Abstract
Conventionally, public key certificates bind one subject with one static public key so that the subject can facilitate the services of the public key infrastructure (PKI). In PKI, certificates need to be renewed (or revoked) for several practical reasons, including certificate expiration, private key breaches, condition changes, and possible risk reduction. The certificate renewal process is very costly, especially for those environments where online authorities are not available or the connection is not reliable. A dynamic public key certificate (DPKC) facilitates the dynamic changeover of the current public–private key pairs without renewing the certificate authority (CA). This paper extends the previous study in several aspects: (1) we formally define the DPKC; (2) we formally define the security properties; (3) we propose another implementation of the Krawczyk–Rabin chameleon-hash-based DPKC; (4) we propose two variants of DPKC, using the Ateniese–Medeiros key-exposure-free chameleon hash; (5) we detail two application scenarios.
Highlights
Certificates act as the critical tokens in conventional public key infrastructure (PKI) systems
A subject’s public–private key pair will need to be renewed from time to time [1,2], for example because a private key has been compromised, to reduce the risks of services related to a specific private key, or to specify the different terms for different public keys; the certificate renewal process is very costly and is very difficult or even infeasible in some scenarios, for example if there is no reliable communication between different entities and their certificate authorities or it is infeasible to set up such an online authority for certain Internet of Things (IoT) networks, ad hoc networks, and Wireless Sensor Networks (WSN)
In our previous study [3] based on the Krawczyk–Rabin chameleon signature [4,5], we proposed the dynamic public key certificate (DPKC), whereby the subject of the certificate can dynamically coin new public–private key pairs on the spot, such that a verifier can validate the new public keys using the same certificate
Summary
Certificates act as the critical tokens in conventional PKI systems. With the trust of the CA, a validated certificate allocates communicating partners the tasks of entity authentication, document signature verification, session key distribution and agreement, and other functions. In our previous study [3] based on the Krawczyk–Rabin chameleon signature [4,5], we proposed the dynamic public key certificate (DPKC), whereby the subject of the certificate can dynamically coin new public–private key pairs on the spot, such that a verifier can validate the new public keys using the same certificate Please note that this new approach does not totally exclude the certificate renewal process but facilitates the owner’s capacity to change the public key dynamically during the certificate validation period. This new approach has several advantages and potential new applications.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
