Abstract
The current public key infrastructure (PKI) has thorny issues like the overhead of certificate revocations and the consequence of fraudulent certificates. To address such issues, we propose TwinPeaks, which is an infrastructure to distribute public keys of named entities on the Internet and the Internet of Things (IoT). TwinPeaks leverages certificateless public key cryptography (CL-PKC), where a key generation center (KGC) cannot know the private key of its member, and hence its compromise will not result in member key leakage. By extending CL-PKC, the public key of an entity becomes dependent on any combination of its networking parameters; thus TwinPeaks can thwart spoofing attacks systematically. With TwinPeaks, the public key of every named entity is distributed online while addressing the PKI’s vulnerabilities.TwinPeaks has public key servers, which constitute the domain name system (DNS)-like hierarchical tree structure. For each parent-child link in the tree, the parent node serves as a key generation center (KGC), and its child nodes set up their own public/secret key pairs by interacting with the KGC as proposed in CL-PKC. In this way, every named entity (e.g., a domain name) has its own public/secret key pair. Thus, a public key of an entity will be provided to a user by its key server as the DNS response is returned to the user by its DNS server.TwinPeaks removes certificates and hence has no revocation overhead. Instead, each named entity should keep/update its networking parameters and public key up-to-date in its DNS server and key server, respectively. By making its public key depend on both its Internet protocol (IP) address and domain name, the compromise of a single entity (e.g., a DNS or key server) cannot lead to successful impersonation. TwinPeaks achieves scalable distribution of public keys since public keys can be cached long term. We also show that TwinPeaks can be applied to the IoT environments by extending the naming scheme.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
