Research of digital signature implementation and usage inside an organization / Skaitmeninio parašo diegimo ir naudojimo organizacijoje tyrimas

Valušytė, Eglė

19 June 2008

While all the modern world is moving to the electronic space and the services are assuming a digital form, one also gives thought to the means to approach to this more and more often, and one of many of the means is digital signature. Electronic signature would even overtake its inky prototype not only in science or IT business, but also in the heads of the consumers, if there were not any traditional, organizational barriers, any fear of innovations and uncertainty amongst many other factors that are useful to explore. The most popular implementation of digital signature - PKI (Public key infrastructure) – can fill a lot more than one function; the variety of all of the PKI application areas is very wide. Also known as assymetric cryptography, PKI can provide an opportunity not only to sign a document, but also a reverse process is possible, that is to communicate safely in the Internet or other net using public key for encoding and private key for decoding. The paper strives to point out the essence and the main principles of PKI, to disclose its possibilities and means for the organizations and the users, to analyse the empirical information in an organization, to measure the current PKI situation in Lithuania also touching Europe, to reveal the mindset and behaviour peculiarities of a potential user of the digital signature. / Visam šiuolaikiniam pasauliui persikeliant į elektronines erdves, paslaugoms įgaunant skaitmeninę formą, vis dažniau susimąstoma ir apie visas priemones tam pasiekti, iš kurių viena – e.parašas. E.parašas kai kuriais atžvilgiais netgi lenktų rašalinį savo prototipą ne tik moksle ir IT versle, bet ir vartotojų galvose, jei ne tradiciniai, organizaciniai barjerai, naujovių ir nežinomybės baimė, bei daugelis kitų veiksnių, kuriuos naudinga ištirti. Labiausiai paplitusi e.parašo realizacija PKI (Public key infrastructure) – viešojo rakto infrastruktūra – gali atlikti žymiai daugiau nei vieną funkciją, visos PKI taikymo sričių įvairovės darbe nepavyktų atskleisti dėl vietos ir laiko stokos. Dar vadinama asimetriniu šifravimu, PKI gali ne tik suteikti galimybę pasirašyti dokumentą, bet įmanomas ir atvirkštinis procesas, t.y., užšifravimui naudojant viešąjį, o iššifravimui – privatųjį raktą, saugiai komunikuoti internete ar kitame tinkle. Darbas siekia parodyti PKI esmę ir pagrindinius principus, atskleisti galimybes ir priemones organizacijoms ir vartotojams, išanaliztuoi empirinę informaciją organizacijoje, įvertinti dabartinę PKI situaciją Lietuvoje, paliečiant Europą, atskleisti galimo skaitmeninio parašo vartotojo elgsenos ypatumus.

Informatics

Digital signature

PKI

Organization

Skaitmeninis parašas

PKI

Organizacija

公開金鑰基礎建設（Public Key Infrastructure, PKI）企業建置與應用之個案研討

林延勳, Lin, Yan-Xun

Unknown Date

在網路的虛擬環境下，無法再依賴過去由面貌、聲音、筆跡等實體認證方式辨識通訊對方的身分，所以如何在網路上確認通訊對方的身分，防止網路上偽冒、欺騙行為，是相當重要的課題；除此之外，基於網路開放的特性，網路應用之安全疑慮，尚包括電腦病毒、駭客入侵、個人隱私資料外洩等問題，這些都亟需一套有效的網路安全技術方案來解決這些問題。 公開金鑰基礎建設(Public Key Infrastructure, PKI)是一套能夠提供機密性（Confidentiality）、完整性（Integrity）、鑑別性（Authentication）及不可否認性（Non-Repudiation）等資訊安全需求網路基礎架構，足以營造一值得信賴網路安全環境。因此，經濟部商業司為促進國內商業發展及建立安全且可信賴的的電子交易環境，特別推動相關的PKI安全計畫，如「PKI應用輔導推動計畫」及「我國PKI互通管理及推動計畫」等，參與建置PKI計畫之廠商，大多期待PKI所建立之安全的網路環境，會降低作業成本、提高服務品質，提高顧客消費之意願，惟在實際之應用上，是否真的有如此之成效，就不得而知了，本研究之目的，即是針對PKI之建置及商業應用上，究竟帶來了哪些效益，或是有哪些瓶頸，檢視之後提出檢討及建議，供日後有意以PKI為網路安全解決方案者做為參考。

公開金鑰

PKI

Integration of BankID Services in a PhoneGap Based Mobile Application

Eggestig, Lars, Wodajo, Mintesinot

January 2014

Security concerns became high with the rapid technology advancement andwith the open nature of the internet. BankID is the leading electronic identificationsystem in Sweden which is used by around 5 million people in a variety ofpublic and private services. BankID allows users to securely authenticate themselvesand digitally sign important documents and transactions over the internet.In 2011, BankID Security App was launched to be used in mobile smartphones and tablet computers. In this paper, different components of the PublicKey Infrastructure (PKI) which is a cryptographic technique that enables usersto safely communicate over the insecure internet has been studied in detail. Furthermore,a test BankID-integrated PhoneGap based app on the Android platformis implemented and a performance evaluation and security analysis wereperformed. The test implementation of the BankID-integrated app on theAndroid platform provides user authentication and digital signing functions.The implemented backend system consists of a server with digital certificateand a database. The performance test emphasizes on the measurement of the accesstime between the components of the system and usability of the application.Access time measurement includes a reasonable amount of time in whichthe user is able to perform different activities in the system. In usability assessmentnumber of actions to perform a certain task and the ease of the user interfacehas been taken into consideration. The security analysis aims to identifypotential security flaws in the system and discuss possible solutions. The potentialsecurity risks we identified during the implementation of the system are theman-in-the-middle-attack, the Heartbleed bug, losing the mobile device andphysical access to the backend system. The potential security risks in the systemwere examined with regard to severity and probability of occurrence. Finally,the thesis project has been discussed in terms of the future work and system expansions.The result of the thesis will be used as a base in production developmentby Dewire, the company for which the thesis work has been conducted.

Security

BankID

PhoneGap

PKI

Android

Public Key Infrastructure (PKI) And Virtual Private Network (VPN) Compared Using An Utility Function And The Analytic Hierarchy Process (AHP)

Wagner, Edward Dishman

16 May 2002

This paper compares two technologies, Public Key Infrastructure (PKI) and Virtual Private Network (VPN). PKI and VPN are two approaches currently in use to resolve the problem of securing data in computer networks. Making this comparison difficult is the lack of available data. Additionally, an organization will make their decision based on circumstances unique to their information security needs. Therefore, this paper will illustrate a method using a utility function and the Analytic Hierarchy Process (AHP) to determine which technology is better under a hypothetical set of circumstances. This paper will explain each technology, establish parameters for a hypothetical comparison, and discuss the capabilities and limitations of both technologies. / Master of Arts

VPN

PKI

Utility Function AHP

Flexible Certificate Management for Secure HTTPS Client/Server Communication

Zhang, Jing

January 2005

<p>Certificate management is a crucial element in PKI implementations, which includes certificate generation, distribution, storage, and revocation. Most of the existing research has been focusing on the security aspect or the functionality and the structure of certificate management systems. Very little has looked at the actual user requirements for the system and how users can use the system conveniently and practically, which is actually a very important factor for the whole security system to work properly and to be widely accepted.</p><p>In this thesis we have designed a framework that provides a flexible certificate management for different security levels according to user requirements and situations, and with a user-friendly interface. A certificate management system CSA (Certificate Server Adapter) is implemented for HP OpenView Operations for Windows (OVO/Windows), which is a management software product provided by Hewlett-Packard. The CSA helps OVO/Windows to provide secure HTTPS client/server communication. Tests show that it offers a good enough security for all situations without compromise and, at the same time, the best convenience and flexibility are achieved. However, the CSA can be further improved to have a lifetime management of the created certificates, an enhanced user interface, and an API to plug-in other PKI solutions.</p>

Certificate Management

PKI

HTTPS

Computer science

Datavetenskap

Flexible Certificate Management for Secure HTTPS Client/Server Communication

Zhang, Jing

January 2005

Certificate management is a crucial element in PKI implementations, which includes certificate generation, distribution, storage, and revocation. Most of the existing research has been focusing on the security aspect or the functionality and the structure of certificate management systems. Very little has looked at the actual user requirements for the system and how users can use the system conveniently and practically, which is actually a very important factor for the whole security system to work properly and to be widely accepted. In this thesis we have designed a framework that provides a flexible certificate management for different security levels according to user requirements and situations, and with a user-friendly interface. A certificate management system CSA (Certificate Server Adapter) is implemented for HP OpenView Operations for Windows (OVO/Windows), which is a management software product provided by Hewlett-Packard. The CSA helps OVO/Windows to provide secure HTTPS client/server communication. Tests show that it offers a good enough security for all situations without compromise and, at the same time, the best convenience and flexibility are achieved. However, the CSA can be further improved to have a lifetime management of the created certificates, an enhanced user interface, and an API to plug-in other PKI solutions.

Certificate Management

PKI

HTTPS

Computer science

Datavetenskap

Managing and Complementing Public Key Infrastructure for Securing Vehicular Ad Hoc Networks

Wasef, Albert

January 2011

Recently, vehicular ad-hoc network (VANET) has emerged as an excellent candidate to change the life style of the traveling passengers along the roads and highways in terms of improving the safety levels and providing a wide range of comfort applications. Due to the foreseen impact of VANETs on our lives, extensive attentions in industry and academia are directed towards bringing VANETs into real life and standardizing its network operation. Unfortunately, the open medium nature of wireless communications and the high-speed mobility of a large number of vehicles in VANETs pose many challenges that should be solved before deploying VANETs. It is evident that any malicious behavior of a user, such as injecting false information, modifying and replaying the disseminated messages, could be fatal to other legal users. In addition, users show prime interest in protecting their privacy. The privacy of users must be guaranteed in the sense that the privacy-related information of a vehicle should be protected to prevent an observer from revealing the real identities of the users, tracking their locations, and inferring sensitive data. From the aforementioned discussion, it is clear that security and privacy preservation are among the critical challenges for the deployment of VANETs. Public Key Infrastructure (PKI) is a well-recognized solution to secure VANETs. However, the traditional management of PKI cannot meet the security requirements of VANETs. In addition, some security services such as location privacy and fast authentication cannot be provided by the traditional PKI. Consequently, to satisfy the security and privacy requirements, it is prerequisite to elaborately design an efficient management of PKI and complementary mechanisms for PKI to achieve security and privacy preservation for practical VANETs. In this thesis, we focus on developing an efficient certificate management in PKI and designing PKI complementary mechanisms to provide security and privacy for VANETs. The accomplishments of this thesis can be briefly summarized as follows. Firstly, we propose an efficient Distributed Certificate Service (DCS) scheme for vehicular networks. The proposed scheme offers a flexible interoperability for certificate service in heterogeneous administrative authorities, and an efficient way for any On-Board Units (OBUs) to update its certificate from the available infrastructure Road-Side Units (RSUs) in a timely manner. In addition, the DCS scheme introduces an aggregate batch verification technique for authenticating certificate-based signatures, which significantly decreases the verification overhead. Secondly, we propose an Efficient Decentralized Revocation (EDR) protocol based on a novel pairing-based threshold scheme and a probabilistic key distribution technique. Because of the decentralized nature of the EDR protocol, it enables a group of legitimate vehicles to perform fast revocation of a nearby misbehaving vehicle. Consequently, the EDR protocol improves the safety levels in VANETs as it diminishes the revocation vulnerability window existing in the conventional Certificate Revocation Lists (CRLs). Finally, we propose complementing PKI with group communication to achieve location privacy and expedite message authentication. In specific, the proposed complemented PKI features the following. First, it employs a probabilistic key distribution to establish a shared secret group key between non-revoked OBUs. Second, it uses the shared secret group key to perform expedite message authentication (EMAP) which replaces the time-consuming CRL checking process by an efficient revocation checking process. Third, it uses the shared secret group key to provide novel location privacy preservation through random encryption periods (REP) which ensures that the requirements to track a vehicle are always violated. Moreover, in case of revocation an OBU can calculate the new group key and update its compromised keys even if the OBU missed previous rekeying process. For each of the aforementioned accomplishments, we conduct security analysis and performance evaluation to demonstrate the reliable security and efficiency of the proposed schemes.

Security

Privacy

VANET

PKI

Electrical and Computer Engineering

Smart Card Information Sharing Platform towards Global Nomadic World

HATANAKA, Masayuki, YAMAMOTO, Shuichiro, SENDA, Shoichi, HASHIMOTO, Junko, NIWANO, Eikazu

01 April 2004

No description available.

PKI

multi-application

platform

smart card

Managing and Complementing Public Key Infrastructure for Securing Vehicular Ad Hoc Networks

Wasef, Albert

January 2011

Recently, vehicular ad-hoc network (VANET) has emerged as an excellent candidate to change the life style of the traveling passengers along the roads and highways in terms of improving the safety levels and providing a wide range of comfort applications. Due to the foreseen impact of VANETs on our lives, extensive attentions in industry and academia are directed towards bringing VANETs into real life and standardizing its network operation. Unfortunately, the open medium nature of wireless communications and the high-speed mobility of a large number of vehicles in VANETs pose many challenges that should be solved before deploying VANETs. It is evident that any malicious behavior of a user, such as injecting false information, modifying and replaying the disseminated messages, could be fatal to other legal users. In addition, users show prime interest in protecting their privacy. The privacy of users must be guaranteed in the sense that the privacy-related information of a vehicle should be protected to prevent an observer from revealing the real identities of the users, tracking their locations, and inferring sensitive data. From the aforementioned discussion, it is clear that security and privacy preservation are among the critical challenges for the deployment of VANETs. Public Key Infrastructure (PKI) is a well-recognized solution to secure VANETs. However, the traditional management of PKI cannot meet the security requirements of VANETs. In addition, some security services such as location privacy and fast authentication cannot be provided by the traditional PKI. Consequently, to satisfy the security and privacy requirements, it is prerequisite to elaborately design an efficient management of PKI and complementary mechanisms for PKI to achieve security and privacy preservation for practical VANETs. In this thesis, we focus on developing an efficient certificate management in PKI and designing PKI complementary mechanisms to provide security and privacy for VANETs. The accomplishments of this thesis can be briefly summarized as follows. Firstly, we propose an efficient Distributed Certificate Service (DCS) scheme for vehicular networks. The proposed scheme offers a flexible interoperability for certificate service in heterogeneous administrative authorities, and an efficient way for any On-Board Units (OBUs) to update its certificate from the available infrastructure Road-Side Units (RSUs) in a timely manner. In addition, the DCS scheme introduces an aggregate batch verification technique for authenticating certificate-based signatures, which significantly decreases the verification overhead. Secondly, we propose an Efficient Decentralized Revocation (EDR) protocol based on a novel pairing-based threshold scheme and a probabilistic key distribution technique. Because of the decentralized nature of the EDR protocol, it enables a group of legitimate vehicles to perform fast revocation of a nearby misbehaving vehicle. Consequently, the EDR protocol improves the safety levels in VANETs as it diminishes the revocation vulnerability window existing in the conventional Certificate Revocation Lists (CRLs). Finally, we propose complementing PKI with group communication to achieve location privacy and expedite message authentication. In specific, the proposed complemented PKI features the following. First, it employs a probabilistic key distribution to establish a shared secret group key between non-revoked OBUs. Second, it uses the shared secret group key to perform expedite message authentication (EMAP) which replaces the time-consuming CRL checking process by an efficient revocation checking process. Third, it uses the shared secret group key to provide novel location privacy preservation through random encryption periods (REP) which ensures that the requirements to track a vehicle are always violated. Moreover, in case of revocation an OBU can calculate the new group key and update its compromised keys even if the OBU missed previous rekeying process. For each of the aforementioned accomplishments, we conduct security analysis and performance evaluation to demonstrate the reliable security and efficiency of the proposed schemes.

Security

Privacy

VANET

PKI

Electrical and Computer Engineering

Využití elektronického časového razítka při implementaci služeb eGovernmentu

Szolár, Martin

January 2008

Tato práce je zaměřena na časové razítko a jeho využití ve službách eGovernmentu. Práce je souhrnným materiálem, který poskytuje všechny relevantní informace z různých oblastí k aplikaci řešení časového razítka v eGovernmentu.