Associative Blockchain for Decentralized PKI Transparency

The conventional public key infrastructure (PKI) model, which powers most of the Internet, suffers from an excess of trust into certificate authorities (CAs), compounded by a lack of transparency which makes it vulnerable to hard-to-detect targeted stealth impersonation attacks. Existing approaches to make certificate issuance more transparent, including ones based on blockchains, are still somewhat centralized. We present decentralized PKI transparency (DPKIT): a decentralized client-based approach to enforcing transparency in certificate issuance and revocation while eliminating single points of failure. DPKIT efficiently leverages an existing blockchain to realize an append-only, distributed associative array, which allows anyone (or their browser) to audit and update the history of all publicly issued certificates and revocations for any domain. Our technical contributions include definitions for append-only associative ledgers, a security model for certificate transparency, and a formal analysis of our DPKIT construction with respect to the same. Intended as a client-side browser extension, DPKIT will be effective at fraud detection and prosecution, even under fledgling user adoption, and with better coverage and privacy than federated observatories, such as Google’s or the Electronic Frontier Foundation’s.

Download Full-text

Developing a Public Key Infrastructure for a Secure Regional e-Health Environment

Methods of Information in Medicine ◽

10.1055/s-0038-1634371 ◽

2002 ◽

Vol 41 (05) ◽

pp. 414-418 ◽

Cited By ~ 6

Author(s):

I. Mavridis ◽

C. Ilioudis ◽

C. Georgiadis ◽

G. Pangalos

Keyword(s):

Health Information ◽

Low Cost ◽

Public Key Cryptography ◽

Public Key Infrastructure ◽

University Hospital ◽

Public Key ◽

The Internet ◽

Regional Health ◽

Internet Applications ◽

Regional Health Care

Summary Objectives: Internet technologies provide an attractive infrastructure for efficient and low cost communications in regional health information networks. The advantages provided by the Internet come however with a significantly greater element of risk to the confidentiality and integrity of information. This is because the Internet has been designed primarily to optimize information sharing and interoperability, not security. The main objective of this paper is to propose the exploitation of public-key cryptography techniques to provide adequate security to enable secure healthcare Internet applications. Methods: Public-key cryptography techniques can provide the needed security infrastructure in regional health networks. In the regional health-care security framework presented in this paper, we propose the use of state-of-art Public Key Infrastructure (PKI) technology. Such an e-Health PKI consists of regional certification authorities that are implemented within the central hospitals of each region and provide their services to the rest of the healthcare establishments of the same region. Results: Significant experience in this area has been gained from the implementation of the PKI@AUTH project. Conclusions: The developed PKI infrastructure already successfully provides its security services to the AHEPA university hospital. The same infrastructure is designed to easily support a number of hospitals participating in a regional health information network.

Download Full-text

Public Key Infrastructure: Using the Internet as a Virtual Private Network

Internet Management ◽

10.1201/b12445-28 ◽

1999 ◽

pp. 216-224

Keyword(s):

Virtual Private Network ◽

Public Key Infrastructure ◽

Public Key ◽

The Internet ◽

Private Network

Download Full-text

Implementasi BGP dan Resource Public Key Infrastructure menggunakan BIRD untuk Keamanan Routing

Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi) ◽

10.29207/resti.v5i6.3631 ◽

2021 ◽

Vol 5 (6) ◽

pp. 1161-1170

Author(s):

Valen Brata Pranaya ◽

Theophilus Wellem

Keyword(s):

Autonomous Systems ◽

Public Key Infrastructure ◽

Digital Certificate ◽

Public Key ◽

The Internet ◽

Certification Authority ◽

Internet Routing ◽

Internet Connectivity ◽

Routing Security ◽

Bgp Routing

The validity of the routing advertisements sent by one router to another is essential for Internet connectivity. To perform routing exchanges between Autonomous Systems (AS) on the Internet, a protocol known as the Border Gateway Protocol (BGP) is used. One of the most common attacks on routers running BGP is prefix hijacking. This attack aims to disrupt connections between AS and divert routing to destinations that are not appropriate for crimes, such as fraud and data breach. One of the methods developed to prevent prefix hijacking is the Resource Public Key Infrastructure (RPKI). RPKI is a public key infrastructure (PKI) developed for BGP routing security on the Internet and can be used by routers to validate routing advertisements sent by their BGP peers. RPKI utilizes a digital certificate issued by the Certification Authority (CA) to validate the subnet in a routing advertisement. This study aims to implement BGP and RPKI using the Bird Internet Routing Daemon (BIRD). Simulation and implementation are carried out using the GNS3 simulator and a server that acts as the RPKI validator. Experiments were conducted using 4 AS, 7 routers, 1 server for BIRD, and 1 server for validators, and there were 26 invalid or unknown subnets advertised by 2 routers in the simulated topology. The experiment results show that the router can successfully validated the routing advertisement received from its BGP peer using RPKI. All invalid and unknown subnets are not forwarded to other routers in the AS where they are located such that route hijacking is prevented.

Download Full-text

PKI4IoT: Towards public key infrastructure for the Internet of Things

Computers & Security ◽

10.1016/j.cose.2019.101658 ◽

2020 ◽

Vol 89 ◽

pp. 101658 ◽

Cited By ~ 4

Author(s):

Joel Höglund ◽

Samuel Lindemer ◽

Martin Furuhed ◽

Shahid Raza

Keyword(s):

Internet Of Things ◽

Public Key Infrastructure ◽

Public Key ◽

The Internet ◽

The Internet Of Things

Download Full-text

Design and Implementation of the Internet Real-Name Authentication System Based on Public Key Infrastructure

2010 International Conference on Management and Service Science ◽

10.1109/icmss.2010.5578416 ◽

2010 ◽

Cited By ~ 2

Author(s):

Weixiong Hu ◽

Jieju Chang

Keyword(s):

Public Key Infrastructure ◽

Public Key ◽

The Internet ◽

Design And Implementation ◽

Authentication System

Download Full-text

Profiles and protocols for the Internet Public-Key Infrastructure

Proceedings of the Sixth IEEE Computer Society Workshop on Future Trends of Distributed Computing Systems ◽

10.1109/ftdcs.1997.644729 ◽

2002 ◽

Cited By ~ 2

Author(s):

C. Admas ◽

S. Lloyd

Keyword(s):

Public Key Infrastructure ◽

Public Key ◽

The Internet

Download Full-text

A Survey of Distributed Certificate Authorities in MANETs

Annals of Emerging Technologies in Computing ◽

10.33166/aetic.2018.03.002 ◽

2018 ◽

Vol 2 (3) ◽

pp. 11-18 ◽

Cited By ~ 5

Author(s):

Junaid Chaudhry ◽

Kashif Saleem ◽

Paul Haskell-Dowland ◽

Mahdi H. Miraz

Keyword(s):

Ad Hoc ◽

Public Key Infrastructure ◽

Public Key ◽

The Internet ◽

Certificate Authority ◽

Security Services ◽

Wired Networks ◽

Different Types ◽

Hoc Networks ◽

Authentication And Security

A Certificate Authority (CA) provides the critical authentication and security services for Public Key Infrastructure (PKI) which are used for the Internet and wired networks. In MANETs (wireless and ad hoc) there is an inability to offer a centralized CA to provide these security services. Recent research has looked to facilitate the use of CAs within MANETs through the use of a Distributed Certificate Authority (DCA) for wireless and ad hoc networks. This paper presents a number of different types of DCA protocols and categorizes them into groups based on their factors and specifications. The paper concludes by proposing the best DCA security services in terms of performance and level of security

Download Full-text

Public Key Infrastructure

IT Policy and Ethics ◽

10.4018/978-1-4666-2919-6.ch007 ◽

2013 ◽

pp. 126-147

Author(s):

Reed H. Petty ◽

Jiang Bian ◽

Remzi Seker

Keyword(s):

Subject Matter ◽

Rapid Growth ◽

Public Key Cryptography ◽

Public Key Infrastructure ◽

Public Key ◽

The Internet ◽

Broad Subject ◽

High Level ◽

E Mail

Electronic forms of communications are becoming increasingly pervasive. The Internet links not only senders and receivers of e-mail, but also consumers to suppliers, businesses to businesses, citizens to governments, and so forth. The potential for communications to be intercepted, hijacked, emulated, or otherwise manipulated for nefarious purposes is an area of grave concern. The security of message traffic relies heavily upon encryption. Encryption relies upon keys. Public key infrastructure (PKI) addresses keys – how they are used, how they are exchanged, and how they are validated. Furthermore, public key cryptography provides confidentiality, integrity, authentication, and non-repudiation. In general, PKI is a broad subject matter and is constantly evolving to meet the rapid growth in today’s information world. This chapter is intended to reveal the mystery, and perhaps misconceptions, of the PKI as well as offering readers a broad high-level view of the PKI.

Download Full-text