Accountable key infrastructure (AKI)

Kim, Tiffany Hyun-Jin; Huang, Lin-Shung; Perrig, Adrian; Jackson, Collin; Gligor, Virgil D.

doi:10.1145/2488388.2488448

Cited by 79 publications

(25 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this paradigm, certifications are included in append-only log structures: the log maintainer is able to prove that a specific certificate is present into the structure, and that each new added certificate has only extended the previous structure. The Accountable Key Infrastructure [16] exploits public-logs for the certificate management and distributes the trust between several entities. In [25], the authors provide a solution combining public revocation and a more largely distributed trust (using users' browsers) with the Certificate Issuance and Revocation Transparency.…”

Section: State Of the Artmentioning

confidence: 99%

LocalPKI: An Interoperable and IoT Friendly PKI

Dumas¹,

Lafourcade²,

Melemedjian³

et al. 2019

E-Business and Telecommunications

View full text Add to dashboard Cite

A public-key infrastructure (PKI) binds public keys to identities of entities. Usually, this binding is established through a process of registration and issuance of certificates by a certificate authority (CA) where the validation of the registration is performed by a registration authority. In this paper, we propose an alternative scheme, called LOCALPKI, where the binding is performed by a local authority and the issuance is left to the end user or to the local authority. The role of a third entity is then to register this binding and to provide up-to-date status information on this registration. The idea is that many more local actors could then take the role of a local authority, thus allowing for an easier spread of public-key certificates in the population. Moreover, LOCALPKI represents also an appropriate solution to be deployed in the Internet of Things context. Our scheme's security is formally proven with the help of Tamarin, an automatic verification tool for cryptographic protocols.

show abstract

Section: State Of the Artmentioning

confidence: 99%

LocalPKI: An Interoperable and IoT Friendly PKI

Dumas¹,

Lafourcade²,

Melemedjian³

et al. 2019

E-Business and Telecommunications

View full text Add to dashboard Cite

show abstract

“…In this model, the security of PKI depends on the trustworthiness and security of the CAs, but their attested certificates cannot protect clients from the compromise of CAs themselves. The major weakness lies in the fact that a browser/operating system stores hundreds of CAs' certificates that are trusted to carry out authentication 4 . The security of clients in the current PKI depends on a single key of the CA, prone to theft or loss 4,5 .…”

Section: Introductionmentioning

confidence: 99%

“…The major weakness lies in the fact that a browser/operating system stores hundreds of CAs' certificates that are trusted to carry out authentication 4 . The security of clients in the current PKI depends on a single key of the CA, prone to theft or loss 4,5 . If a single CA is corrupted, it can maliciously issue a TLS certificate for any domain that is protected by any one of the other CAs, highlighting the idea of single‐point‐of‐failure and weakest link security 4 .…”

Section: Introductionmentioning

confidence: 99%

“…The security of clients in the current PKI depends on a single key of the CA, prone to theft or loss 4,5 . If a single CA is corrupted, it can maliciously issue a TLS certificate for any domain that is protected by any one of the other CAs, highlighting the idea of single‐point‐of‐failure and weakest link security 4 . A maliciously issued false but valid certificate for a website can be utilized by an intruder to mount impersonation attacks on clients' connections to that website 4 .…”

Section: Introductionmentioning

confidence: 99%

“…If a single CA is corrupted, it can maliciously issue a TLS certificate for any domain that is protected by any one of the other CAs, highlighting the idea of single‐point‐of‐failure and weakest link security 4 . A maliciously issued false but valid certificate for a website can be utilized by an intruder to mount impersonation attacks on clients' connections to that website 4 . To highlight the vast SSL/TLS world in which the weakest link security could transpire, EFF's Observatory points out that Internet Explorer and Mozilla Firefox blindly trusts 1480 various CAs certificates 6…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

SCM: Secure and accountable TLS certificate management

Khan

Zhang

Zhu

et al. 2020

Int J Communication

View full text Add to dashboard Cite

Summary In classical public‐key infrastructure (PKI), the certificate authorities (CAs) are fully trusted, and the security of the PKI relies on the trustworthiness of the CAs. However, recent failures and compromises of CAs showed that if a CA is corrupted, fake certificates may be issued, and the security of clients will be at risk. As emerging solutions, blockchain‐ and log‐based PKI proposals potentially solved the shortcomings of the PKI, in particular, eliminating the weakest link security and providing a rapid remedy to CAs' problems. Nevertheless, log‐based PKIs are still exposed to split‐world attacks if the attacker is capable of presenting two distinct signed versions of the log to the targeted victim(s), while the blockchain‐based PKIs have scaling and high‐cost issues to be overcome. To address these problems, this paper presents a secure and accountable transport layer security (TLS) certificate management (SCM), which is a next‐generation PKI framework. It combines the two emerging architectures, introducing novel mechanisms, and makes CAs and log servers accountable to domain owners. In SCM, CA‐signed domain certificates are stored in log servers, while the management of CAs and log servers is handed over to a group of domain owners, which is conducted on the blockchain platform. Different from existing blockchain‐based PKI proposals, SCM decreases the storage cost of blockchain from several hundreds of GB to only hundreds of megabytes. Finally, we analyze the security and performance of SCM and compare SCM with previous blockchain‐ and log‐based PKI schemes.

show abstract

Smart contract assisted blockchain based public key infrastructure system

Panigrahi

Nayak

Paul

2022

Trans Emerging Tel Tech

View full text Add to dashboard Cite

Public key infrastructure (PKI) is a reliable solution for Internet communication. PKI finds applications in secure email, virtual private network (VPN), e‐commerce, e‐governance, and so on. It provides a secure mechanism to authenticate users and communications. The conventional PKI system is centralized, which exposes the infrastructure to many security issues. The digital certificate generation and validation processes in PKI suffer from high latency and inadequate authentication processes. Moreover, it needs enormous time and effort to mitigate the malfeasance of the certificate authority (CA). The complexity of employing the traditional key and certificate management increases by enforcing the centralized CA$$ CA $$, which can compromise the transaction security. To overcome the aforementioned issues of PKI, three different solutions have been reported in the literature: Log based PKI (LBPKI), Web of Trust (WoT), and blockchain based PKI. The blockchain based PKI achieves more attention as it is the combination of LBPKI and WoT, which serves distributed trust, log of transactions, and constant sized data to verify the identity of users. Motivated by these facts, this article reports a blockchain‐based PKI system which has a lighter smart contract and less storage capacity and is also suitable for lightweight applications. The lighter smart contract in our infrastructure uses a threshold0.3emvalue$$ threshold\kern0.3em value $$, which validates the limit of one participating node for becoming the CA$$ CA $$ of any transaction inside the network. This approach can prevent distributed denial of service (DDoS) attacks. This smart contract also checks the signer node address. The proposed smart contract can prevent seven cyber attacks, such as Denial of Service (DoS), Man in the Middle Attack (MITM), Distributed Denial of Service (DDoS), 51%, Injection attacks, Routing Attack, and Eclipse attack. The Delegated Proof of Stake (DPoS) consensus algorithm used in this model reduces the number of validators for each transaction which makes it suitable for lightweight applications. The timing complexity of key/certificate validation and signature/certificate revocation processes do not depend on the number of transactions. The comparisons of various timing parameters with existing solutions show that the proposed PKI is competitively better.

show abstract

Accountable key infrastructure (AKI)

Cited by 79 publications

References 8 publications

LocalPKI: An Interoperable and IoT Friendly PKI

LocalPKI: An Interoperable and IoT Friendly PKI

SCM: Secure and accountable TLS certificate management

Smart contract assisted blockchain based public key infrastructure system

Contact Info

Product

Resources

About