Visible to the public PKI Trust Models, 2014

SoS Newsletter- Advanced Book Block


SoS Logo

PKI Trust Models


The Public Key Infrastructure (PKI) is designed to ensure the security of electronic transactions and the exchange of sensitive information through cryptographic keys and certificates. Several PKI trust models are proposed in the literature to model trust relationship and trust propagation. The research cited here looks at several of those models, particularly in the area of ad hoc networks. The research was presented in 2014.

Jain, A.; Khare, G.; Rajan, A.; Manjhi, N.; Pathy, D.; Rawat, A., “Implementation Issues and Challenges with PKI Infrastructure and Its Integration with In-House Developed IT Applications,” IT in Business, Industry and Government (CSIBIG), 2014 Conference on, vol., no., pp. 1, 5, 8-9 March 2014. doi:10.1109/CSIBIG.2014.7056939
Abstract: Rapid deployment of e-governance applications emphasis on need for security and authentication. Many emerging technologies are being developed to fulfil security requirements. The major concern in e-governance transactions is the need for replacement of hand-written signature with an `online' signature. Further, since web enabled applications are prone to various types of security breaches, the discussion on robust and authenticated e-governance transactions is incomplete without consideration of ‘security’ as a prominent aspect of ‘online signatures’. An e-signature may be considered as a type of electronic authentication which can be achieved by means of different types of technologies. Today there are wide range of technologies, products and solutions for securing the electronic infrastructure of any organization. The levels of security implemented should be commensurate with the level of complexity of the organizational data and applications in use. To operate critical web enabled applications, organizations need high-level, certificate-based security provided by a Public Key Infrastructure (PKI). PKI protects applications that demand the highest level of security, web services based business process automation, digital form signing and electronic commerce. PKI is a consistently evolving security process in government and ecommerce. It is the most appropriate security mechanism for securing data, identifying users, and establishing a chain of trust to secure electronic infrastructure. PKI integrates digital identities and signatures to present an end-to-end trust model. This paper discusses the issues and challenges associated with setting up in-house certifying authority and integrating PKI functionality into in-house developed IT applications in our organization.
Keywords: Web services; digital signatures; public key cryptography; PKI infrastructure; Web services based business process automation; digital form signing; e-governance applications; e-signature; electronic authentication; electronic commerce; hand-written signature; in-house developed IT applications; online signatures; public key infrastructure; security breaches; security requirements; web enabled applications; Authorization; Browsers; Cryptography; Databases; Organizations; Reliability; Servers; Digital Signature Certificate; Digital Signing; Oracle Certifying Authority; PKI; Workflow (ID#: 15-6154)

Serna, J.; Morales, R.; Medina, M.; Luna, J., “Trustworthy Communications in Vehicular Ad Hoc NETworks,” Internet of Things (WF-IoT), 2014 IEEE World Forum on, vol., no., pp. 247, 252, 6-8 March 2014. doi:10.1109/WF-IoT.2014.6803167
Abstract: Vehicular Ad-Hoc NETworks (VANETs), a pillar for the Internet of Vehicles, aim to improve road safety by preventing and reducing traffic accidents. While VANETs offer a great variety of safety and infotainment applications, there remain a number of security and privacy challenges, such as, user profiling and vehicle tracking, which, must be addressed. This paper contributes with a framework to address security and privacy issues in VANETs. The proposed framework consists of i) an inter-domain authentication system able to provide a near realtime certificate status service, ii) a mechanism to quantitatively evaluate the trust level of a CA and establish a on-the-fly interoperability relationship, and iii) a privacy enhancing model that addresses privacy in terms of linkability.
Keywords: intelligent transportation systems; road safety; road vehicles; telecommunication security; trusted computing; vehicular ad hoc networks; Internet of vehicles; VANET; intelligent transportation systems; interdomain authentication system; road safety; traffic accidents; trustworthy communications; user profiling; vehicle tracking; vehicular ad hoc networks; Authentication; Internet; Privacy; Protocols; Vehicles; Vehicular ad hoc networks; Anonymity; PKI; Privacy; Security; VANETs (ID#: 15-6166)

Wagan, A.A.; Low Tang Jung, “Security Framework for Low Latency VANET Applications,” Computer and Information Sciences (ICCOINS), 2014 International Conference on, vol., no., pp.1, 6, 3-5 June 2014. doi:10.1109/ICCOINS.2014.6868395
Abstract: Vehicular Ad hoc Network (VANET) is a communication network for vehicles on the highway. Presently, VANET technology is surrounded with security challenges and it is essentially important for VANET to successfully implement a security measure according to the safety applications requirements. Many academia researcher have suggested a various solutions to encounter security attacks and also proposed models to strengthen security characteristics. The current most suitable security scheme for VANET is an Elliptic Curve Digital Signature Algorithm (ECDSA). However ECDSA is associated with high computational cost, therefore it is considered an inappropriate approach for low latency safety applications. In this study, a security framework is proposed to solve above issues; a proposed framework utilizes both traditional cryptographic schemes; asymmetric PKI and symmetric respectively. The asymmetric cryptography scheme is used to securely exchange the key and authentication process and symmetric cryptography scheme is used for low latency safety application (especially time critical safety applications). The suggested framework is not only reduce the latency but also enhance the security cryptography characteristics by establishing trust between ongoing vehicles.
Keywords: digital signatures; public key cryptography; telecommunication security; vehicular ad hoc networks; ECDSA; VANET technology; asymmetric PKI; cryptographic schemes; elliptic curve digital signature algorithm; low latency VANET applications; public key infrastructure; safety application requirements; security attacks; security characteristics; security framework; security measure; symmetric PKI; vehicular ad hoc network; Cryptography; Protocols; Road transportation; Safety; Vehicles; Vehicular ad hoc networks; Asymmetric and Symmetric Cryptography; Latency; TPM; VANET (ID#: 15-6167)

Vilhan, P.; Hudec, L., “Cluster Glue — Improving Service Reachability in PKI Enabled MANET,” Computer Modelling and Simulation (UKSim), 2014 UKSim-AMSS 16th International Conference on, vol., no., pp. 494, 499, 26-28 March 2014. doi:10.1109/UKSim.2014.31
Abstract: This paper presents the revision of our concept to improve the public key infrastructure deploy ability and service reachability in the mobile ad-hoc networks routed by B.A.T.M.A.N. Advanced. We have extended the B.A.T.M.A.N. Advanced routing protocol with authentication and authorization of routing updates based on X.509 certificates. Furthermore we have determined several levels of node’s trust-worthiness and interoperability between trusted authorities in the network. To mitigate extra load caused by renewing of certificates, we have identified critical factors affecting it and designed the computation formula for optimal amount of cross certificates issued by trusted authority. To further improve the service reachablity in highly mobile networks in earlier stages of PKI deployment, we have designed the Cluster Glue. The Cluster Glue helps to connect groups of nodes from different parts of network which owns the certificates issued by the same authority. Thanks to these modifications we are able to mitigate various security risks and provide the more secure route for messages transmitting through the network. Preliminary results were verified by simulations.
Keywords: authorisation; mobile ad hoc networks; public key cryptography; routing protocols; telecommunication security; B.A.T.M.A.N. Advanced routing protocol; PKI enabled MANET; X.509 certificates; authentication; authorization; cluster glue; cross certificates; mobile ad hoc networks; public key infrastructure; security risks; service reachability; trusted authority; Mobile ad hoc networks; Mobile communication; Peer-to-peer computing; Routing; Routing protocols; Security; BAT-MAN; Cluster Glue; MANET; PKI; RSA; ad-hoc; public key infrastructure; routing; security (ID#: 15-6168)

El Uahhabi, Z.; El Bakkali, H., “A Comparative Study of PKI Trust Models,” Next Generation Networks and Services (NGNS), 2014 Fifth International Conference on, vol., no., pp. 255, 261, 28-30 May 2014. doi:10.1109/NGNS.2014.6990261
Abstract: Public Key Infrastructure (PKI) is a security technology designed to ensure the security of electronic transactions and the exchange of sensitive information through cryptographic keys and certificates. Several PKI trust models are proposed in the literature to model trust relationship and trust propagation. In this paper, we present different PKI trust models architectures. We then analyze and compare some proposed PKI trust models for e-services applications.
Keywords: Internet; computer network security; electronic data interchange; public key cryptography; trusted computing; Internet security; PKI trust model; cryptographic key; e-services application; electronic transaction security; information exchange security; public key infrastructure; trust propagation; Adaptation models; Analytical models; Bridges; Certification; Privacy; Public key; PKI; e-health; e-services; trust model (ID#: 15-6169)

Binod Vaidya, Dimitrios Makrakis, Hussein Mouftah; “Effective Public Key Infrastructure for Vehicle-to-Grid Network,” DIVANet ’14, Proceedings of the Fourth ACM International Symposium on Development and Analysis of Intelligent Vehicular Networks and Applications, September 2014, Pages 95-101. doi:10.1145/2656346.2656348
Abstract: A growth of electric vehicle (EV) technologies likely leads a fundamental shift not only in transportation sector but also in the existing electric power grid infrastructure. In Smart grid infrastructure, vehicle-to-grid (V2G) network can be formed such that participating EVs can be used to store energy and supply this energy back to the power grid when required. To realize proper deployment of V2G network, charging infrastructure having various entities such as charging facility, clearinghouse, and energy provider has to be constructed. So use of Public key infrastructure (PKI) is indispensable for provisioning security solution in V2G network. The ISO/IEC 15118 standard is ascribed that incorporates X.509 PKI solution for V2G network. However, as traditional X.509 based PKI for V2G network has several shortcomings, we have proposed an effectual PKI for a V2G network that is built on based on elliptic curve cryptography and self-certified public key technique having implicit certificate to reduce certificate size and certificate verification time. We show that the proposed solution outperforms the existing solution.
Keywords: ECC, ISO/IEC 15118, PKI, X.509, implicit certificate, smart grid, vehicle-to-grid network (ID#: 15-6170)

Jingwei Huang, David M. Nicol; “Evidence-Based Trust Reasoning,” HotSoS ’14, Proceedings of the 2014 Symposium and Bootcamp on the Science of Security, April 2014, Article No. 17. doi:10.1145/2600176.2600193
Abstract: Trust is a necessary component in cybersecurity. It is a common task for a system to make a decision about whether or not to trust the credential of an entity from another domain, issued by a third party. Generally, in the cyberspace, connected and interacting systems largely rely on each other with respect to security, privacy, and performance. In their interactions, one entity or system needs to trust others, and this “trust” frequently becomes a vulnerability of that system. Aiming at mitigating the vulnerability, we are developing a computational theory of trust, as a part of our efforts towards Science of Security. Previously, we developed a formal-semantics-based calculus of trust [3, 2], in which trust can be calculated based on a trustor’s direct observation on the performance of the trustee, or based on a trust network. In this paper, we construct a framework for making trust reasoning based on the observed evidence. We take privacy in cloud computing as a driving application case [5].
Keywords: evidence-based trust, privacy, trust model (ID#: 15-6171)

Adam Bates, Joe Pletcher, Tyler Nichols, Braden Hollembaek, Kevin R.B. Butler; “Forced Perspectives: Evaluating an SSL Trust Enhancement at Scale,” IMC ’14, Proceedings of the 2014 Conference on Internet Measurement Conference, November 2014, Pages 503-510. doi:10.1145/2663716.2663759
Abstract: The certificate authority (CA) PKI system has been used for decades as a means of providing domain identity verification services throughout the Internet, but a growing body of evidence suggests that our trust in this system is misplaced. A recently proposed CA alternative, Convergence, extends the Network Perspectives system of multi-path probing to perform certificate verification. Unfortunately, adoption of Convergence and other SSL/TLS trust enhancements has been slow, in part because it is unknown how these systems perform against large workloads and realistic conditions. In this work we ask the question “What if all certificates were validated with Convergence?” We perform a case study of deploying Convergence under realistic workloads with a university-wide trace of real-world HTTPS activity. By synthesizing Convergence requests, we effectively force perspectives-based verification on an entire university in simulation. We demonstrate that through local and server caching, a single Convergence deployment can meet the requirements of millions of SSL flows while imposing under 0.1% network overhead and requiring as little as 108 ms to validate a certificate, making Convergence a worthwhile candidate for further deployment and adoption.
Keywords: https, public-key certificates, ssl, tls (ID#: 15-6172)

David Basin, Cas Cremers, Tiffany Hyun-Jin Kim, Adrian Perrig, Ralf Sasse, Pawel Szalachowski; “ARPKI: Attack Resilient Public-Key Infrastructure,” CCS ’14, Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, November 2014, Pages 382-393. doi:10.1145/2660267.2660298
Abstract: We present ARPKI, a public-key infrastructure that ensures that certificate-related operations, such as certificate issuance, update, revocation, and validation, are transparent and accountable. ARPKI is the first such infrastructure that systematically takes into account requirements identified by previous research. Moreover, ARPKI is co-designed with a formal model, and we verify its core security property using the Tamarin prover. We present a proof-of-concept implementation providing all features required for deployment. ARPKI efficiently handles the certification process with low overhead and without incurring additional latency to TLS. ARPKI offers extremely strong security guarantees, where compromising n-1 trusted signing and verifying entities is insufficient to launch an impersonation attack. Moreover, it deters misbehavior as all its operations are publicly visible.
Keywords: attack resilience, certificate validation, formal validation, public log servers, public-key infrastructure, tls, TLS (ID#: 15-6173)

Pawel Szalachowski, Stephanos Matsumoto, Adrian Perrig; “PoliCert: Secure and Flexible TLS Certificate Management,” CCS ’14, Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, November 2014, Pages 406-417. doi:10.1145/2660267.2660355
Abstract: The recently proposed concept of publicly verifiable logs is a promising approach for mitigating security issues and threats of the current Public-Key Infrastructure (PKI). Although much progress has been made towards a more secure infrastructure, the currently proposed approaches still suffer from security vulnerabilities, inefficiency, or incremental deployment challenges. In this paper we propose PoliCert, a comprehensive log-based and domain-oriented architecture that enhances the security of PKI by offering: a) stronger authentication of a domain’s public keys, b) comprehensive and clean mechanisms for certificate management, and c) an incentivised incremental deployment plan. Surprisingly, our approach has proved fruitful in addressing other seemingly unrelated problems such as TLS-related error handling and client/server misconfiguration.
Keywords: certificate validation, public log servers, public-key certificate, public-key infrastructure, security policy, ssl, tls, TLS (ID#: 15-6174)

Qingji Zheng, Wei Zhu, Jiafeng Zhu, Xinwen Zhang; “Improved Anonymous Proxy Re-Encryption with CCA Security,” ASIA CCS ’14, Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, June 2014, Pages 249-258.  doi:10.1145/2590296.2590322
Abstract: Outsourcing private data and heavy computation tasks to the cloud may lead to privacy breach as attackers (e.g., malicious outsiders or cloud administrators) may correlate any relevant information to penetrate information of their interests. Therefore, how to preserve cloud users’ privacy has been a top concern when adopting cloud solutions. In this paper, we investigate the identity privacy problem for the proxy re-encryption, which allows any third party (e.g., cloud) to re-encrypt ciphertexts in order to delegate the decryption right from one to another user. The relevant identity information, e.g., whose ciphertext was re-encrypted to the ciphertext under whose public key, may leak because re-encryption keys and ciphertexts (before and after re-encryption) are known to the third party. We review prior anonymity (identity privacy) notions, and find that these notions are either impractical or too weak. To address this problem thoroughly, we rigorously define the anonymity notion that not only embraces the prior anonymity notions but also captures the necessary anonymity requirement for practical applications. In addition, we propose a new and efficient proxy re-encryption scheme. The scheme satisfies the proposed anonymity notion under the Squared Decisional Bilinear Diffie-Hellman assumption and achieves security against chosen ciphertext attack under the Decisional Bilinear Diffie-Hellman assumption in the random oracle model. To the best of our knowledge, it is the first proxy re-encryption scheme attaining both chosen-ciphertext security and anonymity simultaneously. We implement a prototype based on the proposed proxy re-encryption scheme and the performance study shows that it is efficient.
Keywords: anonymity, chosen-ciphertext security, outsourced computation, proxy re-encryption (ID#: 15-6175)

Haya Shulman; “Pretty Bad Privacy: Pitfalls of DNS Encryption,” WPES ’14, Proceedings of the 13th Workshop on Privacy in the Electronic Society, November 2014, Pages 191-200. doi:10.1145/2665943.2665959
Abstract: As awareness for privacy of Domain Name System (DNS) is increasing, a number of mechanisms for encryption of DNS packets were proposed. We study the prominent defences, focusing on the privacy guarantees, interoperability with the DNS infrastructure, and the efficiency overhead. In particular: We explore dependencies in DNS and show techniques that utilise side channel leaks, due to transitive trust, allowing to infer information about the target domain in an encrypted DNS packet.  We examine common DNS servers configurations and show that the proposals are expected to encounter deployment obstacles with (at least) 38% of 50K-top Alexa domains and (at least) 12% of the top-level domains (TLDs), and will disrupt the DNS functionality and availability for clients. We show that due to the non-interoperability with the caches, the proposals for end-to-end encryption may have a prohibitive traffic overhead on the name servers. Our work indicates that further study may be required to adjust the proposals to stand up to their security guarantees, and to make them suitable for the common servers’ configurations in the DNS infrastructure. Our study is based on collection and analysis of the DNS traffic of 50K-top Alexa domains and 568 TLDs.
Keywords: dns, dns caching, dns encryption, dns infrastructure, dns privacy, dns security, side channel attacks, transitive trust dependencies (ID#: 15-6176)

Ethan Heilman, Danny Cooper, Leonid Reyzin, Sharon Goldberg; “From the Consent of the Routed: Improving the Transparency of the RPKI,” SIGCOMM ’14, Proceedings of the 2014 ACM Conference on SIGCOMM, August 2014, Pages 51-62. doi:10.1145/2619239.2626293
Abstract: The Resource Public Key Infrastructure (RPKI) is a new infrastructure that prevents some of the most devastating attacks on interdomain routing. However, the security benefits provided by the RPKI are accomplished via an architecture that empowers centralized authorities to unilaterally revoke any IP prefixes under their control. We propose mechanisms to improve the transparency of the RPKI, in order to mitigate the risk that it will be used for IP address takedowns. First, we present tools that detect and visualize changes to the RPKI that can potentially take down an IP prefix. We use our tools to identify errors and revocations in the production RPKI. Next, we propose modifications to the RPKI's architecture to (1) require any revocation of IP address space to receive consent from all impacted parties, and (2) detect when misbehaving authorities fail to obtain consent. We present a security analysis of our architecture, and estimate its overhead using data-driven analysis.
Keywords: RPKI, public key infrastructures, security, transparency (ID#: 15-6177)

Tiffany Hyun-Jin Kim, Cristina Basescu, Limin Jia, Soo Bum Lee, Yih-Chun Hu, Adrian Perrig; “Lightweight Source Authentication and Path Validation,” SIGCOMM ’14, Proceedings of the 2014 ACM Conference on SIGCOMM, August 2014, Pages 271-282. doi:10.1145/2619239.2626323
Abstract: In-network source authentication and path validation are fundamental primitives to construct higher-level security mechanisms such as DDoS mitigation, path compliance, packet attribution, or protection against flow redirection. Unfortunately, currently proposed solutions either fall short of addressing important security concerns or require a substantial amount of router overhead. In this paper, we propose lightweight, scalable, and secure protocols for shared key setup, source authentication, and path validation. Our prototype implementation demonstrates the efficiency and scalability of the protocols, especially for software-based implementations.
Keywords: path validation, retroactive key setup, source authentication (ID#: 15-6178)

Julian Horsch, Konstantin Böttinger, Michael Weiß, Sascha Wessel, Frederic Stumpf; “TrustID: Trustworthy Identities for Untrusted Mobile Devices,” CODASPY ’14, Proceedings of the 4th ACM Conference on Data and Application Security and Privacy, March 2014, Pages 281-288. doi:10.1145/2557547.2557593
Abstract: Identity theft has deep impacts in today's mobile ubiquitous environments. At the same time, digital identities are usually still protected by simple passwords or other insufficient security mechanisms. In this paper, we present the TrustID architecture and protocols to improve this situation. Our architecture utilizes a Secure Element (SE) to store multiple context-specific identities securely in a mobile device, e.g., a smartphone. We introduce protocols for securely deriving identities from a strong root identity into the SE inside the smartphone as well as for using the newly derived IDs. Both protocols do not require a trustworthy smartphone operating system or a Trusted Execution Environment. In order to achieve this, our concept includes a secure combined PIN entry mechanism for user authentication, which prevents attacks even on a malicious device. To show the feasibility of our approach, we implemented a prototype running on a Samsung Galaxy SIII smartphone utilizing a microSD card SE. The German identity card nPA is used as root identity to derive context-specific identities.
Keywords: android, combined pin entry, identity derivation, identity provider, mobile security, npa, secure element, smartphone (ID#: 15-6179)

Teklemariam Tsegay Tesfay, Jean-Pierre Hubaux, Jean-Yves Le Boudec, Philippe Oechslin; “Cyber-Secure Communication Architecture for Active Power Distribution Networks,” SAC ’14, Proceedings of the 29th Annual ACM Symposium on Applied Computing, March 2014, Pages 545-552.  doi:10.1145/2554850.2555082
Abstract: Active power distribution networks require sophisticated monitoring and control strategies for efficient energy management and automatic adaptive reconfiguration of the power infrastructure. Such requirements are realised by deploying a large number of various electronic automation and communication field devices, such as Phasor Measurement Units (PMUs) or Intelligent Electronic Devices (IEDs), and a reliable two-way communication infrastructure that facilitates transfer of sensor data and control signals. In this paper, we perform a detailed threat analysis in a typical active distribution network’s automation system. We also propose mechanisms by which we can design a secure and reliable communication network for an active distribution network that is resilient to insider and outsider malicious attacks, natural disasters, and other unintended failure. The proposed security solution also guarantees that an attacker is not able to install a rogue field device by exploiting an emergency situation during islanding.
Keywords: PKI, active distribution network, authentication, islanding, smart grid, smart grid security, unauthorised access (ID#: 15-6180)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.