On Splitting Public Keys for the Public Key Infrastructure

2005 ◽  
Author(s):  
S. Cristiano ◽  
F.F. Liu
Keyword(s):  
Public Key Infrastructure ◽  
Public Key ◽  
The Public ◽  
Public Keys

Certificates and Public Key Infrastructure

2008 ◽  
pp. 217-245
Author(s):  
Manuel Mogollon
Keyword(s):  
Access Control ◽  
Digital Signature ◽  
Public Key Infrastructure ◽  
Public Key ◽  
Comprehensive System ◽  
Public Key Encryption ◽  
Control Data ◽  
The Public ◽  
Digital Certificates ◽  
Public Keys

In public-key encryption, the secrecy of the public key is not required, but the authenticity of the public key is necessary to guarantee its integrity and to avoid spoofing and playback attacks. A user’s public key can be authenticated (signed) by a certificate authority that verifies that a public key belongs to a specific user. In this chapter, digital certificates, which are used to validate public keys, and certificate authorities are discussed. When public-key is used, it is necessary to have a comprehensive system that provides public key encryption and digital signature services to ensure confidentiality, access control, data integrity, authentication, and non-repudiation. That system, public-key infrastructure or PKI, is also discussed in this chapter.

scholarly journals Dynamic Public Key Certificates with Forward Secrecy

Electronics ◽  
2021 ◽  
Vol 10 (16) ◽  
pp. 2009
Author(s):  
Hung-Yu Chien
Keyword(s):  
Public Key Infrastructure ◽  
Public Key ◽  
Practical Reasons ◽  
Forward Secrecy ◽  
The Public ◽  
Private Key ◽  
Security Properties ◽  
The Subject ◽  
Key Exposure ◽  
Chameleon Hash

Conventionally, public key certificates bind one subject with one static public key so that the subject can facilitate the services of the public key infrastructure (PKI). In PKI, certificates need to be renewed (or revoked) for several practical reasons, including certificate expiration, private key breaches, condition changes, and possible risk reduction. The certificate renewal process is very costly, especially for those environments where online authorities are not available or the connection is not reliable. A dynamic public key certificate (DPKC) facilitates the dynamic changeover of the current public–private key pairs without renewing the certificate authority (CA). This paper extends the previous study in several aspects: (1) we formally define the DPKC; (2) we formally define the security properties; (3) we propose another implementation of the Krawczyk–Rabin chameleon-hash-based DPKC; (4) we propose two variants of DPKC, using the Ateniese–Medeiros key-exposure-free chameleon hash; (5) we detail two application scenarios.

scholarly journals LogPicker: Strengthening Certificate Transparency Against Covert Adversaries

2021 ◽  
Vol 2021 (4) ◽  
pp. 184-202
Author(s):  
Alexandra Dirksen ◽  
David Klein ◽  
Robert Michael ◽  
Tilman Stehr ◽  
Konrad Rieck ◽  
...  
Keyword(s):  
Distributed System ◽  
Large Scale ◽  
Public Key Infrastructure ◽  
Third Party ◽  
Public Key ◽  
Smooth Transition ◽  
Certificate Authority ◽  
Trusted Third Party ◽  
The Public

Abstract HTTPS is a cornerstone of privacy in the modern Web. The public key infrastructure underlying HTTPS, however, is a frequent target of attacks. In several cases, forged certificates have been issued by compromised Certificate Authorities (CA) and used to spy on users at large scale. While the concept of Certificate Transparency (CT) provides a means for detecting such forgeries, it builds on a distributed system of CT logs whose correctness is still insufficiently protected. By compromising a certificate authority and the corresponding log, a covert adversary can still issue rogue certificates unnoticed. We introduce LogPicker, a novel protocol for strengthening the public key infrastructure of HTTPS. LogPicker enables a pool of CT logs to collaborate, where a randomly selected log includes the certificate while the rest witness and testify the certificate issuance process. As a result, CT logs become capable of auditing the log in charge independently without the need for a trusted third party. This auditing forces an attacker to control each participating witness, which significantly raises the bar for issuing rogue certificates. LogPicker is efficient and designed to be deployed incrementally, allowing a smooth transition towards a more secure Web.

scholarly journals Analisis dan Implementasi Algoritma Asimetris Dual Modulus RSA (DM-RSA) pada Aplikasi Chat

2021 ◽  
Vol 5 (4) ◽  
pp. 768-773
Author(s):  
Aminudin ◽  
Ilyas Nuryasin
Keyword(s):  
Prime Numbers ◽  
Public Key ◽  
Generation Process ◽  
Key Generation ◽  
The Public ◽  
Asymmetric Model ◽  
Rsa Algorithm ◽  
Private Key ◽  
Public Keys ◽  
Cryptographic Algorithms

The RSA algorithm is one of the cryptographic algorithms with an asymmetric model where the algorithm has two keys, namely the public key and the private key. However, as time goes on, these algorithms are increasingly exposed to security holes and make this algorithm vulnerable to being hacked by people who do not have authority. The vulnerability stems from the algorithm's public keys (e and n). The strength of the RSA algorithm is based on the difficulty of factoring two prime numbers that are generated during the key generation process, if these values ​​can be known using certain methods, the public key and private key values ​​will be found. Therefore, there are many studies that improvise the RSA algorithm, one of which is the Dual Modulus RSA (DM-RSA) algorithm. The algorithm uses four prime numbers which produce 2 modulus and 4 keys (2 public keys and 2 private keys). From the results of the Kraitchik factorization test, it was found that the DM-RSA algorithm was proven to be more resistant up to 2 times or even more than the standard RSA algorithm. This is evidenced by the fact that the value of n is 24 bits, the RSA algorithm can last up to 63204 ms (1 minute 22 seconds) while the Dual Modulus RSA algorithm lasts up to 248494123 ms (142 minutes 47 seconds).  

scholarly journals Implementation of a New Strongly-Asymmetric Algorithm and Its Optimization

Cryptography ◽  
2020 ◽  
Vol 4 (3) ◽  
pp. 21
Author(s):  
Koki Jimbo ◽  
Satoshi Iriyama ◽  
Massimo Regoli
Keyword(s):  
General Framework ◽  
Key Agreement ◽  
Public Key ◽  
Security Level ◽  
The Public ◽  
High Speeds ◽  
Diffie Hellman ◽  
New Public ◽  
Public Keys ◽  
Free Parameters

A new public key agreement (PKA) algorithm, called the strongly-asymmetric algorithm (SAA-5), was introduced by Accardi et al. The main differences from the usual PKA algorithms are that Bob has some independent public keys and Alice produces her public key by using some part of the public keys from Bob. Then, the preparation and calculation processes are essentially asymmetric. This algorithms has several free parameters more than the usual symmetric PKA algorithms and the velocity of calculation is largely dependent on the parameters chosen; however, the performance of it has not yet been tested. The purpose of our study was to discuss efficient parameters to share the key with high speeds in SAA-5 and to optimize SAA-5 in terms of calculation speed. To find efficient parameters of SAA-5, we compared the calculation speed with Diffie–Hellman (D-H) while varying values of some parameters under the circumstance where the length of the secret shared key (SSK) was fixed. For optimization, we discuss a more general framework of SAA-5 to find more efficient operations. By fixing the parameters of the framework properly, a new PKA algorithm with the same security level as SAA-5 was produced. The result shows that the calculation speed of the proposed PKA algorithm is faster than D-H, especially for large key lengths. The calculation speed of the proposed PKA algorithm increases linearly as the SSK length increases, whereas D-H increases exponentially.

Security of Identity-Based Encryption Algorithms

2018 ◽  
pp. 4975-4984
Author(s):  
Kannan Balasubramanian ◽  
M. Rajakani
Keyword(s):  
Key Management ◽  
Public Key ◽  
The Public ◽  
Private Key ◽  
Identity Based Encryption ◽  
Public Keys ◽  
Identity Based ◽  
Encryption Algorithms ◽  
Encrypted Communication ◽  
E Mail

The concept of Identity Based Cryptography introduced the idea of using arbitrary strings such as e-mail addresses and IP Addresses to form public keys with the corresponding private keys being created by the Trusted Authority(TA) who is in possession of a system-wide master secret. Then a party, Alice who wants to send encrypted communication to Bob need only Bob's identifier and the system-wide public parameters. Thus the receiver is able to choose and manipulate the public key of the intended recipient which has a number of advantages. While IBC removes the problem of trust in the public key, it introduces trust in the TA. As the TA uses the system-wide master secret to compute private keys for users in the system, it can effectively recompute a private key for any arbitrary string without having to archive private keys. This greatly simplifies key management as the TA simply needs to protect its master secret.

Security of Identity-Based Encryption Algorithms

2019 ◽  
pp. 312-325
Author(s):  
Kannan Balasubramanian ◽  
M. Rajakani
Keyword(s):  
Key Management ◽  
Public Key ◽  
The Public ◽  
Private Key ◽  
Identity Based Encryption ◽  
Public Keys ◽  
Identity Based ◽  
Encryption Algorithms ◽  
Encrypted Communication ◽  
E Mail

The concept of identity-based cryptography introduced the idea of using arbitrary strings such as e-mail addresses and IP addresses to form public keys with the corresponding private keys being created by the trusted authority (TA) who is in possession of a systemwide master secret. Then a party, Alice, who wants to send encrypted communication to Bob need only Bob's identifier and the systemwide public parameters. Thus, the receiver is able to choose and manipulate the public key of the intended recipient which has a number of advantages. While IBC removes the problem of trust in the public key, it introduces trust in the TA. As the TA uses the systemwide master secret to compute private keys for users in the system, it can effectively recompute a private key for any arbitrary string without having to archive private keys. This greatly simplifies key management as the TA simply needs to protect its master secret.

Sign in / Sign up

Export Citation Format

Share Document