scholarly journals Cross-heterogeneous Domain Authentication Scheme Based on Blockchain

2021 ◽  
Author(s):  
Jing Liu ◽  
Yixin Liu ◽  
Yingxu Lai ◽  
Rongchen Li ◽  
Siyu Wu ◽  
...  
Keyword(s):  
Authentication Protocol ◽  
Public Key Infrastructure ◽  
Authentication Scheme ◽  
Public Key ◽  
The Internet ◽  
Blockchain Technology ◽  
Cross Domain ◽  
Identity Based ◽  
Development Of Identity ◽  
Big Data Technology

With the rising popularity of the Internet and the development of big data technology, an increasing number of organizations are opting to cooperate across domains to maximize their benefits. Most organizations use public key infrastructure to ensure security in accessing their data and applications. However, with the continuous development of identity-based encryption (IBE) technology, small- and medium-sized enterprises are increasingly using IBE to deploy internal authentication systems. To solve the problems that arise when crossing heterogeneous authentication domains and to guarantee the security of the certification process, we propose using blockchain technology to establish a reliable cross-domain authentication scheme. Using the distributed and tamper-resistant characteristics of the blockchain, we design a cross-domain authentication model based on blockchain to guarantee the security of the heterogeneous authentication process and present a cross-domain authentication protocol based on blockchain. This model does not change the internal trust structure of each authentication domain and is highly scalable. Furthermore, on the premise of ensuring security, the process of verifying the signature of the root certificate in the traditional cross-domain authentication protocol is improved to verify the hash value of the root certificate, thereby improving the authentication efficiency. The developed prototype exhibits generality and simplicity compared to previous methods.

scholarly journals IRBA: An Identity-Based Cross-Domain Authentication Scheme for the Internet of Things

Electronics ◽  
2020 ◽  
Vol 9 (4) ◽  
pp. 634 ◽  
Author(s):  
Xudong Jia ◽  
Ning Hu ◽  
Shen Su ◽  
Shi Yin ◽  
Yan Zhao ◽  
...  
Keyword(s):  
Internet Of Things ◽  
Single Point ◽  
Authentication Scheme ◽  
Third Party ◽  
The Internet ◽  
Cross Domain ◽  
Application Systems ◽  
Identity Based ◽  
Internet Of Things Technology ◽  
The Internet Of Things

The incredible development of Internet of things technology promotes the integration of application systems, which enable people to enjoy the convenience of multiple application services through a single intelligent device or terminal. In order to implement value exchange and information sharing between different applications, cross-domain access is inevitable. In order to prevent illegal access, identity authentication is necessary before the terminal accesses the service. Because of the need to introduce a trusted third party, the traditional centralized authentication model not only destroys the autonomy and flexibility of the application system, but also causes issues such as single point of failure and hidden dangers of unilateral control. This paper proposes an identity-based cross-domain authentication scheme for the Internet of Things. This scheme uses the Blockchain as a decentralized trust anchor instead of the traditional certificate of authority, and uses the identity-based self-authentication algorithm to replace the traditional PKI authentication algorithm. The scheme proposed in this paper implements a decentralized authentication model, which can guarantee the autonomy and initiative of the security domain.

scholarly journals Associative Blockchain for Decentralized PKI Transparency

Cryptography ◽  
2021 ◽  
Vol 5 (2) ◽  
pp. 14
Author(s):  
Xavier Boyen ◽  
Udyani Herath ◽  
Matthew McKague ◽  
Douglas Stebila
Keyword(s):  
Formal Analysis ◽  
Fraud Detection ◽  
Public Key Infrastructure ◽  
Public Key ◽  
The Internet ◽  
Security Model ◽  
User Adoption ◽  
Browser Extension ◽  
History Of ◽  
Client Side

The conventional public key infrastructure (PKI) model, which powers most of the Internet, suffers from an excess of trust into certificate authorities (CAs), compounded by a lack of transparency which makes it vulnerable to hard-to-detect targeted stealth impersonation attacks. Existing approaches to make certificate issuance more transparent, including ones based on blockchains, are still somewhat centralized. We present decentralized PKI transparency (DPKIT): a decentralized client-based approach to enforcing transparency in certificate issuance and revocation while eliminating single points of failure. DPKIT efficiently leverages an existing blockchain to realize an append-only, distributed associative array, which allows anyone (or their browser) to audit and update the history of all publicly issued certificates and revocations for any domain. Our technical contributions include definitions for append-only associative ledgers, a security model for certificate transparency, and a formal analysis of our DPKIT construction with respect to the same. Intended as a client-side browser extension, DPKIT will be effective at fraud detection and prosecution, even under fledgling user adoption, and with better coverage and privacy than federated observatories, such as Google’s or the Electronic Frontier Foundation’s.

Developing a Public Key Infrastructure for a Secure Regional e-Health Environment

2002 ◽  
Vol 41 (05) ◽  
pp. 414-418 ◽  
Author(s):  
I. Mavridis ◽  
C. Ilioudis ◽  
C. Georgiadis ◽  
G. Pangalos
Keyword(s):  
Health Information ◽  
Low Cost ◽  
Public Key Cryptography ◽  
Public Key Infrastructure ◽  
University Hospital ◽  
Public Key ◽  
The Internet ◽  
Regional Health ◽  
Internet Applications ◽  
Regional Health Care

Summary Objectives: Internet technologies provide an attractive infrastructure for efficient and low cost communications in regional health information networks. The advantages provided by the Internet come however with a significantly greater element of risk to the confidentiality and integrity of information. This is because the Internet has been designed primarily to optimize information sharing and interoperability, not security. The main objective of this paper is to propose the exploitation of public-key cryptography techniques to provide adequate security to enable secure healthcare Internet applications. Methods: Public-key cryptography techniques can provide the needed security infrastructure in regional health networks. In the regional health-care security framework presented in this paper, we propose the use of state-of-art Public Key Infrastructure (PKI) technology. Such an e-Health PKI consists of regional certification authorities that are implemented within the central hospitals of each region and provide their services to the rest of the healthcare establishments of the same region. Results: Significant experience in this area has been gained from the implementation of the PKI@AUTH project. Conclusions: The developed PKI infrastructure already successfully provides its security services to the AHEPA university hospital. The same infrastructure is designed to easily support a number of hospitals participating in a regional health information network.

Implementasi BGP dan Resource Public Key Infrastructure menggunakan BIRD untuk Keamanan Routing

2021 ◽  
Vol 5 (6) ◽  
pp. 1161-1170
Author(s):  
Valen Brata Pranaya ◽  
Theophilus Wellem
Keyword(s):  
Autonomous Systems ◽  
Public Key Infrastructure ◽  
Digital Certificate ◽  
Public Key ◽  
The Internet ◽  
Certification Authority ◽  
Internet Routing ◽  
Internet Connectivity ◽  
Routing Security ◽  
Bgp Routing

The validity of the routing advertisements sent by one router to another is essential for Internet connectivity. To perform routing exchanges between Autonomous Systems (AS) on the Internet, a protocol known as the Border Gateway Protocol (BGP) is used. One of the most common attacks on routers running BGP is prefix hijacking. This attack aims to disrupt connections between AS and divert routing to destinations that are not appropriate for crimes, such as fraud and data breach. One of the methods developed to prevent prefix hijacking is the Resource Public Key Infrastructure (RPKI). RPKI is a public key infrastructure (PKI) developed for BGP routing security on the Internet and can be used by routers to validate routing advertisements sent by their BGP peers. RPKI utilizes a digital certificate issued by the Certification Authority (CA) to validate the subnet in a routing advertisement. This study aims to implement BGP and RPKI using the Bird Internet Routing Daemon (BIRD). Simulation and implementation are carried out using the GNS3 simulator and a server that acts as the RPKI validator. Experiments were conducted using 4 AS, 7 routers, 1 server for BIRD, and 1 server for validators, and there were 26 invalid or unknown subnets advertised by 2 routers in the simulated topology. The experiment results show that the router can successfully validated the routing advertisement received from its BGP peer using RPKI. All invalid and unknown subnets are not forwarded to other routers in the AS where they are located such that route hijacking is prevented.  

Cloud-Centric Blockchain Public Key Infrastructure for Big Data Applications

2020 ◽  
pp. 125-140
Author(s):  
Brian Tuan Khieu ◽  
Melody Moh
Keyword(s):  
Big Data ◽  
Data Storage ◽  
Public Key Infrastructure ◽  
Public Key ◽  
Cloud Provider ◽  
Smart Contracts ◽  
Security Measures ◽  
Certificate Authority ◽  
Blockchain Technology ◽  
Attack Surface

A cloud-based public key infrastructure (PKI) utilizing blockchain technology is proposed. Big data ecosystems have scalable and resilient needs that current PKI cannot satisfy. Enhancements include using blockchains to establish persistent access to certificate data and certificate revocation lists, decoupling of data from certificate authority, and hosting it on a cloud provider to tap into its traffic security measures. Instead of holding data within the transaction data fields, certificate data and status were embedded into smart contracts. The tests revealed a significant performance increase over that of both traditional and the version that stored data within blocks. The proposed method reduced the mining data size, and lowered the mining time to 6.6% of the time used for the block data storage method. Also, the mining gas cost per certificate was consequently cut by 87%. In summary, completely decoupling the certificate authority portion of a PKI and storing certificate data inside smart contracts yields a sizable performance boost while decreasing the attack surface.

scholarly journals PKI4IoT: Towards public key infrastructure for the Internet of Things

2020 ◽  
Vol 89 ◽  
pp. 101658 ◽  
Author(s):  
Joel Höglund ◽  
Samuel Lindemer ◽  
Martin Furuhed ◽  
Shahid Raza
Keyword(s):  
Internet Of Things ◽  
Public Key Infrastructure ◽  
Public Key ◽  
The Internet ◽  
The Internet Of Things

Attribute-Based Authentication Protocol of the Internet of Things

2013 ◽  
Vol 765-767 ◽  
pp. 1726-1729
Author(s):  
Yan Bing Liu ◽  
Wen Jing Ren
Keyword(s):  
Internet Of Things ◽  
Authentication Protocol ◽  
Security And Privacy ◽  
The Internet ◽  
Security Level ◽  
The Public ◽  
The Core ◽  
Attribute Based Encryption ◽  
Identity Based ◽  
The Internet Of Things

Security and privacy is always the most important issues by the public in the Internet of Things. The core problems are associated with the diversifying of the Internet towards an Internet of things, and the different requirements to the security level for application. Therefore, this paper is to put forward an authentication model and protocol to cope with the problem. The protocol is adopted with attribute-based encryption to replace the traditional identity-based encryption (IBE), and then make formalization analysis to the security of the protocol by using BAN logic.

Sign in / Sign up

Export Citation Format

Share Document