Public Key Infrastructure: Using the Internet as a Virtual Private Network

The conventional public key infrastructure (PKI) model, which powers most of the Internet, suffers from an excess of trust into certificate authorities (CAs), compounded by a lack of transparency which makes it vulnerable to hard-to-detect targeted stealth impersonation attacks. Existing approaches to make certificate issuance more transparent, including ones based on blockchains, are still somewhat centralized. We present decentralized PKI transparency (DPKIT): a decentralized client-based approach to enforcing transparency in certificate issuance and revocation while eliminating single points of failure. DPKIT efficiently leverages an existing blockchain to realize an append-only, distributed associative array, which allows anyone (or their browser) to audit and update the history of all publicly issued certificates and revocations for any domain. Our technical contributions include definitions for append-only associative ledgers, a security model for certificate transparency, and a formal analysis of our DPKIT construction with respect to the same. Intended as a client-side browser extension, DPKIT will be effective at fraud detection and prosecution, even under fledgling user adoption, and with better coverage and privacy than federated observatories, such as Google’s or the Electronic Frontier Foundation’s.

Download Full-text

Developing a Public Key Infrastructure for a Secure Regional e-Health Environment

Methods of Information in Medicine ◽

10.1055/s-0038-1634371 ◽

2002 ◽

Vol 41 (05) ◽

pp. 414-418 ◽

Cited By ~ 6

Author(s):

I. Mavridis ◽

C. Ilioudis ◽

C. Georgiadis ◽

G. Pangalos

Keyword(s):

Health Information ◽

Low Cost ◽

Public Key Cryptography ◽

Public Key Infrastructure ◽

University Hospital ◽

Public Key ◽

The Internet ◽

Regional Health ◽

Internet Applications ◽

Regional Health Care

Summary Objectives: Internet technologies provide an attractive infrastructure for efficient and low cost communications in regional health information networks. The advantages provided by the Internet come however with a significantly greater element of risk to the confidentiality and integrity of information. This is because the Internet has been designed primarily to optimize information sharing and interoperability, not security. The main objective of this paper is to propose the exploitation of public-key cryptography techniques to provide adequate security to enable secure healthcare Internet applications. Methods: Public-key cryptography techniques can provide the needed security infrastructure in regional health networks. In the regional health-care security framework presented in this paper, we propose the use of state-of-art Public Key Infrastructure (PKI) technology. Such an e-Health PKI consists of regional certification authorities that are implemented within the central hospitals of each region and provide their services to the rest of the healthcare establishments of the same region. Results: Significant experience in this area has been gained from the implementation of the PKI@AUTH project. Conclusions: The developed PKI infrastructure already successfully provides its security services to the AHEPA university hospital. The same infrastructure is designed to easily support a number of hospitals participating in a regional health information network.

Download Full-text

Implementasi dan Analisa Kinerja Jaringan Wide Area Network dengan Open VPN-Access Server

INFORMATICS FOR EDUCATORS AND PROFESSIONAL : Journal of Informatics ◽

10.51211/itbi.v4i2.1307 ◽

2020 ◽

Vol 4 (2) ◽

pp. 143

Author(s):

Rian Septian Anwar ◽

Nani Agustina

Keyword(s):

Topological Structure ◽

Internet Traffic ◽

Virtual Private Network ◽

The Internet ◽

Area Network ◽

Wide Area Network ◽

Network Development ◽

The World ◽

Use Of The Internet ◽

Private Network

Abstrak: Meningkatnya penggunaan internet di dunia, membuat trafik internet menjadi tinggi. Kebutuhan akan interkoneksi antar jaringan yang meningkat terutama pada perusahaan yang mempunyai banyak cabang. Oleh karena itu perusahaan dituntut untuk mengeluarkan budget lebih banyak lagi. Untuk meredam pengeluaran yang terlalu berlebih maka dibutuhkan dibutuhkan sebuah jaringan Virtual Private Network (VPN). Dengan memanfaatkan Open VPN-Access Server biaya yang dikeluarkan lebih murah dibandingkan dengan sewa VPN-IP yang relatif lebih mahal biayanya. Untuk jaringan yang lebih baik, maka harus ditopang dengan struktur topology terbaik menurut pemasangannya. Pemilihan topology pada awal pembangunan jaringan sangat penting untuk membuat akses Virtual Private Network (VPN) ini terkoneksi dengan baik. Kata kunci: VPN, Jaringan, Open VPN-Acces Server. Abstract: The increasing use of the internet in the world, making internet traffic become high. The need for interconnection between networks is increasing in companies with many branches. Therefore companies are required to spend even more budget. To reduce excess expenditure, a Virtual Private Network (VPN) is needed. By utilizing Open VPN-Server Access that is issued is cheaper compared to VPN-IP leases that are relatively more expensive. For better tissue, it must be supported by the best topological structure according to installation. The choice of topology at the beginning of network development is very important to make this Virtual Private Network (VPN) access well connected. Keywords: VPN, Networking, Open VPN-Acces Server.

Download Full-text

Implementasi BGP dan Resource Public Key Infrastructure menggunakan BIRD untuk Keamanan Routing

Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi) ◽

10.29207/resti.v5i6.3631 ◽

2021 ◽

Vol 5 (6) ◽

pp. 1161-1170

Author(s):

Valen Brata Pranaya ◽

Theophilus Wellem

Keyword(s):

Autonomous Systems ◽

Public Key Infrastructure ◽

Digital Certificate ◽

Public Key ◽

The Internet ◽

Certification Authority ◽

Internet Routing ◽

Internet Connectivity ◽

Routing Security ◽

Bgp Routing

The validity of the routing advertisements sent by one router to another is essential for Internet connectivity. To perform routing exchanges between Autonomous Systems (AS) on the Internet, a protocol known as the Border Gateway Protocol (BGP) is used. One of the most common attacks on routers running BGP is prefix hijacking. This attack aims to disrupt connections between AS and divert routing to destinations that are not appropriate for crimes, such as fraud and data breach. One of the methods developed to prevent prefix hijacking is the Resource Public Key Infrastructure (RPKI). RPKI is a public key infrastructure (PKI) developed for BGP routing security on the Internet and can be used by routers to validate routing advertisements sent by their BGP peers. RPKI utilizes a digital certificate issued by the Certification Authority (CA) to validate the subnet in a routing advertisement. This study aims to implement BGP and RPKI using the Bird Internet Routing Daemon (BIRD). Simulation and implementation are carried out using the GNS3 simulator and a server that acts as the RPKI validator. Experiments were conducted using 4 AS, 7 routers, 1 server for BIRD, and 1 server for validators, and there were 26 invalid or unknown subnets advertised by 2 routers in the simulated topology. The experiment results show that the router can successfully validated the routing advertisement received from its BGP peer using RPKI. All invalid and unknown subnets are not forwarded to other routers in the AS where they are located such that route hijacking is prevented.

Download Full-text

Increasing Business Value of Communications Infrastructure

Creating Business Value with Information Technology ◽

10.4018/978-1-59140-038-7.ch010 ◽

2011 ◽

pp. 220-235

Author(s):

Bongsik Shin ◽

Daniel C. Kinsella Jr.

Keyword(s):

Case Studies ◽

Secure Communication ◽

Virtual Private Network ◽

Telecommunication Networks ◽

The Internet ◽

User Group ◽

Public Infrastructure ◽

Strategic Value ◽

Business Entities ◽

Private Network

An Internet-based Virtual Private Network (IVPN) is a system and service that enables secure communication within a controlled user group across the Internet public infrastructure. For the last few years, the Internet-based VPN has been available, providing organizational use for meaningful applications. The paper empirically investigates the value of IVPNs in managing communications among distributed business entities. For this, we conducted two case studies based on the information gathered from two companies. Then, a general decision model of the IVPN is proposed, which could be used for the assessment of its strategic value as well as for the design of virtual telecommunication networks at other organizations.

Download Full-text

PKI4IoT: Towards public key infrastructure for the Internet of Things

Computers & Security ◽

10.1016/j.cose.2019.101658 ◽

2020 ◽

Vol 89 ◽

pp. 101658 ◽

Cited By ~ 4

Author(s):

Joel Höglund ◽

Samuel Lindemer ◽

Martin Furuhed ◽

Shahid Raza

Keyword(s):

Internet Of Things ◽

Public Key Infrastructure ◽

Public Key ◽

The Internet ◽

The Internet Of Things

Download Full-text

Evaluation of routing protocol OSPFv3 on the link PE-CE on MPLS/VPN environments

Applied Mathematical Sciences ◽

10.12988/ams.2017.710306 ◽

2017 ◽

Vol 11 (60) ◽

pp. 2967-2980

Author(s):

Diego F. Rocha ◽

Octavio Jose Salcedo Parra ◽

Giovanny Mauricio Tarazona Bermudez

Keyword(s):

Routing Protocol ◽

Rapid Growth ◽

Service Providers ◽

Virtual Private Network ◽

The Internet ◽

Internet Service ◽

Mpls Vpn ◽

Multi Protocol Label Switching ◽

Definition Of ◽

Private Network

The paper must have abstract. The rapid growth of networks base on IP, and the current challenge posed by the technological deployment of IPv6 and annexed applications, challenges that must confront the Internet Service Provider and have stimulated the development for rigorous researches on the topic. The Internet Service Providers ISP offer infrastructure for implementation of virtual private network VPN, where is fundamental the definition of routing schemas between the border route of client CE and the provider PE. In this sense, have been proposed different schemas where the new protocols as Open Short Path First version 3 OSPFv3 have a key role. In the context of VPN, the routing protocol BGP is used to distribute the clientâs path, the multi-protocol label switching MPLS is used to send the information packages through the network core in tunnel mode. Originally, only IPv4 was supported and expanded after support OSPFv2 and VPN IPv6. Based on the new specifications in order to support OSPFv3 as a routing protocol PE-CE and the current technological infrastructures begin the process of IPv6 deployment, these elements driving this research which evaluate the performance of routing protocol OSPFv3 on border scenarios MPLS/VPN/IPv6.

Download Full-text