Explore chapters and articles related to this topic
Delay-Tolerant Security
Published in Aloizio Pereira da Silva, Scott Burleigh, Katia Obraczka, Delay and Disruption Tolerant Networks, 2019
The following are examples of secure mechanisms that assume rapid access to network peers. Key establishment. A common case is to negotiate an ephemeral key (a session key) that can be used for a communications session and then discarded. The initial negotiation is protected by a long-term key and, at the point in which the ephemeral key is established, the long-term key is no longer used.Key Authentication. The Public Key Infrastructure (PKI), used for most secure transactions on the Internet, uses the concept of a published public key and a secret private key. A public key is represented by a public key certificate that is published by a Certificate Authority (CA) [231]. The CA is the authoritative source for such certificates and can let a user on the network know if a public key that they wish to use is correct, or whether it has expired, been revoked, or otherwise changed. This validation happens every time a new security session is established.
A Routing-Compatible Credit-Based Incentive Scheme for DTNs
Published in Athanasios Vasilakos, Yan Zhang, Thrasyvoulos V. Spyropoulos, Delay Tolerant Networks: Protocols and Applications, 2016
Haojin Zhu, Xiaodong Lin, Rongxing Lu, Yanfei Fan, Xuemin (Sherman) Shen
Public key management is the foundation of any security protocols. In a secure incentive scheme, any misbehaving or malicious nodes will pay the penalty of having their public key certificates revoked. Even for those selfish nodes which run out of their credits, one possible punishment action is also revoking their certificates or reducing their CoS right by revising their certificates. However, public key revocation still represents a great challenge in delay tolerant networks. In a traditional Public Key Infrastructure (PKI), the most commonly adopted certificate revocation scheme is through a Certificate Revocation List (CRL), which is a list of revoked certificates stored in central repositories prepared by the Certificate Authorities (CAs). However, in DTNs, the nodes may suffer from delayed or frequent loss of connectivity to CRL servers [22]. In [23], the use of periodical public key updating is suggested to replace the traditional public key revocation, although, in the real world, public key distribution is also a challenging problem and may lead to a lot of extra management costs. Another possible way to address public key revocation in DTNs is by using cooperative CRL distribution [22], which needs further investigation to find an improved method.
Secure certificate-free ring signature without bilinear pairing
Published in Amir Hussain, Mirjana Ivanovic, Electronics, Communications and Networks IV, 2015
Yan Xu, Liusheng Huang, Miaomiao Tian
In Public Key Infrastructure, certificate authority (CA) is used to issue the digital certificate binding a user's identity with the corresponding key. It is a heavy management burden for CA to issue the public key certificate. In order to resolve the problem, Shamir (Shamir 1985 ) introduced the concept of identity-based cryptography (IBC), where the public key is generated from user's identity. Private key generator (PKG) which is a trusted third party generates a private key using user's ID. However, IBC brings the key escrow problem, for the reason that the PKG knows all users' private key. In 2003, certificateless public key cryptography (CL-PKC) (Al-Riyami& Paterson 2003) was introduced to eliminate certificates in Public Key Infrastructure and solve the key-escrow problem in the IBC. In certificateless public key cryptography, the PKG only generates the partial private key for a user. The user combines its partial private key and secret value chosen by itself as its full secret key. The public key is computed by the secret value and then published. The CL-PKC can also avoid the heavy burden of certificate management as the ID-PKC.
A Public Key Authentication and Privacy Preserving Model for Securing Healthcare System
Published in IETE Journal of Research, 2021
In the literature, numerous strategies for the preservation of privacy have been proposed. The public key infrastructure (PKI) is a standard-based technology for securing encrypted data exchange over the internet using digital certificates. PKI is developing as the cornerstone for internet security by offering the security features such as encryption, algorithms for secure communication, non-repudiation using digital signatures, authentication, etc. the main key elements of the PKI are digital certificates, certificate authority, registration authority and certificate database. Most of them are focused on public key infrastructure (PKI), elliptic curve cryptography (ECC), identity-based cryptography (IBC) [23], Diffie Hellman, Rivest-Shamir-Adelman (RSA), and Fully Homomorphic Encryption (FHE). However, due to low-performance capability and low computational power, many cryptographic techniques cannot be used for IoT devices [24]. So, this paper proposes a system with efficient privacy-preserving and public key authentication with confidentiality in IoT healthcare applications.
Policy-based security for distributed manufacturing execution systems
Published in International Journal of Computer Integrated Manufacturing, 2018
Octavian Morariu, Cristina Morariu, Theodor Borangiu
In order to use SSL with mutual certificate authentication, a PKI is required. The PKI is considered as a software platform that basically generates public/private key pairs, and certificates and associates them with identities by means of a CA.