Spelling suggestions: "subject:"publickey infrastructure"" "subject:"publickeys infrastructure""
31 |
Digital Certificate Revocation for the Internet of ThingsTanner Lindemer, Samuel January 2019 (has links)
Digital certificates have long been used for traditional Internet applications, and have now entered into widespread use for the Internet of Things. However, constrained devices currently have no means to verify the revocation status of certificates. Without the ability to revoke certificates, network administrators have no recourse in the event of a private key compromise. This thesis explores three alternatives to solve this problem: (1) implement the Online Certificate Status Protocol (OCSP) as is on a CoAP network stack, (2) compress certificate revocation lists (CRLs) using Bloom filters, and (3) design an optimized version of OCSP (referred to here as TinyOCSP). This work concludes that TinyOCSP reduces the message overhead of online validation by at least 73%. This reduced the energy consumption of certificate validation by 50% relative to OCSP in the experiments on constrained hardware, which shows that it may be a feasible solution for the IoT / Digitala certifikat har länge tillämpats inom traditionella internetappliceringar och har numera även omfattande användningsområden inom IoT. Begränsade apparater har i nuläget dock inga metoder för att verifiera återkallningsstatusar av certifikat. Utan förmågan att återkalla certifikat har nätverksadministratörer inga alternativ att återfalla till när en hemlig nyckel har blivit stulen. Denna uppsats undersöker tre alternativ för att lösa detta problem: (1) tillämpning av Online Certificate Status Protocol (OCSP) med CoAP, (2) komprimering av certificate revocation lists (CRLs) som använder Bloom filters, och (3) skapa en optimerad version av OCSP (TinyOCSP). Arbetet drar slutsatsen att TinyOCSP minskar message overhead av onlinevalidering med åtminstone 73%. Detta minskade energikonsumtion av certifikatsvalidering med 50% jämfört med OCSP i experimentet med begränsade apparater, vilket visar att detta är en tänkar lösning för IoT.
|
32 |
A Distributed Public Key Infrastructure for the Web Backed by a Blockchain / En distribuerad publik nyckel-infrastruktur för webben uppbackad av en blockkedjaFredriksson, Bastian January 2017 (has links)
The thesis investigates how a blockchain can be used to build a decentralised public key infrastructure for the web, by proposing a custom federation blockchain relying on honest majority. Our main contribution is the design of a Proof of Stake protocol based on a stake tree, which builds upon an idea called follow-the-satoshi used in previous papers. Digital identities are stored in an authenticated self-balancing tree maintained by blockchain nodes. Our back-of-the-envelope calculations, based on the size of the domain name system, show that the block size must be set to at least 5.2 MB, while each blockchain node with a one-month transaction history would need to store about 243 GB. Thin clients would have to synchronise about 13.6 MB of block headers per year, and download an additional 3.7 KB of proof data for every leaf certificate which is to be checked. / Uppsatsen undersöker hur en blockkedja kan användas för att bygga en decentraliserad publik nyckel-infrastruktur för webben. Vi ger ett designförslag på en blockkedja som drivs av en pålitlig grupp av noder, där en majoritet antas vara ärliga. Vårt huvudsakliga bidrag är utformningen av ett Proof of Stake-protokoll baserat på ett staketräd, vilket bygger på en idé som kallas follow-the-satoshi omnämnd i tidigare publikationer. Digitala identiteter sparas i ett autentiserat, självbalanserande träd som underhålls av noder anslutna till blockkedjenätverket. Våra preliminära beräkningar baserade på storleken av DNS-systemet visar att blockstorleken måste sättas till åtminstone 5.2 MB, medan varje nod med en månads transaktionshistorik måste spara ungefär 243 GB. Webbläsare och andra resurssnåla klienter måste synkronisera 13.6 MB data per år, och ladda ner ytterligare 3.7 KB för varje användarcertifikat som skall valideras.
|
33 |
Security of dynamic authorisation for IoT through Blockchain technology / Säkerheten av dynamisk autentisering för IoT genom Blockchain-teknikSandor, Alexander January 2018 (has links)
The use of Internet of Things devices is an integral part of our modern society. Communication with internet of things devices is secured with asymmetric key encryption that is handled by the centralized certificate authority infrastructure. The emerging Blockchain technology now provides a safe way to change ownership of digital resources through a decentralized system that challenges the traditional centralized view of trust in digital systems. This project studies the security of building public key infrastructures and access communication protocols on Blockchain technology for IoT devices. An informal cryptographic analysis that used proof by contradiction showed that it is cryptographically safe to build Blockchain based Public Key Infrastructures. The analysed Blockchain based public key infrastructure was implemented with smart contracts and tested on the Ethereum platform along with a dynamic access control protocol ensuring dynamic authentication and distributed logging. The project also concluded that advancements in the software clients of nodes are required before Blockchain can be used in Internet of Things devices. This is due to the high storage demands required by currently available nodes. / Användandet av "Internet of Things"-enheter är en integral del av vårt moderna samhälle. Kommunikation med "Internet of Things"-enheter är säkras genom asymmetrisk nyckelkryptering som hanteras i ett centraliserat system administrerat av certifieringsmyndigheter. Den banbrytande Blockchain-tekniken erbjuder nu ett säkert sätt att byta ägandeskap av digitala resurser i ett decentraliserat system, och utmanar den traditionella synen på tillit i digitala system. Det här projektet studerar säkerheten i att bygga en infrastruktur för publik nyckeldistribuering samt protokoll för accesskontrollering med hjälp av Blockchain-teknik för "Internet of Things"-enheter. Genom en informell kryptografisk analys och metoden motsägelsebevis visades det att det är kryptografiskt säkert att bygga infrastrukturer för publik nyckeldistribuering på Blockchain-teknik. En Blockchain-baserad infrastruktur för public nyckeldistribuering implementerades med smarta kontrakt och testades på Ethereum-plattformen tillsammans med ett protokoll för dynamisk accesskontroll som säkerställde dynamisk autentisering och distribuerad loggning. Projektet kom även fram till att ny mjukvara för noder behövs för att tekniken ska bli applicerbar i "Internet of Things"-enheter. Detta eftersom nuvarande noder behöver stort datautrymme för att fungera.
|
34 |
Architecture for Issuing DoD Mobile Derived CredentialsSowers, David Albert 01 July 2014 (has links)
With an increase in performance, dependency and ubiquitousness, the necessity for secure mobile device functionality is rapidly increasing. Authentication of an individual's identity is the fundamental component of physical and logical access to secure facilities and information systems. Identity management within the Department of Defense relies on Public Key Infrastructure implemented through the use of X.509 certificates and private keys issued on smartcards called Common Access Cards (CAC). However, use of CAC credentials on smartphones is difficult due to the lack of effective smartcard reader integration with mobile devices. The creation of a mobile phone derived credential, a new X.509 certificate and key pair based off the credentials of the CAC certificates, would eliminate the need for CAC integration with mobile devices This thesis describes four architectures for securely and efficiently generating and delivering a derived credential to a mobile device for secure communications with mobile applications. Two architectures generate credentials through a software cryptographic module providing a LOA-3 credential. The other two architectures provide a LOA-4 credential by utilizing a hardware cryptographic module for the generation of the key pair. In two of the architectures, the Certificate Authority']s (CA) for the new derived credentials is the digital signature certificate from the CAC. The other two architectures utilize a newly created CA, which would reside on the DoD network and be used to approve and sign the derived credentials. Additionally, this thesis demonstrates the prototype implementations of the two software generated derived credential architectures using CAC authentication and outlines the implementation of the hardware cryptographic derived credential. / Master of Science
|
35 |
X.509 Certificate-Based Authentication for NETCONF and RESTCONF : Design Evaluation between Native and External Implementation / X.509 Certifikatbaserad autentisering för NETCONF och RESTCONF : Designutvärdering mellan inhemsk och extern implementeringLi, Qi January 2023 (has links)
The Network Service Ochestrator (NSO) is a network automation system provided by Cisco that is used to automate large network changes with the ability to roll back in case of errors. It provides a rich northbound interface to communicate with the user and a southbound interface to orchestrate network devices securely. On these northbound and southbound interfaces, NSO supports NETCONF and RESTCONF, which is an IETF standard for network automation. NSO native implementation of NETCONF and RESTCONF lacks support for Public-Key Infrastructure (X.509) (PKIX) infrastructure and SSH and SSL/TLS as transport. Instead, Cisco suggests that customers use external relay agents such as PKIX-SSH for SSH and GNUTLS for TLS for NETCONF. The certificates and keys are saved on the hard drive and loaded for every connection via RESTCONF. This workaround solution provides authentication and authorization without audit logging within NSO. In this work, a native implementation of the X509 certification with PKIX infrastructure on SSH and SSL/TLS for NETCONF and RESTCONF is investigated. The project evaluates design alternatives with respect to security, computational complexity, maintainability, and user-friendliness, and concludes by highlighting the pros and cons of both native and workaround implementation. / Ciscos NSO är en nätverksorkestreringsplatform som används för att automatisera stora ändringar i nätverk med egenheten att ändringarna kan backas tillbaka om inte samtliga kan kan utföras. NSO tillhandahåller användare gränssnitt (northbound) för att säkert kommunicera (southbound) med nätverksenheterna. Gränssnitten stödjer de standardiserade protokollen Netconf och Restconf. Båda dessa protokoll saknar inbyggts stöd för PKIX över SSH, SSL och TSL. När detta önskas rekommenderar Cisco sina kunder att externa klienter som PKIX-SSH eller GNUTLS. När detta görs sparas certifikat och nyklar lokalt för varje Restconf koppel och ingen läggning av flödet kommer att ske i NSO. I detta arbete presenteras ett inbyggt stöd för X509 certifiering med PKIX för SSH, SSL, och TLS. Stödet kan användas för Netconf och Restconf. Olikheter mellan dagens tillgängliga stöd och det inbyggda stödet med avseende på säkerhet, komplexitet, underhållbarhet, och användarvänlighet jämförs. Avslutningsvis belyses för- respektive nackdelar med de olika implementateringarna.
|
36 |
LF-PKI: Practical, Secure, and High-Performance Design and Implementation of a Lite Flexible PKI / LF-PKI: Praktisk, säker och Högpresterande design och Implementering av Lite Flexible PKIXu, Yongzhe January 2022 (has links)
Today’s Web Public Key Infrastructure (PKI) builds on a homogeneous trust model. All Certificate Authorities (CAs) are equally trusted once they are marked as trusted CAs on the client side. As a result, the security of the Web PKI depends on the weakest CA. Trust heterogeneity and flexibility can be introduced in today’s Web PKI to mitigate the problem. Each client could have different levels of trust in each trusted CA, according to the properties of each CA, such as the location, reputation and scale of the CA. As a result, the loss caused by the compromise of a less trusted CA will be relieved. In this work, we study Flexible-PKI (F-PKI), which is an enhancement of Web PKI, and propose Lite Flexible-PKI (LF-PKI) to address the limitations of F-PKI. LF-PKI is designed to securely and efficiently manage domain policies and enable trust heterogeneity on the client side. The domain owner can issue domain policies for their domains, and the client will have a complete view of the domain policies issued for a specific domain. Based on the collection of domain policies from LF-PKI, trust heterogeneity can be achieved on the client side. Each client will choose the domain policies based on the trust levels of the CA. On the basis of the LF-PKI design, a high-performance implementation of LF-PKI was developed, optimized, and analyzed. The optimized implementation can provide the LF-PKI services for worldwide domains on a single server with moderate hardware. / Dagens Web Public Key Infrastructure (PKI) bygger på en homogen förtroendemodell. Alla certifikatutfärdare (CA) är lika betrodda när de är markerade som betrodda certifikatutfärdare på klientsidan. Som ett resultat beror säkerheten för webb-PKI på den svagaste CA. Förtroendeheterogenitet och flexibilitet kan införas i dagens webb-PKI för att mildra problemet. Varje klient kan ha olika nivåer av förtroende för varje betrodd certifikatutfärdare, beroende på egenskaperna hos varje certifikatutfärdare, såsom certifikatutfärdarens plats, rykte och omfattning. Som ett resultat kommer förlusten som orsakats av kompromissen av en mindre pålitlig CA att avhjälpas. I detta arbete studerar vi Flexible-PKI (F-PKI), som är en förbättring av webb-PKI, och föreslår Lite Flexible-PKI (LF-PKI) för att ta itu med begränsningarna hos F-PKI. LF-PKI är utformad för att säkert och effektivt hantera domänpolicyer och möjliggöra förtroendeheterogenitet på klientsidan. Domänägaren kan utfärda domänpolicyer för sina domäner, och klienten kommer att ha en fullständig bild av domänpolicyerna som utfärdats för en specifik domän. Baserat på insamlingen av domänpolicyer från LF-PKI kan förtroendeheterogenitet uppnås på klientsidan. Varje klient kommer att välja domänpolicyer baserat på förtroendenivåerna för CA. På basis av LF-PKI-designen utvecklades, optimerades och analyserades en högpresterande implementering av LF-PKI. Den optimerade implementeringen kan tillhandahålla LF-PKI-tjänster för världsomspännande domäner på en enda server med måttlig hårdvara.
|
37 |
Analysis Of Electronic Signature In Turkey From The Legal And Economic Perspectives And The Awareness Level In The CountryIskender, Gokhan 01 August 2006 (has links) (PDF)
As in the case of other information technologies, the best way of obtaining efficient results from electronic signature application is integrating it to the legal and economic systems and increasing the awareness level of technology in the society.
This thesis performs the legal and economic analyses of electronic signature in Turkey and measures the awareness level in the society. The analyses performed in the thesis show that electronic signature is not legally established in Turkey even the legal base is harmonious with European Union and it is expensive in practice even though its economic rate of return is high and the awareness level in the society which is measured in this study with a 20 questions test is not very high.
|
38 |
Contributions to secure and privacy-preserving use of electronic credentialsShahandashti, Siamak Fayyaz. January 2009 (has links)
Thesis (Ph.D.)--University of Wollongong, 2009. / Typescript. Includes bibliographical references (leaf 130-140) and index.
|
39 |
Use Of Pki For Process AuthorizationTaskazan, Feyza 01 January 2004 (has links) (PDF)
Enterprises require an information security solution that provides privacy, integrity, authentication and access controls for processes. License management systems are developed to be a solution for process authorization in different platforms. However, security threats on processes cannot be controlled with existing license management mechanisms. The need is a complete system that is independent from implementation, platform, and application. In this thesis, we design a complete system for process authorization based on Public Key Infrastructure (PKI) technology.
|
40 |
Trust-based routing in pure ad-hoc wireless networksPirzada, Asad Amir January 2007 (has links)
[Truncated abstract] An ad-hoc network of wireless nodes is a temporarily formed network, created, operated and managed by the nodes themselves. Due to its peculiar establishment and operational properties it is also often termed an infrastructure-less, self-organised, or spontaneous network. In order to extend the communication range of the nodes, beyond a single hop, specially configured routing protocols are used. The unique feature of these protocols is their ability to form routes in spite of a dynamic topology. For effective functioning of the network it is essential that the network nodes execute the routing protocols in a truthful manner regardless of their contemporary commitments and workload. In real life, this is more than often extremely difficult to realise, and so we often find malicious nodes also present in the same network. These nodes can either join externally or may originate internally by compromis- ing an existing benevolent node in the network. These malicious nodes can carry out an array of attacks against the routing protocols leading to route severing, unavailability of service or deception. A number of secure routing protocols, which make use of cryptographic algorithms to secure the routes, have recently been proposed. ... In order to sustain the improvised nature of ad-hoc networks, in this thesis, we have moved from the common mechanism of achieving trust via security to enforcing dependability through collaboration. We desist from the customary strategy of employing cryptography and instead use a trust model that is influ- enced by the human behavioural model. All nodes in the network independently execute this trust model and maintain their own assessment concerning other nodes in the network. Each node, based upon its individual experiences, rewards collabo- rating nodes for their benevolent behaviour and penalises malicious nodes for their malevolent conduct. To highlight the efficacy of this unique approach, we apply the trust model to three contemporary reactive routing protocols in a pure ad-hoc network. These trust reinforced routing protocols locate dependable routes in the network by observing the sincerity in participation of other nodes using a set of trust categories. The routes worked out in this way are neither protected in terms of security nor minimal in terms of hops. However, these routes traverse nodes, which have been identified as more trustworthy than others and for this reason are more dependable in extemporised circumstances. Through the help of extensive simulations, we have demonstrated that the usage of these protocols significantly improves the overall performance of the network even in the presence of a high percentage of malicious nodes. These protocols, being independent of a trust infrastructure, also enable rapid deployment and improved operation with dynamic adaptation to the current scenario. The prime advantage being gained is the ability to seamlessly integrate ad-hoc wireless networks belonging to dissimilar organisations.
|
Page generated in 0.0767 seconds