Chenxi Wang,William A. Wulf

DOI: https://doi.org/10.1023/A:1019199132298

2000-01-01

Abstract:Public Key Infrastructures (PKI) are important for the security of many networked systems. The current designs of PKIs often rely on a centralized key Certification Authority (CA) for the certification and distribution of keys. This centralized entity poses a performance and scalability bottleneck. In addition, it creates a serious security risk — if the CA is penetrated, the security of the entire system is irretrievably compromised. In this paper, we present an innovative method to generate globally unique keys in a completely distributed fashion. The ability to perform distributed key generation facilitates decentralized PKIs. We present security analysis of the method as well as a set of experimental performance results. Our method scales well, and is cryptographically strong.

Xianhui Lu,Jiang Zhang

DOI: https://doi.org/10.1093/nsr/nwab090

IF: 20.6

2021-05-24

National Science Review

Abstract:The invention of public-key cryptography (PKC) by Diffie and Hellman in 1976 is one of two milestones marking the beginning of modern cryptography. The security of a PKC system requires that it should be infeasible to compute the private key from a given public key, which in turn is typically guaranteed by the difficulty in solving some cryptographic-friendly mathematical problems. Among those problems, the integer factorization and discrete logarithm problems play pivotal roles in the development of public-key cryptography. In particular, the assumption that there is no polynomial time (classical) algorithm that solves the above two problems constitutes the basis for the security of almost all currently used public-key cryptosystems, such as RSA and ElGamal. However, Shor [1] found an efficient quantum solving algorithm for the integer factorization and discrete logarithm problems in 1994, which would destroy the security basis for most real deployed PKC systems if large-scale quantum computers become available. The rapid development of quantum technology in recent years suggests that we are getting closer to the quantum crisis of current PKC systems.

multidisciplinary sciences

Liu Duan-yang,Pan Xue-zeng,Ping Ling-di

DOI: https://doi.org/10.1631/jzus.2003.0555

2003-01-01

Abstract:Distributed certification via threshold cryptography is much more secure than other ways to protect certification authority (CA)'s private key, and can tolerate some intrusions. As the original system such as ITTC, etc., is unsafe, inefficient and impracitcal in actual network environment, this paper brings up a new distributed certification scheme, which although it generates key shares concentratively, it updates key shares distributedly, and so, avoids single-point failure like ITTC. It not only enhances robustness with Feldman verification and SSL protocol, but can also change the threshold (t, k) flexibly and robustly, and so, is much more practical. In this work, the authors implement the prototype system of the new scheme and test and analyze its performance.

Chenxi Wang,William A. Wulf

1996-01-01

Abstract:In a public key cryptographic system, the uniqueness and authenticity of the keys are essential to the success of the system. Traditionally, a single, centralized key distribution/certification server has been used to generate and distribute keys. This approach requires a distinguished trusted entity which could potentially become a single point of failure or penetration in a distributed environment. We present in this paper a new, simple way to handle distributed key generation We assign a unique range of m-bit numbers to each key generator in the system. As a result, the lower-order m bits of the keys generated is a unique number in the assigned range. our scheme not only provides a way to generate globally unique keys in an independent, distributed fashion, it also enhances the security of public-key cryptosystems by eliminating the mapping between keys and entity names.

Siyu Gan,Gu, Chunhua,Xueqin Zhang

DOI: https://doi.org/10.1109/IEEC.2010.5533219

2010-01-01

Abstract:With the rapid development of E-Business systems, the technology of distributed services and security becomes research focus in the field of Internet based applications. The distributed E-Business application platform has strong security requirements and specific demands on secure user authentication. After analyzing the distributed authentication protocol and public key infrastructure (PKI), a method for distributed E-Business application authentication using public key cryptography is introduced in this paper. By distributing most of the authentication workload away from the trusted intermediary and to the communicating parties, significant enhancements to security and scalability can be achieved.

Jianqing Fu,Chunming Wu,XiaoPing Chen,Rong Fan

DOI: https://doi.org/10.1109/iccet.2010.5485559

2010-01-01

Abstract:Nowadays, the use of Radio Frequency Identification (RFID) systems in industry and stores has increased. Nevertheless, some of these systems present problems that may discourage potential users. Hence, high confidence and efficient privacy protocols are urgently needed. Previous studies to achieve privacy authentication can be grouped into tree-based and synchronization approaches. But all of the tree-based designs are not suitable to large scale RFID systems, and most of the synchronization designs have security flaws. So in this paper, we propose a scalable pseudo random RFID private mutual authentication protocol (SPRA) to archive both scalable and security. The analysis results show that SPRA effectively enhances the security protection for RFID private authentication, and has the authentication efficiency of O(1).

Yajie Li,Qiufeng Wu,Meng Yuan

DOI: https://doi.org/10.3321/j.issn:1002-8331.2001.10.015

2001-01-01

Abstract:The development of electronic commerce requires the high security of network communication,PKI is an effective solution. This paper introduces basic structure,evaluation standard and major design problems of PKI.

Yannan Li,Yong Yu,Chunwei Lou,Nadra Guizani,Lianhai Wang

DOI: https://doi.org/10.1109/mnet.011.2000085

IF: 10.294

2020-01-01

IEEE Network

Abstract:The public key infrastructure (PKi) has been widely adopted to create, manage, distribute, store and revoke digital certificates, which plays an important role in bootstrapping secure communications. A PKi system authenticates entities with the corresponding public keys and it lays the security foundation for public-key cryptosystems in public-key encryption and digital signatures. However, traditional PKi systems suffer from security breaches, such as single-point-of-failure and man-in-the-middle attacks due to the existence of a centralized certificate authority. in this article, we review the traditional centralized PKi system as well as the subjected security concerns, and then we propose possible solutions to address these issues with the emerging blockchain technology. Two frameworks are presented where blockchain is utilized as a public bulletin board or trusted majority. We implement the functions to evaluate the off-chain time costs and on-chain gas costs of the proposal, which demonstrate the feasibility and practicality of the proposal.

Jason Chia,Swee-Huay Heng,Ji-Jian Chin,Syh-Yuan Tan,Wei-Chuen Yau

DOI: https://doi.org/10.3390/sym13081535

2021-08-20

Symmetry

Abstract:Public key infrastructure (PKI) plays a fundamental role in securing the infrastructure of the Internet through the certification of public keys used in asymmetric encryption. It is an industry standard used by both public and private entities that costs a lot of resources to maintain and secure. On the other hand, identity-based cryptography removes the need for certificates, which in turn lowers the cost. In this work, we present a practical implementation of a hybrid PKI that can issue new identity-based cryptographic keys for authentication purposes while bootstrapping trust with existing certificate authorities. We provide a set of utilities to generate and use such keys within the context of an identity-based environment as well as an external environment (i.e., without root trust to the private key generator). Key revocation is solved through our custom naming design which currently supports a few scenarios (e.g., expire by date, expire by year and valid for year). Our implementation offers a high degree of interoperability by incorporating X.509 standards into identity-based cryptography (IBC) compared to existing works on hybrid PKI–IBC systems. The utilities provided are minimalist and can be integrated with existing tools such as the Enterprise Java Bean Certified Authority (EJBCA).

KY Lam,SL Chung,M Gu,JG Sun

DOI: https://doi.org/10.1016/s0167-4048(03)00615-1

IF: 5.105

2003-01-01

Computers & Security

Abstract:This paper describes a security middleware for enhancing the interoperability of public key infrastructure (PKI). Security is a key concern in e-commerce and is especially critical in cross-enterprise transactions. Public key cryptography is widely accepted as an important mechanism for addressing the security needs of e-commerce transactions because of its ability to implement non-repudiation. The deployment of public key cryptography is facilitated by the provision of PKI which assures the integrity of cryptographic keys. Nevertheless, industry experiences have shown that the task of implementing PKI-based e-commerce applications is challenging. Prior studies have identified interoperability as a major issue that hinders the adoption of PKI in spite of its effectiveness in implementing strong security mechanisms and protocols. In this paper, we discuss the interoperability issue of PKI applications. This research is part of our effort in designing security infrastructure for e-commerce systems. A middleware architecture was designed to enhance interoperability of PKI applications. The security middleware aims to promote cross-enterprise cross-border e-commerce transactions. The proposed mechanism is proven to be practical in real deployment environment.

XJ Lai

DOI: https://doi.org/10.1007/978-0-387-35515-3_52

2000-01-01

Abstract:With the recent explosive growth of the Internet, more and more business are conducted over the open communication network. The increase of information transmitted electronically has lead to an increased need for security. Cryptographic techniques, especially the public-key cryptographic techniques are used to provide the necessary protection to ensure such business process. The widespread of public-key technology requires a reliable and trusted system to manage public keys. Public-key infrastructure provides such a system for mange the trust of the public keys.

Xin Sun,Jiajia Han,Bang Lv,Changhua Sun,Cheng Zeng

DOI: https://doi.org/10.1371/journal.pone.0312690

IF: 3.7

2024-10-31

PLoS ONE

Abstract:With the rise of the Internet of things, the limitations of traditional PKI certificate authentication technology have progressively emerged. Hence, identity-based public key algorithms have been proposed. In this paper, we propose a new approach to generate an identity key, named identity public key (IPK). IPK identity key generation protocol is based on SM2 elliptic curve cryptography and random matrix theory. It builds upon the concept of combined public key (CPK) and resolves the linear collusion issue of CPK as well as the authenticity verification problem of the declared public key of the simplified TF-CPK by enhancing the identity mapping approach. Another main aim of this paper is to prove the security of the IPK identity key generation protocol. Roughly speaking, we verify the security of each part of the private key and the security of the composite private key. We also increase the function and performance comparison with other schemes, such as IBC(SM9) and TF-CPK. Our scheme has the lowest computation cost, which demonstrates its rationality.

multidisciplinary sciences

Daojing He,Sammy Chan,Yan Zhang,Mohsen Guizani,Chun Chen,Jiajun Bu

DOI: https://doi.org/10.1109/MNET.2014.6724101

IF: 10.294

2014-01-01

IEEE Network

Abstract:It is expected that the smart grid will radically add new functionalities to legacy electrical power systems. However, we believe that this will in turn introduce many new security risks. With the smart grid's backbone communication networks and subnetworks, there are possible scenarios when these subnetworks can become vulnerable to attacks. Ensuring security in these networks is challenging because most devices are resource constrained. In addition, different protocols that are used in these networks use their own set of security requirements. In this article, the security requirements of smart grid communication networks are firstly identified. We then point out that although public key infrastructure (PKI) is a viable solution, it has some difficulties to satisfy the requirements in availability, privacy preservation, and scalability. To complement the functions of PKI, we introduce some novel mechanisms so that those security requirements can be met. In particular, we propose a mechanism to efficiently resist Denial-of-Service (DoS) attacks, and some suggestions to the security protocol design for different application categories.

Zhen Liu,Duncan S. Wong,Jack Poon

DOI: https://doi.org/10.1145/2897845.2897849

2016-01-01

Abstract:In Identity-Based Encryption (IBE) system, the Private Key Generator (PKG) holds the master secret key and is responsible for generating private keys for the users. This incurs the key-escrow problem, i.e. the PKG can decrypt any user' any ciphertexts without any possible detection. Also, compromising the master secret key will enable an adversary to do anything to the whole system, and having the master secret key be unavailable implies that new users cannot obtain private keys from the PKG, and existing users cannot get their private keys back from the PKG when they lost them. To address the key-escrow problem and protect the master secret key as much as possible with strong security and availability, distributed PKG protocols supporting threshold policy have been adopted in some IBE schemes. In this paper, we propose a distributed PKG protocol that supports the policy to be any monotonic access structures. Also, we propose the first distributed PKG protocol that supports the dynamic changes of the PKGs and the policy, while remaining the master secret key unchanged. The two protocols do not need any third party acting as a trusted dealer to present, and the master secret key should never be generated or resided in any one single site. The protocols are applicable to a generic IBE template, which covers many existing important IBE schemes. When applied to this generic type of IBE schemes, the two distributed PKG protocols do not affect the encryption and decryption algorithms, and only each user knows his own private key.

Jie Lin,Hoi-Kwong Lo,Jacob Johannsson,Mattia Montagna,Manfred von Willich

2024-07-31

Abstract:Pre-shared keys (PSK) have been widely used in network security. Nonetheless, existing PSK solutions are not scalable. Moreover, whenever a new user joins a network, PSK requires an existing user to get a new key before they are able to communicate with the new user. The key issue is how to distribute the PSK between different users. Here, we solve this problem by proposing a new protocol called Distributed Symmetric Key Establishment (DSKE). DSKE has the advantage of being scalable. Unlike standard public key infrastructure (PKI) which relies on computational assumptions, DSKE provides information-theoretic security in a universally composable security framework. Specifically, we prove the security (correctness and confidentiality) and robustness of this protocol against a computationally unbounded adversary, who additionally may have fully compromised a bounded number of the intermediaries and can eavesdrop on all communication. DSKE also achieves distributed trust through secret sharing. We present several implementations of DSKE in real environments, such as providing client services to link encryptors, network encryptors, and mobile phones, as well as the implementation of intermediaries, called Security Hubs, and associated test data as evidence for its versatility. As DSKE is highly scalable in a network setting with no distance limit, it is expected to be a cost-effective quantum-safe cryptographic solution to the network security threat presented by quantum computers.

Cryptography and Security,Quantum Physics

Y Wang,DW Gu

DOI: https://doi.org/10.1109/iccnmc.2003.1243071

2003-01-01

Abstract:When introducing public key infrastructure (PKI) in mobile telecommunication systems, one of the challenges is to span different PKI domains to establish certificate chain efficiently, and still keep the autonomy in local areas. The PKI model proposed in this paper improves the traditional PKI's performance on the above aspect.

李彪,张申生

DOI: https://doi.org/10.3321/j.issn:1006-2467.2002.09.019

2002-01-01

Abstract:PKI (Public Key Infrastructure) is the basis of secure applications in World Wide Web. The lack of dynamic property in traditional conformation of PKI can not fulfill the security requirements in virtual enterprises. A new conformation of PKI, based on a secret sharing scheme, was proposed to establish the security framework across enterprises and the trust among them.

Zheng ZHANG,Xue-ping WANG,Yi-nan JING,Jin-hua JING

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.33.062

2006-01-01

Abstract:With the background the famous P2P software Skype entering C2C e-commerce platform,this paper proposes a security framework Sec-P2P-EC for e-commerce which is based on structured P2P network.Sec-P2P-EC is fit for current e-commerce background with a simplified single layer PKI.It takes the PKI security service as the core idea,takes Chord as the highly effective inquiry protocol for generation,distribution,retrieve of goods keywords,certificates and evaluations. Therefore Sec-P2P-EC has high security,reliability and efficiency.It enables Sec-P2P-EC to apply directly in P2P e-commerce environment of single platform provider.

Tao Yang,Liyong Tang,Lingbo Kong,Zhong Chen

DOI: https://doi.org/10.1109/fskd.2012.6233869

2012-01-01

Abstract:Recently, distributed online social networks (OSNs) are developed to address the security and privacy issues in centralized OSNs. Identity based cryptography (IBC) was introduced into distributed OSNs recently for better identity verification and authentication purposes. However, current IBC-based solutions in OSNs could not address the problem of secure private key issuing. In this paper we propose PEKING: a novel Pivacy Enhanced Key IssuiNG scheme for distributed online social networks using IBC. Our scheme adopts key generate center (KGC) and key privacy assistants (PAs) to issue keys to peers securely. In the scheme, PAs can be selected from users' friends. Neither KGC nor PAs can impersonate the users to obtain the private keys. Furthermore, to maintain the security of PAs, we develop a scheme to authenticate PAs using Byzantine fault tolerance protocol. The experimental results show that PEKING performs effectively and efficiently, and is able to support large scale networks.

Hongjun Lin,Ping Luo,Daoshun Wang

DOI: https://doi.org/10.1016/j.jnca.2008.03.001

IF: 7.574

2008-01-01

Journal of Network and Computer Applications

Abstract:To solve the scalability problems of the identity authentication model based on CA for application in large distributed networks, adopting a rigorous binary tree code algorithm, we present a distributed identity authentication model based on public keys. The advantages of our model are described as follows: First, it has good scalability and is suitable for large-scale distributed networks. Second, the authentication path is short, with no more than two entities intervening. Third, it does not require users to inquire about certificate revocation lists.