Abstract

A public-key infrastructure (PKI) binds public keys to identities of entities. Usually, this binding is established through a process of registration and issuance of certificates by a certificate authority (CA) where the validation of the registration is performed by a registration authority. In this paper, we propose an alternative scheme, called LocalPKI , where the binding is performed by a local authority and the issuance is left to the end user or to the local authority. The role of a third entity is then to register this binding and to provide up-to-date status information on this registration. The idea is that many more local actors could then take the role of a local authority, thus allowing for an easier spread of public-key certificates in the population. Moreover, LocalPKI represents also an appropriate solution to be deployed in the Internet of Things context. Our scheme’s security is formally proven with the help of Tamarin, an automatic verification tool for cryptographic protocols.

Highlights

  • The primary goal of a Public Key Infrastructure is to bind a user identity with his public key

  • We show that trust hypothesis on entities are mandatory, just like, e.g., trust hypothesis are required on certificate authority (CA) in PKIX, by describing attacks found by the tool if any of these hypothesis is removed

  • We have proposed an alternative public-key infrastructure model, LOCALPKI

Read more

Summary

Introduction

The primary goal of a Public Key Infrastructure (abbreviated PKI) is to bind a user identity with his public key. Deploying server certificates is a necessity to bring trust in transactions made on the Internet. This mandatory to be able to use electronic signatures, for authentication, session key transport, authenticated key exchange, or more generally, any secured communication. The Local Registration Authority will remain close to its users, it will have to be the local bank branch office or the door Telecom agency It is a foremost importance for these actors to deliver to their members or clients certificates that will enable them to authenticate and sign contracts online. The deployment of connected objects certificates will be a necessity to bring trust in transactions made on the Internet of Things (IOT, Internet of Things). Each manufacturer will become the Registration Authority for its connected objects

State of the art
Contributions
Organization of the paper
General Description
Entities
Comparison with PKIX
Notations
Registration of a New User
Authentication
Revocation
Cross-certification tag
Database exchange
Private blockchain solution
Deployment
Security Analysis
Security Properties
Tamarin Prover Modeling
LOCALPKI Tamarin Model
Trust assumptions
Security of the LOCALPKI
LOCALPKI as an Internet of Things PKI
Conclusion
Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.