The validity of the routing advertisements sent by one router to another is essential for Internet connectivity. To perform routing exchanges between Autonomous Systems (AS) on the Internet, a protocol known as the Border Gateway Protocol (BGP) is used. One of the most common attacks on routers running BGP is prefix hijacking. This attack aims to disrupt connections between AS and divert routing to destinations that are not appropriate for crimes, such as fraud and data breach. One of the methods developed to prevent prefix hijacking is the Resource Public Key Infrastructure (RPKI). RPKI is a public key infrastructure (PKI) developed for BGP routing security on the Internet and can be used by routers to validate routing advertisements sent by their BGP peers. RPKI utilizes a digital certificate issued by the Certification Authority (CA) to validate the subnet in a routing advertisement. This study aims to implement BGP and RPKI using the Bird Internet Routing Daemon (BIRD). Simulation and implementation are carried out using the GNS3 simulator and a server that acts as the RPKI validator. Experiments were conducted using 4 AS, 7 routers, 1 server for BIRD, and 1 server for validators, and there were 26 invalid or unknown subnets advertised by 2 routers in the simulated topology. The experiment results show that the router can successfully validated the routing advertisement received from its BGP peer using RPKI. All invalid and unknown subnets are not forwarded to other routers in the AS where they are located such that route hijacking is prevented.
Public Key Infrastructure (PKI) is the fundamental of secure digital communications. It provides a secure means to authenticate identities over the Internet. Symmetric or asymmetric encryption schemes are widely used in identity authentication in any kind of PKI. The conventional PKI has several drawbacks due to the centralized and non-transparent design. Several recent research works utilize blockchain technology to overcome the limitations of conventional implementations of PKI. Blockchain-based PKI integrates blockchain technology with PKI to form a new type of decentralized PKI (DPKI). Several works utilize the currency property in blockchains to implement the reward-and-punishment mechanism. In this paper, we propose a smart contract-based PKI which utilizes the Ethereum smart contract to build a new type of blockchain-based PKI with the reward-and-punishment mechanism using ERC-20 tokens. It has several advantages over previous implementations of similar research that use Ethereum’s main currency—Ether.
Certificate-based cryptosystem can not only resolve the private key escrow problem inherent in the identity-based cryptosystem but also reduce the cost of public key certificate management in the public key infrastructure-(PKI-) based cryptosystem. Provable data possession (PDP) can ensure the integrity of users’ data stored in the cloud at a very high probability. By combining these two concepts, we propose a certificate-based PDP scheme. We prove that our scheme is secure in the standard model assuming that the Squ-CDH problem is hard. Based on the index logic table, our scheme can be extended to support dynamic operations easily. Efficiency analysis shows that our scheme has high efficiency.
Public key infrastructure (PKI) plays a fundamental role in securing the infrastructure of the Internet through the certification of public keys used in asymmetric encryption. It is an industry standard used by both public and private entities that costs a lot of resources to maintain and secure. On the other hand, identity-based cryptography removes the need for certificates, which in turn lowers the cost. In this work, we present a practical implementation of a hybrid PKI that can issue new identity-based cryptographic keys for authentication purposes while bootstrapping trust with existing certificate authorities. We provide a set of utilities to generate and use such keys within the context of an identity-based environment as well as an external environment (i.e., without root trust to the private key generator). Key revocation is solved through our custom naming design which currently supports a few scenarios (e.g., expire by date, expire by year and valid for year). Our implementation offers a high degree of interoperability by incorporating X.509 standards into identity-based cryptography (IBC) compared to existing works on hybrid PKI–IBC systems. The utilities provided are minimalist and can be integrated with existing tools such as the Enterprise Java Bean Certified Authority (EJBCA).
In the modern era evaluation of networking and wireless networks has come in information and communication technology, there are so many things that give facility to deal with these technologies using the internet. In the internet email security is the main aspect and the process of cryptography plays an important role to provide security to the networks. To improve security and efficiency, most email systems adopt a mechanism to implement security, but public key infrastructure based systems suffer from expensive certificate management and problems in scalability. The main objective of this approach is awareness of email security and its requirements to the common computer users. A number of cryptographic techniques are developed for achieving secure communication. The proposed mailing system is secure against the standard security model.
Conventionally, public key certificates bind one subject with one static public key so that the subject can facilitate the services of the public key infrastructure (PKI). In PKI, certificates need to be renewed (or revoked) for several practical reasons, including certificate expiration, private key breaches, condition changes, and possible risk reduction. The certificate renewal process is very costly, especially for those environments where online authorities are not available or the connection is not reliable. A dynamic public key certificate (DPKC) facilitates the dynamic changeover of the current public–private key pairs without renewing the certificate authority (CA). This paper extends the previous study in several aspects: (1) we formally define the DPKC; (2) we formally define the security properties; (3) we propose another implementation of the Krawczyk–Rabin chameleon-hash-based DPKC; (4) we propose two variants of DPKC, using the Ateniese–Medeiros key-exposure-free chameleon hash; (5) we detail two application scenarios.