Implementasi BGP dan Resource Public Key Infrastructure menggunakan BIRD untuk Keamanan Routing

The validity of the routing advertisements sent by one router to another is essential for Internet connectivity. To perform routing exchanges between Autonomous Systems (AS) on the Internet, a protocol known as the Border Gateway Protocol (BGP) is used. One of the most common attacks on routers running BGP is prefix hijacking. This attack aims to disrupt connections between AS and divert routing to destinations that are not appropriate for crimes, such as fraud and data breach. One of the methods developed to prevent prefix hijacking is the Resource Public Key Infrastructure (RPKI). RPKI is a public key infrastructure (PKI) developed for BGP routing security on the Internet and can be used by routers to validate routing advertisements sent by their BGP peers. RPKI utilizes a digital certificate issued by the Certification Authority (CA) to validate the subnet in a routing advertisement. This study aims to implement BGP and RPKI using the Bird Internet Routing Daemon (BIRD). Simulation and implementation are carried out using the GNS3 simulator and a server that acts as the RPKI validator. Experiments were conducted using 4 AS, 7 routers, 1 server for BIRD, and 1 server for validators, and there were 26 invalid or unknown subnets advertised by 2 routers in the simulated topology. The experiment results show that the router can successfully validated the routing advertisement received from its BGP peer using RPKI. All invalid and unknown subnets are not forwarded to other routers in the AS where they are located such that route hijacking is prevented.

Download Full-text

Relieve Internet Routing Security of Public Key Infrastructure

2012 21st International Conference on Computer Communications and Networks (ICCCN) ◽

10.1109/icccn.2012.6289235 ◽

2012 ◽

Author(s):

Luigi V. Mancini ◽

Angelo Spognardi ◽

Claudio Soriente ◽

Antonio Villani ◽

Domenico Vitali

Keyword(s):

Public Key Infrastructure ◽

Public Key ◽

Internet Routing ◽

Routing Security

Download Full-text

Comparação entre produtos e serviços oferecidos pelas Autoridades Certificadoras

RDBCI Revista Digital de Biblioteconomia e Ciência da Informação ◽

10.20396/rdbci.v13i2.2120 ◽

2015 ◽

Vol 13 (2) ◽

pp. 366

Author(s):

Wagner Junqueira de Araújo ◽

Yasmin Brito de Lemos Vieira

Keyword(s):

Information Management ◽

Document Analysis ◽

Public Key Infrastructure ◽

Digital Certificate ◽

Public Key ◽

Certification Authority ◽

Certification Process ◽

Social Connectivity ◽

Digital Documents ◽

The World

Com a utilização dos documentos em formato digital, foi necessário desenvolver tecnologias que garantissem a autenticação e o sigilo destes. Uma das tecnologias que habilitam tais características nos documentos digitais é a certificação digital que, por sua vez, é oferecida pelas autoridades certificadoras (ACs). Esta comunicação descreve resultado de pesquisa que teve como objetivo identificar e comparar os produtos e serviços oferecidos por diferentes autoridades certificadoras distribuídas pelo mundo. Descreve as estruturas das Autoridades Certificadoras (ACs) e seu papel no processo de certificação digital, como a responsável pela emissão dos certificados e as Autoridades de Registro que verificam a autenticidade das informações contidas no certificado. Apresenta os tipos de ACs e quais as principais Autoridades Certificadoras do Brasil, credenciadas pela Infraestrutura de Chaves Públicas Brasileira (ICP-Brasil). Trata-se de uma pesquisa qualitativa, que utilizou a análise documental como método para coleta e análise de conteúdo para tabulação e análise. A amostra foi composta por quarenta e quatro ACs, distribuídas em doze países. Como resultado, são apresentados dois quadros, que indicam os produtos de certificação digital prestados pelas ACs no Brasil e pelas internacionais. Faz uma descrição dos produtos e serviços por elas oferecidos, e o detalhamento e a aplicação de cada um. Verificou-se que os produtos e serviços oferecidos são similares entre as ACs mundo a fora e no Brasil, as diferenças estão nos certificados emitidos para finalidades específicas, como os que foram criados para atender serviços como o e-CPF, e-CNPJ, Conectividade Social, etc.Abstract With the use of digital documents, it was necessary to develop technologies that would guarantee the authentication and the confidentiality of these. One technology that enables such features in digital documents are the digital certification that, in turn, offered by certification authorities (CAs). This paper describes results of research that aimed to identify and compare the products and services offered by different certificate authorities distributed around the world. Describes the structures of Certification Authorities (CAs) and its role in digital certification process, as responsible for the issuance of licenses and registration authorities that verify the authenticity of the information contained in the certificate. Presents the types of CAs and what are the mains Certification Authorities in Brazil, accredited by the Brazilian Public Key Infrastructure (PKI-Brazil). A qualitative study used the document analysis as a method for collection and content analysis for tabulation and analysis. The sample consisted of forty-four ACs, distributed in twelve countries. As a result, there are two tables, which show the digital certification of products provided by CAs in Brazil and international. Makes a description of products and services offered by them, and the detailing and the application of each. Was verified that the products and services offered are similar among CAs outside and inside, the differences are the certificates issued for specific purposes, such as those created in Brazil to attend services with e-CPF, e-CNPJ, Social Connectivity, etc.KeywordsSecurity Information Management. Certification Authority. Digital certificate. Digital certification services.

Download Full-text

Associative Blockchain for Decentralized PKI Transparency

Cryptography ◽

10.3390/cryptography5020014 ◽

2021 ◽

Vol 5 (2) ◽

pp. 14

Author(s):

Xavier Boyen ◽

Udyani Herath ◽

Matthew McKague ◽

Douglas Stebila

Keyword(s):

Formal Analysis ◽

Fraud Detection ◽

Public Key Infrastructure ◽

Public Key ◽

The Internet ◽

Security Model ◽

User Adoption ◽

Browser Extension ◽

History Of ◽

Client Side

The conventional public key infrastructure (PKI) model, which powers most of the Internet, suffers from an excess of trust into certificate authorities (CAs), compounded by a lack of transparency which makes it vulnerable to hard-to-detect targeted stealth impersonation attacks. Existing approaches to make certificate issuance more transparent, including ones based on blockchains, are still somewhat centralized. We present decentralized PKI transparency (DPKIT): a decentralized client-based approach to enforcing transparency in certificate issuance and revocation while eliminating single points of failure. DPKIT efficiently leverages an existing blockchain to realize an append-only, distributed associative array, which allows anyone (or their browser) to audit and update the history of all publicly issued certificates and revocations for any domain. Our technical contributions include definitions for append-only associative ledgers, a security model for certificate transparency, and a formal analysis of our DPKIT construction with respect to the same. Intended as a client-side browser extension, DPKIT will be effective at fraud detection and prosecution, even under fledgling user adoption, and with better coverage and privacy than federated observatories, such as Google’s or the Electronic Frontier Foundation’s.

Download Full-text

Developing a Public Key Infrastructure for a Secure Regional e-Health Environment

Methods of Information in Medicine ◽

10.1055/s-0038-1634371 ◽

2002 ◽

Vol 41 (05) ◽

pp. 414-418 ◽

Cited By ~ 6

Author(s):

I. Mavridis ◽

C. Ilioudis ◽

C. Georgiadis ◽

G. Pangalos

Keyword(s):

Health Information ◽

Low Cost ◽

Public Key Cryptography ◽

Public Key Infrastructure ◽

University Hospital ◽

Public Key ◽

The Internet ◽

Regional Health ◽

Internet Applications ◽

Regional Health Care

Summary Objectives: Internet technologies provide an attractive infrastructure for efficient and low cost communications in regional health information networks. The advantages provided by the Internet come however with a significantly greater element of risk to the confidentiality and integrity of information. This is because the Internet has been designed primarily to optimize information sharing and interoperability, not security. The main objective of this paper is to propose the exploitation of public-key cryptography techniques to provide adequate security to enable secure healthcare Internet applications. Methods: Public-key cryptography techniques can provide the needed security infrastructure in regional health networks. In the regional health-care security framework presented in this paper, we propose the use of state-of-art Public Key Infrastructure (PKI) technology. Such an e-Health PKI consists of regional certification authorities that are implemented within the central hospitals of each region and provide their services to the rest of the healthcare establishments of the same region. Results: Significant experience in this area has been gained from the implementation of the PKI@AUTH project. Conclusions: The developed PKI infrastructure already successfully provides its security services to the AHEPA university hospital. The same infrastructure is designed to easily support a number of hospitals participating in a regional health information network.

Download Full-text

Public Key Infrastructure: Using the Internet as a Virtual Private Network

Internet Management ◽

10.1201/b12445-28 ◽

1999 ◽

pp. 216-224

Keyword(s):

Virtual Private Network ◽

Public Key Infrastructure ◽

Public Key ◽

The Internet ◽

Private Network

Download Full-text

PKI4IoT: Towards public key infrastructure for the Internet of Things

Computers & Security ◽

10.1016/j.cose.2019.101658 ◽

2020 ◽

Vol 89 ◽

pp. 101658 ◽

Cited By ~ 4

Author(s):

Joel Höglund ◽

Samuel Lindemer ◽

Martin Furuhed ◽

Shahid Raza

Keyword(s):

Internet Of Things ◽

Public Key Infrastructure ◽

Public Key ◽

The Internet ◽

The Internet Of Things

Download Full-text

Trust Management for Public Key Infrastructures: Implementing the X.509 Trust Broker

Security and Communication Networks ◽

10.1155/2017/6907146 ◽

2017 ◽

Vol 2017 ◽

pp. 1-23 ◽

Cited By ~ 2

Author(s):

Ahmad Samer Wazan ◽

Romain Laborde ◽

David W. Chadwick ◽

Francois Barrere ◽

Abdelmalek Benzekri ◽

...

Keyword(s):

Trust Management ◽

Trust Model ◽

Third Party ◽

Public Key ◽

The Internet ◽

Certification Authority ◽

Policies And Procedures ◽

Implementation Approach ◽

Processing Resources

A Public Key Infrastructure (PKI) is considered one of the most important techniques used to propagate trust in authentication over the Internet. This technology is based on a trust model defined by the original X.509 (1988) standard and is composed of three entities: the certification authority (CA), the certificate holder (or subject), and the Relying Party (RP). The CA plays the role of a trusted third party between the certificate holder and the RP. In many use cases, this trust model has worked successfully. However, we argue that the application of this model on the Internet implies that web users need to depend on almost anyone in the world in order to use PKI technology. Thus, we believe that the current TLS system is not fit for purpose and must be revisited as a whole. In response, the latest draft edition of X.509 has proposed a new trust model by adding new entity called the Trust Broker (TB). In this paper, we present an implementation approach that a Trust Broker could follow in order to give RPs trust information about a CA by assessing the quality of its issued certificates. This is related to the quality of the CA’s policies and procedures and its commitment to them. Finally, we present our Trust Broker implementation that demonstrates how RPs can make informed decisions about certificate holders in the context of the global web, without requiring large processing resources themselves.

Download Full-text

Reducing convergence time along with improvement in path service quality of border gateway protocol

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i2.31.13441 ◽

2018 ◽

Vol 7 (2.31) ◽

pp. 203

Author(s):

Arushi Agarwal ◽

Ayushi Pandey

Keyword(s):

Quality Of Service ◽

Service Quality ◽

Routing Protocol ◽

Autonomous Systems ◽

Border Gateway Protocol ◽

Convergence Time ◽

The Internet ◽

Bgp Routing

Border Gateway Protocol (BGP) is an exterior gateway routing protocol used between various autonomous systems across the internet. BGP helps in selecting the best route for the transmission of data among the users. The transmission policy followed by BGP should be such that it should increase BGP routing performances. This work aims to reduce the convergence time of the network with the improvement of QOS (Quality of Service) in the routing of Border Gateway Protocol. Our results show that we can obtain a reduced framework environment which has a best routing path with better energy and quality, along with reduction in convergence time.

Download Full-text