Chengyuan Zhang,Changqing An,Tao Yu,Zhiyan Zheng,Jilong Wang

DOI: https://doi.org/10.1109/noms59830.2024.10575605

2024-01-01

Abstract:The validity and efficiency of certificate revocation in today's web Public Key Infrastructure (PKI) are consistently overlooked. In this paper, we analyse current certificate revocation schemes from the perspective of Certificate Authorities (CAs) and browsers. We find that the average size of CRL files collected from popular CAs can be as large as 2MB and the average response time of OCSP is around 430ms, which means that the time overhead brought by current certificate revocation schemes is not negligible. Moreover, browsers often fail to perform the revocation check correctly and allow websites to use revoked certificates, which can help attackers to launch man-in-the-middle attacks using fraudulent certificates.We also summarise existing problems and propose a novel certificate revocation scheme utilizing DNS resource records for efficient and privacy-preserving distribution. We have implemented a prototype to evaluate the performance of our scheme, and test results show that our scheme is time-efficient and able to withstand realistic workloads. We hope that our work can stimulate further discussion of the problems in Web PKI.

张雪琳,马跃,王玮,徐塞虹

DOI: https://doi.org/10.3321/j.issn:1000-6788.2004.03.015

2004-01-01

Abstract:Public Key Infrastructure (PKI) is a infrastructure of asymmetric encryption that delivers strong capabilities for services such as data confidentiality,authentication,integrity and non-repudiation to effectively mitigate various risks involved in a network environment. The PKI infrastructure ensures that the availability of a well conceived combination of services,communications methods and protocols to its constituent applications and programs. It means that the infrastructure provides a blanket to enable the interoperability of its constituent parts for available,reliable,and unobtrusive security services. In this paper,a model of CRL disribution is set up. By analyzing the revocation delay,we get the expression of revocation delay.The simulation result is also given,which proved correctness of our analysis .

Wei Ren,Kui Ren,Wenjing Lou,Yanchao Zhang

DOI: https://doi.org/10.4108/icst.qshine2008.3824

2008-01-01

Abstract:Privacy-aware Public Key Infrastructure (PKI) can maintain user access control and yet protect user privacy, which is envisioned as a promising technique in many emerging applications. To justify the applicability of privacy-aware PKI and optimize the performance, it is highly important to ensure the efficiency of handling user revocations. In practice, user revocation can be due to various predictable and unpredictable reasons, e.g., subscription expiration, network access policy violation, group changing, secret key exposure, etc. Both predictable and unpredictable reasons can happen concurrently, which makes the design of efficient user revocation mechanism challenging. In this paper, we study how to achieve optimized user revocation cost with respect to various revocation approaches. We also propose an advanced scheme Delta-RL that ensures an optimized overall performance in terms of communication, computation and storage, as justified by the extensive analysis.

HONG Huan-jian,TENG Ran-ran,ZHENG Jian-hua,DAI Yi-qi

DOI: https://doi.org/10.3969/j.issn.1001-3695.2006.08.048

2006-01-01

Abstract:In any security applications based PKI,the validation of the digital certificates is important to the system's security.This paper briefly describes the actual implementation of the On-line Certificate Status Protocol(OCSP) on Internet and explains why the crypto-mobile-phone cannot check the certificate status on-line as on Internet.It introduces a new certificate revocation status-broadcasting scheme that efficiently resolves the problem of checking certificate revocation status in wireless environment and improves the security level of crypto-mobile-phone.

Andreas Freitag

DOI: https://doi.org/10.48550/arXiv.2211.13041

2022-11-23

Abstract:Digital Identities are playing an essential role in our digital lives. Today, used Digital Identities are based on central architectures. Central Digital Identity providers control and know our data and, thereby, our Identity. Self Sovereign Identities (SSI) are based on a decentralized data storage and data exchange architecture, where the user is in sole control of his data and identity. Most of the issued credentials need the possibility of revocation. For a Central Digital Identity, revocation is easy. In decentral architectures, revocation is more challenging. Revocation can be done with different methods e.g. lists, compressed lists and cryptographic accumulators. A revocation method must be privacy preserving and must scale. This paper gives an overview about the available revocation methods, include a survey to define requirements, assess different revocation groups against the requirements, highlights shortcomings of the methods and introduce a new revocation method called Linked Validity Verifiable Credentials.

Cryptography and Security,Computers and Society

Wei Ren,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/icdcs.workshops.2008.95

2008-01-01

Abstract:Privacy-aware Public Key Infrastructure (PKI) can maintain user access control and yet protect user privacy, which is important for many applications. The applicability of privacy-aware PKI highly relies on the performance of user revocation. The requirements of user revocation are various in general, such as subscription expiration, violation of access policy, group changing, and key exposure. To satisfy different requirements, multiple revocation approaches may interact each other. In this paper, we study how to achieve optimized user revocation cost with respect to various revocation approaches. We also propose a practical scheme Delta-RL that can fulfill an optimal overall performance on the base of extensive analysis.

Zhi-Yu Peng,Shan-Ping Li

DOI: https://doi.org/10.1109/icmlc.2008.4620616

2008-01-01

Abstract:As pervasive computing leading to an increased collection of information in the computational world as well as the real world, privacy leaking becomes a serious issue. Although privacy protection has drawn great attention in recent years, the privacy-preserving trust management has not been brought forward. Credential chain discovery problem is the key issue in trust management, and traditionally credentials are full open in the whole system. This could expose users' access control policies as well as other private information, and leads to a great risk of being cheated by malicious users. This paper advocates a privacy-preserving credential chain discovery mechanism, in which credentials are no longer available to everyone. By merely learning credentials of one's logic neighbors, this mechanism still achieves good results. The simulations show that this mechanism is practical.

Liu Duan-yang,Pan Xue-zeng,Ping Ling-di

DOI: https://doi.org/10.1631/jzus.2003.0555

2003-01-01

Abstract:Distributed certification via threshold cryptography is much more secure than other ways to protect certification authority (CA)'s private key, and can tolerate some intrusions. As the original system such as ITTC, etc., is unsafe, inefficient and impracitcal in actual network environment, this paper brings up a new distributed certification scheme, which although it generates key shares concentratively, it updates key shares distributedly, and so, avoids single-point failure like ITTC. It not only enhances robustness with Feldman verification and SSL protocol, but can also change the threshold (t, k) flexibly and robustly, and so, is much more practical. In this work, the authors implement the prototype system of the new scheme and test and analyze its performance.

Xinyi Luo,Zhuo Xu,Kaiping Xue,Qiantong Jiang,Ruidong Li,David Wei

DOI: https://doi.org/10.1109/icdcs54860.2022.00121

2022-01-01

Abstract:As the voucher for identity, digital certificates and the public key infrastructure (PKI) system have always played a vital role to provide the authentication services. In recent years, with the increase in attacks on traditional centralized PKIs and the extensive deployment of blockchains, researchers have tried to establish blockchain-based secure decentralized PKIs and have made significant progress. Although blockchain enhances security, it brings new problems in scalability due to the inherent limitations of blockchain’s data structure and consensus mechanism, which become much severe for the massive access in the era of 5G and B5G. In this paper, we propose ScalaCert to mitigate the scalability problems of blockchain-based PKIs by utilizing redactable blockchain for "on-cert" revocation. Specifically, we utilize the redactable blockchain to record revocation information directly on the original certificate ("on-cert") and remove additional data structures such as CRL, significantly reducing storage overhead. Moreover, the combination of redactable and consortium blockchains brings a new kind of attack called deception of versions (DoV) attack. To defend against it, we design a random-block-node-check (RBNC) based freshness check mechanism. Security and performance analyses show that ScalaCert has sufficient security and effectively solves the scalability problem of the blockchain-based PKI system.

王政,赵明,斯雪明,韩文报

DOI: https://doi.org/10.3969/j.issn.1000-3428.2009.01.012

2009-01-01

Abstract:Large scale environment, unreasonable certificate revocation management will bring enormous operations and burden of network transmission. This paper analyzes some kinds of CRL mechanisms, puts forward a maintenance scheme of certificate revocation list named PSHT-CRL, which inherits the character of segment-CRL, redirect-CRL and over issue-CRL. PSHT-CRL uses Hash table, partial signature, and link method to ensure the scheme’s security, to reduce the cost of user request response and certificate updating. PSHT-CRL solves the problems of other revocation schemes. The security and capability of this scheme are analyzed and PSHT-CRL compared with other CRL scheme.

Jing Chen,Shixiong Yao,Quan Yuan,Kun He,Shouling Ji,Ruiying Du

DOI: https://doi.org/10.1109/infocom.2018.8486344

2018-01-01

Abstract:In recent years, real-world attacks against PKI take place frequently. For example, malicious domains' certificates issued by compromised CAs are widespread, and revoked certificates are still trusted by clients. In spite of a lot of research to improve the security of SSL/TLS connections, there are still some problems unsolved. On one hand, although log-based schemes provided certificate audit service to quickly detect CAs' misbehavior, the security and data consistency of log servers are ignored. On the other hand, revoked certificates checking is neglected due to the incomplete, insecure and inefficient certificate revocation mechanisms. Further, existing revoked certificates checking schemes are centralized which would bring safety bottlenecks. In this paper, we propose a blockchain-based public and efficient audit scheme for TLS connections, which is called Certchain. Specially, we propose a dependability-rank based consensus protocol in our blockchain system and a new data structure to support certificate forward traceability. Furthermore, we present a method that utilizes dual counting bloom filter (DCBF) with eliminating false positives to achieve economic space and efficient query for certificate revocation checking. The security analysis and experimental results demonstrate that CertChain is suitable in practice with moderate overhead.

Tong Zhou,Lein Harn

DOI: https://doi.org/10.1109/ccece.2008.4564549

2008-01-01

Abstract:In nonhierarchical public key infrastructure (PKI), any user can be a certificate authority (CA) to issue digital certificates to other users. As there is no single root CA, it is difficult to check the validity of certificates issued by unknown CAs. It is very risky to trust them without in-depth analysis. How users issue certificates in the real world has not been studied. Solomon Aschpsilas conformity experiment reveals that peoplespsila decisions are influenced by others. To reduce the risk of trusting malicious certificate issuers, we propose two novel methods, micro method and macro method, for users to make trust decisions based on the relationships among the CAs. They will improve the security in ad hoc networks and peer-to-peer (P2P) communications.

Lucas Mayr,Gustavo Zambonin,Frederico Schardong,Ricardo Custódio

2024-08-02

Abstract:Electronic documents are signed using private keys and verified using the corresponding digital certificates through the well-known public key infrastructure model. Private keys must be kept in a safe container so they can be reused. This makes private key management a critical component of public key infrastructures with no failproof answer. Therefore, existing solutions must employ cumbersome and often expensive revocation methods to handle private key compromises. We propose a new cryptographic key management model built with long-term, irrevocable digital certificates, each bound to a single document. Our model issues a unique digital certificate for each new document to be signed. We demonstrate that private keys associated with these certificates should be deleted after each signature, eliminating the need to store those keys. Furthermore, we show that these certificates do not require any revocation mechanism to be trusted. We analyze the overhead caused by the frequent generation of new key pairs for each document, provide a security overview and show the advantages over the traditional model.

Cryptography and Security

Patrick Herbke,Thomas Cory,Mauro Migliardi

2024-09-20

Abstract:Public key infrastructures are essential for Internet security, ensuring robust certificate management and revocation mechanisms. The transition from centralized to decentralized systems presents challenges such as trust distribution and privacy-preserving credential management. The transition from centralized to decentralized systems is motivated by addressing the single points of failure inherent in centralized systems and leveraging decentralized technologies' transparency and resilience. This paper explores the evolution of certificate status management from centralized to decentralized frameworks, focusing on blockchain technology and advanced cryptography. We provide a taxonomy of the challenges of centralized systems and discuss opportunities provided by existing decentralized technologies. Our findings reveal that, although blockchain technologies enhance security and trust distribution, they represent a bottleneck for parallel computation and face inefficiencies in cryptographic computations. For this reason, we propose a framework of decentralized technology components that addresses such shortcomings to advance the paradigm shift toward decentralized credential status management.

Cryptography and Security,Networking and Internet Architecture

Nikita Korzhitskii,Matus Nemec,Niklas Carlsson

DOI: https://doi.org/10.48550/arXiv.2203.02280

2022-03-04

Abstract:The modern Internet is highly dependent on trust communicated via certificates. However, in some cases, certificates become untrusted, and it is necessary to revoke them. In practice, the problem of secure revocation is still open. Furthermore, the existing procedures do not leave a transparent and immutable revocation history. We propose and evaluate a new revocation transparency protocol that introduces postcertificates and utilizes the existing Certificate Transparency (CT) logs. The protocol is practical, has a low deployment cost, provides an immutable history of revocations, enables delegation, and helps to detect revocation-related misbehavior by certificate authorities (CAs). With this protocol, a holder of a postcertificate can bypass the issuing CA and autonomously initiate the revocation process via submission of the postcertificate to a CT log. The CAs are required to monitor CT logs and proceed with the revocation upon detection of a postcertificate. Revocation status delivery is performed independently and with an arbitrary status protocol. Postcertificates can increase the accountability of the CAs and empower the certificate owners by giving them additional control over the status of the certificates. We evaluate the protocol, measure log and monitor performance, and conclude that it is possible to provide revocation transparency using existing CT logs.

Cryptography and Security,Computers and Society,Networking and Internet Architecture

Adrian-Tudor Dumitrescu,Johan Pouwelse

2024-01-11

Abstract:The Public Key Infrastructure existed in critical infrastructure systems since the expansion of the World Wide Web, but to this day its limitations have not been completely solved. With the rise of government-driven digital identity in Europe, it is more important than ever to understand how PKI can be an efficient frame for eID and to learn from mistakes encountered by other countries in such critical systems. This survey aims to analyze the literature on the problems and risks that PKI exhibits, establish a brief timeline of its evolution in the last decades and study how it was implemented in digital identity projects.

Distributed, Parallel, and Cluster Computing,Cryptography and Security

Kang Li,Wang Fat Lau,Man Ho Au,Ivan Wang-Hei Ho,Yilei Wang

DOI: https://doi.org/10.1016/j.compeleceng.2020.106721

IF: 4.152

2020-01-01

Computers & Electrical Engineering

Abstract:We propose an efficient revocable message authentication scheme to address the security and privacy problems of vehicular networks. The core of our scheme is a pairing-free online/offline certificateless signature with efficient revocation. To further enhance efficiency, our scheme allows roadside unit to assist nearby vehicles to verify signatures through the use of cuckoo filter. To handle revocation, the key generation center will periodically update time keys of the non-revoked users. To reduce the workload of the key generation center, we apply a node selection algorithm known as KUNodes. We also propose to utilize blockchain technology to store the revocation list. Hence, the transparency of user revocation is enhanced, as the vehicles can check the state of revocation list from the immutable blockchain. (C) 2020 Elsevier Ltd. All rights reserved.

Qi Liu,Xiangyu Bai

DOI: https://doi.org/10.1109/iceiec.2017.8076576

2017-01-01

Abstract:In order to ensure the security of mobile ad hoc networks (MANETs), the research on certificateless key management scheme is attracting more and more attention. The certificateless key management scheme can well resist the key escrow problem and it is very suitable for MANET, which is source-constrained and has no public key infrastructure. In this paper, we give an overview of some recent certificateless key management schemes and analyse their advantages and disadvantages. Then we make a comparison of their main methods, key distribution, private key generation and their calculation cost. Finally we put forward a suggestion to solve the problems existing in the certificateless key management scheme.

王常吉,吴建平,段海新

DOI: https://doi.org/10.3969/j.issn.1000-3428.2004.24.034

2004-01-01

Abstract:In this paper, a new certificate revocation information distribution scheme, called compact CRL is proposed by re-encoding revoked certificate entry in standard certificate revocation list and integrating the idea of segmented certificate revocation list scheme. The size of certificate revocation list is reduced greatly, thus the bandwidth that relying party need to download the CRL is saved greatly.

Kai Zhang,Zirui Guo,Liangliang Wang,Lei Zhang,Lifei Wei

DOI: https://doi.org/10.1016/j.csi.2024.103848

IF: 3.721

2024-08-01

Computer Standards & Interfaces

Abstract:Provable Data Possession (PDP) has gained widespread adoption for ensuring the integrity of data in remote cloud storage, where a data owner can delegate a third party auditor (TPA) to perform data auditing. To eliminate key escrow problem or complicated certificate management in classic solutions, numerous certificateless PDP schemes have been proposed while they failed to achieve efficient user revocation and protect user identity privacy. Therefore, we propose ReCIP, a revocable certificateless PDP scheme with identity privacy, where a TPA can perform public data integrity batch verification for a user while learning no useful knowledge about user identity privacy. Technically, we introduce a new user revocation strategy that directly revokes users’ secret keys, with no correlation to the number of data blocks in place for revocation time cost. To further boost the efficiency of ReCIP, we employ a semi-generic online–offline strategy to obtain an online–offline ReCIP (ReCIPoo) to reduce the time cost of tag generation. Moreover, we conduct a formal security proof of ReCIP, where the security is reduced to simple computational Diffie–Hellman problem and discrete logistic problem. Compared to state-of-the-art solutions, our ReCIPoo achieves comparable computation and communication cost while still achieving user revocation and protecting user identity privacy.

computer science, software engineering, hardware & architecture