SS-DPKI: Self-Signed Certificate Based Decentralized Public Key Infrastructure for Secure Communication

YeonSung, Chu; Kim, Jae Min; Lee, YoonJick; SungHoon, Shim; Huh, Junho

doi:10.1109/icce46568.2020.9043086

Cited by 6 publications

(4 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In addition, research on decentralized public key authentication is also in progress. The authors of [22][23][24][25][26] focus on the public and decentralized PKI system model and described a detailed scheme and the application of decentralized, PKI-based secure communication. Their designs provide the essential functions of PKIs, such as the registering, updating, revoking and verifying of the ownership of a public key.…”

Section: Related Workmentioning

confidence: 99%

A Blockchain-Based Decentralized Public Key Infrastructure for Information-Centric Networks

2022

View full text Add to dashboard Cite

How to achieve secure content distribution and accountability in information-centric networking (ICN) is a crucial problem. Subscribers need to verify whether the data came from a reliable source, rather than from a spoofing adversary. Public key cryptography was introduced to achieve a method of authentication that binds the data packet to its owner. In existing prototypes, PKIs, identity-based signatures (IBSs) and recommendation networks are the common schemes used to ensure the authenticity and availability of public keys. However, CA-based PKIs and KGC-based IBSs have been proven to be weak when it comes to resisting security attacks, with recommendation networks being too complex to deploy. In this respect, we designed a novel distributed authentication model as a secure scheme to support public key cryptography. Our model establishes a decentralized public key infrastructure by combining the smart contracts of blockchain and optimized zero-knowledge proof-verifiable presentations by utilizing the DID project, which realizes the management of public key certificates through blockchain and ensures the authenticity and availability of public keys in decentralized infrastructure. Our scheme fundamentally solves the issues of security and feasibility in existing schemes and provides a more scalable solution with respect to authenticating data sources. An experiment demonstrated that our proposal is 20% faster than the original zero knowledge proof scheme in registration.

show abstract

Section: Related Workmentioning

confidence: 99%

A Blockchain-Based Decentralized Public Key Infrastructure for Information-Centric Networks

2022

View full text Add to dashboard Cite

show abstract

“…Several alternative revocation status protocols have been developed [5], [6], [39], [45], as well as novel PKIs [3], [24], [47], [48], [52]; however, all of these protocols and PKIs require large changes to the infrastructure. Similarly, many other semi-centralized and decentralized PKIs, revocation protocols and logs have been proposed [7], [16], [17], [25], [28], [32], [44], [46], [50]. Matsumoto et al [36] propose a decentralized framework that incentivizes CAs to monitor for certificate misissuance through financial penalties.…”

Section: B Revocation Processmentioning

confidence: 99%

Postcertificates for Revocation Transparency

Korzhitskii¹,

Nemec²,

Carlsson³

2022

Preprint

View full text Add to dashboard Cite

The modern Internet is highly dependent on trust communicated via certificates. However, in some cases, certificates become untrusted, and it is necessary to revoke them. In practice, the problem of secure revocation is still open. Furthermore, the existing procedures do not leave a transparent and immutable revocation history. We propose and evaluate a new revocation transparency protocol that introduces postcertificates and utilizes the existing Certificate Transparency (CT) logs. The protocol is practical, has a low deployment cost, provides an immutable history of revocations, enables delegation, and helps to detect revocation-related misbehavior by certificate authorities (CAs). With this protocol, a holder of a postcertificate can bypass the issuing CA and autonomously initiate the revocation process via submission of the postcertificate to a CT log. The CAs are required to monitor CT logs and proceed with the revocation upon detection of a postcertificate. Revocation status delivery is performed independently and with an arbitrary status protocol. Postcertificates can increase the accountability of the CAs and empower the certificate owners by giving them additional control over the status of the certificates. We evaluate the protocol, measure log and monitor performance, and conclude that it is possible to provide revocation transparency using existing CT logs.

show abstract

“…It provides a self-signed HTTPS root certi cate that allows clients to intercept encrypted tra c when visiting HTTP websites. "Super sh" manages Lenovo websites and issues certi cates of fraud [18][19][20]. The public key associated with the certi cate is published in the public key directory and can be easily modi ed to replace the public key of another entity [21][22].…”

Section: B) Managing the Private Keysmentioning

confidence: 99%

“…At present, generally identity veri cation is based on public key cryptography. Authors proposed blockchain based distributed PKI to resolved issues of rationalize PKI with the management of public key[19].…”

mentioning

confidence: 99%

A Novel Framework for Efficient Multiple Signature on Certificate with Database Security

Tanwar¹,

Badotra

Rana³

2021

Preprint

View full text Add to dashboard Cite

PKI gives undeniable degree of safety by transferring the key pair framework among the clients. By constructing, a PKI we combine digital identities with the digital signatures, which give an end-to-end trust model. Basically, PKI is an attempt, which can simulate the real-world human analyzation of identity and reliability in a computerized fashion. In any case, the existing applications are centered on a tight trust model which makes them inadequate as an overall device for trust examination. After years of research, development and deployment, PKI still facing strong technical and organizational challenges such as attacks against Certificate Authorities (CA). CAs are the primitive component of PKIs which plays powerful role in the PKI model. CA must be diligent, creditable and legitimate. In any case, a technocrat who picks up control on a CA can use CA's certificate to issue bogus certificate and impersonate any site, such as - DigiNotar, GobalSign, Comodo and DigiCert Malaysia. In this paper we proposed an approach to reduce the damage of compromised CA/CA’s key by imposing Multiple Signatures (MS) after verifying/authenticating user’s information. One single compromised CA is not able to issue a certificate to any domain as multiple signatures are required. Private key and other perceptive information are stored in the form of object/blob. Without knowing the structure of class no one can access the object and object output stream. Proposed MS achieve better performance over existing MS schemes and control fraudulent certificate issuance with more database security. The proposed scheme also avoids MITM attack against CA who is issuing certificate to whom which is using the following parameters such as identity of Sender, Receiver, Timestamp and Aadhar number.

show abstract

SS-DPKI: Self-Signed Certificate Based Decentralized Public Key Infrastructure for Secure Communication

Cited by 6 publications

References 7 publications

A Blockchain-Based Decentralized Public Key Infrastructure for Information-Centric Networks

A Blockchain-Based Decentralized Public Key Infrastructure for Information-Centric Networks

Postcertificates for Revocation Transparency

A Novel Framework for Efficient Multiple Signature on Certificate with Database Security

Contact Info

Product

Resources

About