public key certificate by defining a new otherLogos image type according to [RFC3709].
-
update to directorystring processing in the internet x 509 public key infrastructure certificate and certificate revocation list crl profile
RFC, 2006Co-Authors: Stefan Santesson, Russ HousleyAbstract:This document updates the handling of DirectoryString in the Internet X.509 public key infrastructure Certificate and Certificate Revocation List (CRL) Profile, which is published in RFC 3280. The use of UTF8String and PrintableString are the preferred encoding. The requirement for exclusive use of UTF8String after December 31, 2003 is removed. [STANDARDS-TRACK]
-
additional algorithms and identifiers for rsa cryptography for use in the internet x 509 public key infrastructure certificate and certificate revocation list crl profile
RFC, 2005Co-Authors: Jim Schaad, Russ Housley, Burt KaliskiAbstract:This document supplements RFC 3279. It describes the conventions for using the RSASSA-PSS signature algorithm, the RSAES-OAEP key transport algorithm and additional one-way hash functions with the PKCS #1 version 1.5 signature algorithm in the Internet X.509 public key infrastructure (PKI). Encoding formats, algorithm identifiers, and parameter formats are specified.
-
additional algorithms and identifiers for rsa cryptography for use in the internet x 509 public key infrastructure certificate and certificate revocation list crl profile
RFC, 2005Co-Authors: Jim Schaad, Russ Housley, Burt KaliskiAbstract:This document supplements RFC 3279. It describes the conventions for using the RSA Probabilistic Signature Scheme (RSASSA-PSS) signature algorithm, the RSA Encryption Scheme - Optimal Asymmetric Encryption Padding (RSAES-OAEP) key transport algorithm and additional one-way hash functions with the public-key Cryptography Standards (PKCS) #1 version 1.5 signature algorithm in the Internet X.509 public key infrastructure (PKI). Encoding formats, algorithm identifiers, and parameter formats are specified. [STANDARDS-TRACK]
-
algorithms and identifiers for the internet x 509 public key infrastructure certificate and certificate revocation list crl profile
RFC, 2002Co-Authors: L Bassham, W Polk, Russ HousleyAbstract:This document specifies algorithm identifiers and ASN.1 encoding formats for digital signatures and subject public keys used in the Internet X.509 public key infrastructure (PKI). Digital signatures are used to sign certificates and certificate revocation list (CRLs). Certificates include the public key of the named subject.
Paolo Pagano - One of the best experts on this subject based on the ideXlab platform.
-
IOTA-VPKI: A DLT-Based and Resource Efficient Vehicular public key infrastructure
2018 IEEE 88th Vehicular Technology Conference (VTC-Fall), 2018Co-Authors: Andrea Tesei, Luca Di Mauro, Mariano Falcitelli, Sandro Noto, Paolo PaganoAbstract:Intelligent Transport Systems (ITS) show many potential benefits to the way we travel today. The security requirements to be matched in this kind of systems are challenging and they show technical, societal, legal, and economical concerns (e.g. anonymity, accountability, non-repudiation). To address security, standardization bodies (IEEE 1609.2, ETSI) and harmonization efforts (Car2Car Communication Consortium (C2C-CC)) have proposed a Certification Authority-based (CA-based) Vehicular public key infrastructure (VPKI) which still suffers of Single Point of Failure (SPoF) locate in CAs and does not provide transparency in the certificate issuance. We propose IOTA-VPKI, a Distributed Ledger Technology-based (DLT-based) VPKI that improve the state-of-the-art eliminating SPoF with seamless scalability with respect to the users. IOTA-VPKI also guarantees transparency in the issuance of certificates as well as historical proof-of-possession by storing signed and hashed certificates on the IOTA ledger to facilitate verification procedure. The use of IOTA DLT assure also the feasible deploy in Internet of Things (IoT) domain, where the devices involved have limited computational resources. The effectiveness of our DLT-based VPKI will be measured in testbed for EU Horizon 2020-funded AUTOmated driving Progressed by Internet Of Things (AUTOPILOT) project.
Jong Hyuk Park - One of the best experts on this subject based on the ideXlab platform.
-
certificateless based public key infrastructure using a dnssec
Journal of Cryptology, 2015Co-Authors: Jungho Kang, Jong Hyuk ParkAbstract:With the continuous development of the internet, there has been increasing research on reliability of data shared through the network. In particular, the focus on the public key infrastructure (PKI) that performs functions including verifying the sender’s identity and preventing forgery based on digital certificates has been intensifying rapidly. However, existing certificate-based PKI gives rise to various problems in terms of the Certificate Authority (CA), user, and domain name system (DNS). Moreover, certificate-PKI involves cost, an authentication environment, and security, and the existing PKI system uses CA, a hierarchical structure, to process certificates. This paper aims to devise a reliable address using the DNS security extension (DNSSEC) that applies security to the existing DNS, and proposes a certificate less-based PKI that uses DNSSEC. The proposed PKI can reduce the cost of the existing certificate and address existing vulnerabilities.