Additional New ASN.1 Modules for the Cryptographic Message Syntax (CMS) and the Public Key Infrastructure Using X.509 (PKIX)

Conventionally, public key certificates bind one subject with one static public key so that the subject can facilitate the services of the public key infrastructure (PKI). In PKI, certificates need to be renewed (or revoked) for several practical reasons, including certificate expiration, private key breaches, condition changes, and possible risk reduction. The certificate renewal process is very costly, especially for those environments where online authorities are not available or the connection is not reliable. A dynamic public key certificate (DPKC) facilitates the dynamic changeover of the current public–private key pairs without renewing the certificate authority (CA). This paper extends the previous study in several aspects: (1) we formally define the DPKC; (2) we formally define the security properties; (3) we propose another implementation of the Krawczyk–Rabin chameleon-hash-based DPKC; (4) we propose two variants of DPKC, using the Ateniese–Medeiros key-exposure-free chameleon hash; (5) we detail two application scenarios.

Download Full-text

LogPicker: Strengthening Certificate Transparency Against Covert Adversaries

Proceedings on Privacy Enhancing Technologies ◽

10.2478/popets-2021-0066 ◽

2021 ◽

Vol 2021 (4) ◽

pp. 184-202

Author(s):

Alexandra Dirksen ◽

David Klein ◽

Robert Michael ◽

Tilman Stehr ◽

Konrad Rieck ◽

...

Keyword(s):

Distributed System ◽

Large Scale ◽

Public Key Infrastructure ◽

Third Party ◽

Public Key ◽

Smooth Transition ◽

Certificate Authority ◽

Trusted Third Party ◽

The Public

Abstract HTTPS is a cornerstone of privacy in the modern Web. The public key infrastructure underlying HTTPS, however, is a frequent target of attacks. In several cases, forged certificates have been issued by compromised Certificate Authorities (CA) and used to spy on users at large scale. While the concept of Certificate Transparency (CT) provides a means for detecting such forgeries, it builds on a distributed system of CT logs whose correctness is still insufficiently protected. By compromising a certificate authority and the corresponding log, a covert adversary can still issue rogue certificates unnoticed. We introduce LogPicker, a novel protocol for strengthening the public key infrastructure of HTTPS. LogPicker enables a pool of CT logs to collaborate, where a randomly selected log includes the certificate while the rest witness and testify the certificate issuance process. As a result, CT logs become capable of auditing the log in charge independently without the need for a trusted third party. This auditing forces an attacker to control each participating witness, which significantly raises the bar for issuing rogue certificates. LogPicker is efficient and designed to be deployed incrementally, allowing a smooth transition towards a more secure Web.

Download Full-text

Certificates and Public Key Infrastructure

Cryptography and Security Services ◽

10.4018/978-1-59904-837-6.ch009 ◽

2008 ◽

pp. 217-245

Author(s):

Manuel Mogollon

Keyword(s):

Access Control ◽

Digital Signature ◽

Public Key Infrastructure ◽

Public Key ◽

Comprehensive System ◽

Public Key Encryption ◽

Control Data ◽

The Public ◽

Digital Certificates ◽

Public Keys

In public-key encryption, the secrecy of the public key is not required, but the authenticity of the public key is necessary to guarantee its integrity and to avoid spoofing and playback attacks. A user’s public key can be authenticated (signed) by a certificate authority that verifies that a public key belongs to a specific user. In this chapter, digital certificates, which are used to validate public keys, and certificate authorities are discussed. When public-key is used, it is necessary to have a comprehensive system that provides public key encryption and digital signature services to ensure confidentiality, access control, data integrity, authentication, and non-repudiation. That system, public-key infrastructure or PKI, is also discussed in this chapter.

Download Full-text

Be Careful Who You Trust: Issues with the Public Key Infrastructure

2014 Fifth Cybercrime and Trustworthy Computing Conference ◽

10.1109/ctc.2014.8 ◽

2014 ◽

Cited By ~ 1

Author(s):

Paul Black ◽

Robert Layton

Keyword(s):

Public Key Infrastructure ◽

Public Key ◽

The Public

Download Full-text

IMPLEMENTATION OF THE DIFFIE-HELLMAN PROTOCOL IN A CHANNEL UNLESS PROTECTED FROM INTERCEPT

Journal of the Ural Federal district Information security ◽

10.14529/secur200204 ◽

2020 ◽

pp. 24-28

Author(s):

T. Yu. Zyryanova ◽

◽

N. A. Raspopov ◽

Keyword(s):

Block Cipher ◽

Public Key Infrastructure ◽

Public Key ◽

Avalanche Effect ◽

The Public ◽

Diffie Hellman

This article discusses the implementation of the Diffie-Hellman protocol in an unprotected channel. The essence of this method is to use steganography to transmit the public key in an unsecured channel. The public key is encrypted using a block cipher and encoded into the pic-ture using the LSB method. The uniqueness of the picture and the impossibility of changing the key is ensured by the avalanche effect. The implementation of the Diffie-Hellman protocol in an insecure channel has long remained relevant, although there is a solution in the form of public key infrastructure, but in this article a new solution to this problem was proposed.

Download Full-text