Authentication Challenges in a Global Environment

Matsumoto, Stephanos; Reischuk, Raphael M.; Szałachowski, Paweł; Kim, Tiffany Hyun-Jin; Perrig, Adrian

doi:10.1145/3007208

Cited by 11 publications

(7 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Matsumoto et al [26] proposed two important properties: scoped authority and global authentication. These properties enable EEs who trust each other to communicate even if they are located in separate domains.…”

Section: A Main Principlementioning

confidence: 99%

“…In [26], the domains can represent groups of various scales, such as companies, conglomerates, or countries, but overconcentration of trust will occur in groups where PKI systems are built using the hierarchical model. To prevent the overconcentration of trust, we build trust points at service levels such that the trust points do not span multiple services.…”

Section: A Main Principlementioning

confidence: 99%

See 1 more Smart Citation

Cross-Certification Towards Distributed Authentication Infrastructure: A Case of Hyperledger Fabric

et al. 2020

View full text Add to dashboard Cite

In Internet of Things ecosystems, where various entities trade data and data analysis results, public key infrastructure plays an important role in establishing trust relationships between these entities to specify who trusts whose private keys. The owner of a private key is provided with a public key certificate issued by a certificate authority (CA) representing a trusted third party. Although this certificate ensures the reliability of the ecosystem by verifying the data source and preventing the denial of trading, it often causes an overconcentration of trust in a particular CA. Consequently, if that CA is infringed, all the related trust relationships become compromised. The paper proposes a distributed authentication infrastructure called Meta-PKI that decentralizes such overconcentration via a cross-certification procedure performed by multiple CAs. Although cross-certification is capable of establishing mutual trust relationships, it does not evaluate the trustworthiness of other CAs in a standardized manner. Therefore, this paper also proposes a new crosscertification method using a distributed ledger technology for building trust relationships based on unified criteria. It also describes the implementation of a Meta-PKI system for Hyperledger Fabric as a proof of concept. Once trust relationships have been established, it takes approximately 65.7 ms to validate them using the proposed system, which is secure against CA takeover and spoofing by outsider attackers.

show abstract

Section: A Main Principlementioning

confidence: 99%

Section: A Main Principlementioning

confidence: 99%

Cross-Certification Towards Distributed Authentication Infrastructure: A Case of Hyperledger Fabric

et al. 2020

View full text Add to dashboard Cite

show abstract

“…It is worth noting that, in recent years many research efforts have been made on new types of network addresses, most of which emphasized self-certifying [19], [20]; this has been considered to be the trends in the development of communication networks. The self-certifying identifiers have been widely adopted in a variety of distributed systems.…”

Section: B Self-certifying Addressmentioning

confidence: 99%

An Architecture for Accountable Anonymous Access in the Internet-of-Things Network

et al. 2018

IEEE Access

View full text Add to dashboard Cite

With the rapid development of the Internet, more and more devices are being connected to the Internet, making up the Internet-of-Things (IoT). The accountability and privacy are two important but contradictory factors to ensure the security of IoT networks. How to provide an accountable anonymous access to IoT networks is a challenging task. Since the IoT network is largely driven by services, in this paper we propose a new and efficient architecture to achieve accountable anonymous access to IoT networks based on services. In this architecture, a self-certifying identifier is proposed to efficiently identify a service. The efficiency and overhead of the proposed architecture are evaluated by virtue of the real trace collected from an Internet service provider. The experimental results show that the proposed architecture could efficiently balance accountability and privacy with acceptable overheads.

show abstract

“…Currently, networks rely on practical reactive mechanisms to try to defend against prefix hijacking, since proposed proactive mechanisms [38], [39], [42], [43], [64] (e.g., RPKI) are fully efficient only when globally deployed, and operators are reluctant to deploy them due to associated technical and financial costs [27], [45], [49]. Defending against hijacking reactively consists of two steps: detection and mitigation.…”

Section: Introductionmentioning

confidence: 99%

ARTEMIS: Neutralizing BGP Hijacking Within a Minute

Sermpezis

Kotronis

Gigis

et al. 2018

IEEE/ACM Trans. Networking

View full text Add to dashboard Cite

BGP prefix hijacking is a critical threat to Internet organizations and users. Despite the availability of several defense approaches (ranging from RPKI to popular third-party services), none of them solves the problem adequately in practice. In fact, they suffer from: (i) lack of detection comprehensiveness, allowing sophisticated attackers to evade detection, (ii) limited accuracy, especially in the case of third-party detection, (iii) delayed verification and mitigation of incidents, reaching up to days, and (iv) lack of privacy and of flexibility in post-hijack counteractions, on the side of network operators. In this work, we propose ARTEMIS (Automatic and Real-Time dEtection and MItigation System), a defense approach (a) based on accurate and fast detection operated by the AS itself, leveraging the pervasiveness of publicly available BGP monitoring services and their recent shift towards real-time streaming, thus (b) enabling flexible and fast mitigation of hijacking events. Compared to previous work, our approach combines characteristics desirable to network operators such as comprehensiveness, accuracy, speed, privacy, and flexibility. Finally, we show through real-world experiments that, with the ARTEMIS approach, prefix hijacking can be neutralized within a minute. ✦

show abstract

Authentication Challenges in a Global Environment

Cited by 11 publications

References 29 publications

Cross-Certification Towards Distributed Authentication Infrastructure: A Case of Hyperledger Fabric

Cross-Certification Towards Distributed Authentication Infrastructure: A Case of Hyperledger Fabric

An Architecture for Accountable Anonymous Access in the Internet-of-Things Network

ARTEMIS: Neutralizing BGP Hijacking Within a Minute

Contact Info

Product

Resources

About