Visible to the public Biblio

Filters: Keyword is certification  [Clear All Filters]
2021-08-31
Siledar, Seema, Tamane, Sharvari.  2020.  A distortion-free watermarking approach for verifying integrity of relational databases. 2020 International Conference on Smart Innovations in Design, Environment, Management, Planning and Computing (ICSIDEMPC). :192—195.
Due to high availability and easy accessibility of information, it has become quite difficult to assure security of data. Even though watermarking seems to be an effective solution to protect data, it is still challenging to be used with relational databases. Moreover, inserting a watermark in database may lead to distortion. As a result, the contents of database can no longer remain useful. Our proposed distortion-free watermarking approach ensures that integrity of database can be preserved by generating an image watermark from its contents. This image is registered with Certification Authority (CA) before the database is distributed for use. In case, the owner suspects any kind of tampering in the database, an image watermark is generated and compared with the registered image watermark. If both do not match, it can be concluded that the integrity of database has been compromised. Experiments are conducted on Forest Cover Type data set to localize tampering to the finest granularity. Results show that our approach can detect all types of attack with 100% accuracy.
2021-08-02
Billah, Mohammad Masum, Khan, Niaz Ahmed, Ullah, Mohammad Woli, Shahriar, Faisal, Rashid, Syed Zahidur, Ahmed, Md Razu.  2020.  Developing a Secured and Reliable Vehicular Communication System and Its Performance Evaluation. 2020 IEEE Region 10 Symposium (TENSYMP). :60–65.
The Ad-hoc Vehicular networks (VANET) was developed through the implementation of the concepts of ad-hoc mobile networks(MANET), which is swiftly maturing, promising, emerging wireless communication technology nowadays. Vehicular communication enables us to communicate with other vehicles and Roadside Infrastructure Units (RSU) to share information pertaining to the safety system, traffic analysis, Authentication, privacy, etc. As VANETs operate in an open wireless connectivity system, it increases permeable of variant type's security issues. Security concerns, however, which are either generally seen in ad-hoc networks or utterly unique to VANET, present significant challenges. Access Control List (ACL) can be an efficient feature to solve such security issues by permitting statements to access registered specific IP addresses in the network and deny statement unregistered IP addresses in the system. To establish such secured VANETs, the License number of the vehicle will be the Identity Number, which will be assigned via a DNS server by the Traffic Certification Authority (TCA). TCA allows registered vehicles to access the nearest two or more regions. For special vehicles, public access should be restricted by configuring ACL on a specific IP. Smart-card given by TCA can be used to authenticate a subscriber by checking previous records during entry to a new network area. After in-depth analysis of Packet Delivery Ratio (PDR), Packet Loss Ratio (PLR), Average Delay, and Handover Delay, this research offers more secure and reliable communication in VANETs.
2021-03-29
Agirre, I..  2020.  Safe and secure software updates on high-performance embedded systems. 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W). :68—69.

The next generation of dependable embedded systems feature autonomy and higher levels of interconnection. Autonomy is commonly achieved with the support of artificial intelligence algorithms that pose high computing demands on the hardware platform, reaching a high performance scale. This involves a dramatic increase in software and hardware complexity, fact that together with the novelty of the technology, raises serious concerns regarding system dependability. Traditional approaches for certification require to demonstrate that the system will be acceptably safe to operate before it is deployed into service. The nature of autonomous systems, with potentially infinite scenarios, configurations and unanticipated interactions, makes it increasingly difficult to support such claim at design time. In this context, the extended networking technologies can be exploited to collect post-deployment evidence that serve to oversee whether safety assumptions are preserved during operation and to continuously improve the system through regular software updates. These software updates are not only convenient for critical bug fixing but also necessary for keeping the interconnected system resilient against security threats. However, such approach requires a recondition of the traditional certification practices.

2021-03-16
Fiebig, T..  2020.  How to stop crashing more than twice: A Clean-Slate Governance Approach to IT Security. 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS PW). :67—74.

"Moving fast, and breaking things", instead of "being safe and secure", is the credo of the IT industry. However, if we look at the wide societal impact of IT security incidents in the past years, it seems like it is no longer sustainable. Just like in the case of Equifax, people simply forget updates, just like in the case of Maersk, companies do not use sufficient network segmentation. Security certification does not seem to help with this issue. After all, Equifax was IS027001 compliant.In this paper, we take a look at how we handle and (do not) learn from security incidents in IT security. We do this by comparing IT security incidents to early and later aviation safety. We find interesting parallels to early aviation safety, and outline the governance levers that could make the world of IT more secure, which were already successful in making flying the most secure way of transportation.

2021-02-01
Kfoury, E. F., Khoury, D., AlSabeh, A., Gomez, J., Crichigno, J., Bou-Harb, E..  2020.  A Blockchain-based Method for Decentralizing the ACME Protocol to Enhance Trust in PKI. 2020 43rd International Conference on Telecommunications and Signal Processing (TSP). :461–465.
Blockchain technology is the cornerstone of digital trust and systems' decentralization. The necessity of eliminating trust in computing systems has triggered researchers to investigate the applicability of Blockchain to decentralize the conventional security models. Specifically, researchers continuously aim at minimizing trust in the well-known Public Key Infrastructure (PKI) model which currently requires a trusted Certificate Authority (CA) to sign digital certificates. Recently, the Automated Certificate Management Environment (ACME) was standardized as a certificate issuance automation protocol. It minimizes the human interaction by enabling certificates to be automatically requested, verified, and installed on servers. ACME only solved the automation issue, but the trust concerns remain as a trusted CA is required. In this paper we propose decentralizing the ACME protocol by using the Blockchain technology to enhance the current trust issues of the existing PKI model and to eliminate the need for a trusted CA. The system was implemented and tested on Ethereum Blockchain, and the results showed that the system is feasible in terms of cost, speed, and applicability on a wide range of devices including Internet of Things (IoT) devices.
2021-01-20
Mavroudis, V., Svenda, P..  2020.  JCMathLib: Wrapper Cryptographic Library for Transparent and Certifiable JavaCard Applets. 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS PW). :89—96.

The JavaCard multi-application platform is now deployed to over twenty billion smartcards, used in various applications ranging from banking payments and authentication tokens to SIM cards and electronic documents. In most of those use cases, access to various cryptographic primitives is required. The standard JavaCard API provides a basic level of access to such functionality (e.g., RSA encryption) but does not expose low-level cryptographic primitives (e.g., elliptic curve operations) and essential data types (e.g., Integers). Developers can access such features only through proprietary, manufacturer-specific APIs. Unfortunately, such APIs significantly reduce the interoperability and certification transparency of the software produced as they require non-disclosure agreements (NDA) that prohibit public sharing of the applet's source code.We introduce JCMathLib, an open library that provides an intermediate layer realizing essential data types and low-level cryptographic primitives from high-level operations. To achieve this, we introduce a series of optimization techniques for resource-constrained platforms that make optimal use of the underlying hardware, while having a small memory footprint. To the best of our knowledge, it is the first generic library for low-level cryptographic operations in JavaCards that does not rely on a proprietary API.Without any disclosure limitations, JCMathLib has the potential to increase transparency by enabling open code sharing, release of research prototypes, and public code audits. Moreover, JCMathLib can help resolve the conflict between strict open-source licenses such as GPL and proprietary APIs available only under an NDA. This is of particular importance due to the introduction of JavaCard API v3.1, which targets specifically IoT devices, where open-source development might be more common than in the relatively closed world of government-issued electronic documents.

2020-11-09
Farhadi, M., Haddad, H., Shahriar, H..  2019.  Compliance Checking of Open Source EHR Applications for HIPAA and ONC Security and Privacy Requirements. 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC). 1:704–713.
Electronic Health Record (EHR) applications are digital versions of paper-based patient's health information. They are increasingly adopted to improved quality in healthcare, such as convenient access to histories of patient medication and clinic visits, easier follow up of patient treatment plans, and precise medical decision-making process. EHR applications are guided by measures of the Health Insurance Portability and Accountability Act (HIPAA) to ensure confidentiality, integrity, and availability. Furthermore, Office of the National Coordinator (ONC) for Health Information Technology (HIT) certification criteria for usability of EHRs. A compliance checking approach attempts to identify whether or not an adopted EHR application meets the security and privacy criteria. There is no study in the literature to understand whether traditional static code analysis-based vulnerability discovered can assist in compliance checking of regulatory requirements of HIPAA and ONC. This paper attempts to address this issue. We identify security and privacy requirements for HIPAA technical requirements, and identify a subset of ONC criteria related to security and privacy, and then evaluate EHR applications for security vulnerabilities. Finally propose mitigation of security issues towards better compliance and to help practitioners reuse open source tools towards certification compliance.
2020-10-19
Bao, Shihan, Lei, Ao, Cruickshank, Haitham, Sun, Zhili, Asuquo, Philip, Hathal, Waleed.  2019.  A Pseudonym Certificate Management Scheme Based on Blockchain for Internet of Vehicles. 2019 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech). :28–35.
Research into the established area of ITS is evolving into the Internet of Vehicles (IoV), itself a fast-moving research area, fuelled in part by rapid changes in computing and communication technologies. Using pseudonym certificate is a popular way to address privacy issues in IoV. Therefore, the certificate management scheme is considered as a feasible technique to manage system and maintain the lifecycle of certificate. In this paper, we propose an efficient pseudonym certificate management scheme in IoV. The Blockchain concept is introduced to simplify the network structure and distributed maintenance of the Certificate Revocation List (CRL). The proposed scheme embeds part of the certificate revocation functions within the security and privacy applications, aiming to reduce the communication overhead and shorten the processing time cost. Extensive simulations and analysis show the effectiveness and efficiency of the proposed scheme, in which the Blockchain structure costs fewer network resources and gives a more economic solution to against further cybercrime attacks.
2020-10-05
Fowler, Stuart, Sitnikova, Elena.  2019.  Toward a framework for assessing the cyber-worthiness of complex mission critical systems. 2019 Military Communications and Information Systems Conference (MilCIS). :1–6.
Complex military systems are typically cyber-physical systems which are the targets of high level threat actors, and must be able to operate within a highly contested cyber environment. There is an emerging need to provide a strong level of assurance against these threat actors, but the process by which this assurance can be tested and evaluated is not so clear. This paper outlines an initial framework developed through research for evaluating the cyber-worthiness of complex mission critical systems using threat models developed in SysML. The framework provides a visual model of the process by which a threat actor could attack the system. It builds on existing concepts from system safety engineering and expands on how to present the risks and mitigations in an understandable manner.
2020-08-17
Härer, Felix, Fill, Hans-Georg.  2019.  Decentralized Attestation of Conceptual Models Using the Ethereum Blockchain. 2019 IEEE 21st Conference on Business Informatics (CBI). 01:104–113.
Decentralized attestation methods for blockchains are currently being discussed and standardized for use cases such as certification, identity and existence proofs. In a blockchain-based attestation, a claim made about the existence of information can be cryptographically verified publicly and transparently. In this paper we explore the attestation of models through globally unique identifiers as a first step towards decentralized applications based on models. As a proof-of-concept we describe a prototypical implementation of a software connector for the ADOxx metamodeling platform. The connector allows for (a.) the creation of claims bound to the identity of an Ethereum account and (b.) their verification on the blockchain by anyone at a later point in time. For evaluating the practical applicability, we demonstrate the application on the Ethereum network and measure and evaluate limiting factors related to transaction cost and confirmation times.
2020-07-13
Kurbatov, Oleksandr, Shapoval, Oleksiy, Poluyanenko, Nikolay, Kuznetsova, Tetiana, Kravchenko, Pavel.  2019.  Decentralized Identification and Certification System. 2019 IEEE International Scientific-Practical Conference Problems of Infocommunications, Science and Technology (PIC S T). :507–510.
This article describes an approach to identification and certification in decentralized environment. The protocol proposes a way of integration for blockchain technology and web-of-trust concept to create decentralized public key infrastructure with flexible management for user identificators. Besides changing the current public key infrastructure, this system can be used in the Internet of Things (IoT). Each individual IoT sensor must correctly communicate with other components of the system it's in. To provide safe interaction, components should exchange encrypted messages with ability to check their integrity and authenticity, which is presented by this scheme.
2020-07-03
Danilchenko, Victor, Theobald, Matthew, Cohen, Daniel.  2019.  Bootstrapping Security Configuration for IoT Devices on Networks with TLS Inspection. 2019 IEEE Globecom Workshops (GC Wkshps). :1—7.

In the modern security-conscious world, Deep Packet Inspection (DPI) proxies are increasingly often used on industrial and enterprise networks to perform TLS unwrapping on all outbound connections. However, enabling TLS unwrapping requires local devices to have the DPI proxy Certificate Authority certificates installed. While for conventional computing devices this is addressed via enterprise management, it's a difficult problem for Internet of Things ("IoT") devices which are generally not under enterprise management, and may not even be capable of it due to their resource-constrained nature. Thus, for typical IoT devices, being installed on a network with DPI requires either manual device configuration or custom DPI proxy configuration, both of which solutions have significant shortcomings. This poses a serious challenge to the deployment of IoT devices on DPI-enabled intranets. The authors propose a solution to this problem: a method of installing on IoT devices the CA certificates for DPI proxy CAs, as well as other security configuration ("security bootstrapping"). The proposed solution respects the DPI policies, while allowing the commissioning of IoT and IIoT devices without the need for additional manual configuration either at device scope or at network scope. This is accomplished by performing the bootstrap operation over unsecured connection, and downloading certificates using TLS validation at application level. The resulting solution is light-weight and secure, yet does not require validation of the DPI proxy's CA certificates in order to perform the security bootstrapping, thus avoiding the chicken-and-egg problem inherent in using TLS on DPI-enabled intranets.

2020-06-26
Puccetti, Armand.  2019.  The European H2020 project VESSEDIA (Verification Engineering of Safety and SEcurity critical Dynamic Industrial Applications). 2019 22nd Euromicro Conference on Digital System Design (DSD). :588—591.

This paper presents an overview of the H2020 project VESSEDIA [9] aimed at verifying the security and safety of modern connected systems also called IoT. The originality relies in using Formal Methods inherited from high-criticality applications domains to analyze the source code at different levels of intensity, to gather possible faults and weaknesses. The analysis methods are mostly exhaustive an guarantee that, after analysis, the source code of the application is error-free. This paper is structured as follows: after an introductory section 1 giving some factual data, section 2 presents the aims and the problems addressed; section 3 describes the project's use-cases and section 4 describes the proposed approach for solving these problems and the results achieved until now; finally, section 5 discusses some remaining future work.

2020-06-15
Chen, JiaYou, Guo, Hong, Hu, Wei.  2019.  Research on Improving Network Security of Embedded System. 2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom). :136–138.
With the continuous development of information technology, our country has achieved great progress and development in Electronic Science and technology. Nowadays mobile embedded systems are gradually coming into people's vision. Mobile embedded system is a brand-new computer technology in the current computer technology. Now it has been widely used in enterprises. Mobile embedded system extends its functions mainly by combining the access capability of the Internet. Nowadays, embedded system network is widely welcomed by people. But for the embedded system network, there are also a variety of network attacks. Therefore, in the research process of this paper, we mainly start with the way of embedded network security and network attack, and then carry out the countermeasures to improve the network security of embedded system, which is to provide a good reference for improving the security and stability of embedded system.
2020-04-17
Wang, Congli, Lin, Jingqiang, Li, Bingyu, Li, Qi, Wang, Qiongxiao, Zhang, Xiaokun.  2019.  Analyzing the Browser Security Warnings on HTTPS Errors. ICC 2019 - 2019 IEEE International Conference on Communications (ICC). :1—6.
HTTPS provides authentication, data confidentiality, and integrity for secure web applications in the Internet. In order to establish secure connections with the target website but not a man-in-the-middle or impersonation attacker, a browser shows security warnings to users, when different HTTPS errors happen (e.g., it fails to build a valid certificate chain, or the certificate subject does not match the domain visited). Each browser implements its own design of warnings on HTTPS errors, to balance security and usability. This paper presents a list of common HTTPS errors, and we investigate the browser behaviors on each error. Our study discloses browser defects on handling HTTPS errors in terms of cryptographic algorithm, certificate verification, name validation, HPKP, and HSTS.
2020-02-10
Oakes, Edward, Kline, Jeffery, Cahn, Aaron, Funkhouser, Keith, Barford, Paul.  2019.  A Residential Client-Side Perspective on SSL Certificates. 2019 Network Traffic Measurement and Analysis Conference (TMA). :185–192.

SSL certificates are a core component of the public key infrastructure that underpins encrypted communication in the Internet. In this paper, we report the results of a longitudinal study of the characteristics of SSL certificate chains presented to clients during secure web (HTTPS) connection setup. Our data set consists of 23B SSL certificate chains collected from a global panel consisting of over 2M residential client machines over a period of 6 months. The data informing our analyses provide perspective on the entire chain of trust, including root certificates, across a wide distribution of client machines. We identify over 35M unique certificate chains with diverse relationships at all levels of the PKI hierarchy. We report on the characteristics of valid certificates, which make up 99.7% of the total corpus. We also examine invalid certificate chains, finding that 93% of them contain an untrusted root certificate and we find they have shorter average chain length than their valid counterparts. Finally, we examine two unintended but prevalent behaviors in our data: the deprecation of root certificates and secure traffic interception. Our results support aspects of prior, scan-based studies on certificate characteristics but contradict other findings, highlighting the importance of the residential client-side perspective.

Midha, Sugandhi, Triptahi, Khushboo.  2019.  Extended TLS Security and Defensive Algorithm in OpenFlow SDN. 2019 9th International Conference on Cloud Computing, Data Science Engineering (Confluence). :141–146.

Software Defined Network (SDN) is a revolutionary networking paradigm which provides the flexibility of programming the network interface as per the need and demand of the user. Software Defined Network (SDN) is independent of vendor specific hardware or protocols and offers the easy extensions in the networking. A customized network as per on user demand facilitates communication control via a single entity i.e. SDN controller. Due to this SDN Controller has become more vulnerable to SDN security attacks and more specifically a single point of failure. It is worth noticing that vulnerabilities were identified because of customized applications which are semi-independent of underlying network infrastructure. No doubt, SDN has provided numerous benefits like breaking vendor lock-ins, reducing overhead cost, easy innovations, increasing programmability among devices, introducing new features and so on. But security of SDN cannot be neglected and it has become a major topic of debate. The communication channel used in SDN is OpenFlow which has made TLS implementation an optional approach in SDN. TLS adoption is important and still vulnerable. This paper focuses on making SDN OpenFlow communication more secure by following extended TLS support and defensive algorithm.

2019-11-18
Ahmed, Abu Shohel, Aura, Tuomas.  2018.  Turning Trust Around: Smart Contract-Assisted Public Key Infrastructure. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :104–111.
In past, several Certificate Authority (CA) compromise and subsequent mis-issue of certificate raise the importance of certificate transparency and dynamic trust management for certificates. Certificate Transparency (CT) provides transparency for issued certificates, thus enabling corrective measure for a mis-issued certificate by a CA. However, CT and existing mechanisms cannot convey the dynamic trust state for a certificate. To address this weakness, we propose Smart Contract-assisted PKI (SCP) - a smart contract based PKI extension - to manage dynamic trust network for PKI. SCP enables distributed trust in PKI, provides a protocol for managing dynamic trust, assures trust state of a certificate, and provides a better trust experience for end-users.
2019-10-23
Madala, D S V, Jhanwar, Mahabir Prasad, Chattopadhyay, Anupam.  2018.  Certificate Transparency Using Blockchain. 2018 IEEE International Conference on Data Mining Workshops (ICDMW). :71-80.

The security of web communication via the SSL/TLS protocols relies on safe distributions of public keys associated with web domains in the form of X.509 certificates. Certificate authorities (CAs) are trusted third parties that issue these certificates. However, the CA ecosystem is fragile and prone to compromises. Starting with Google's Certificate Transparency project, a number of research works have recently looked at adding transparency for better CA accountability, effectively through public logs of all certificates issued by certification authorities, to augment the current X.509 certificate validation process into SSL/TLS. In this paper, leveraging recent progress in blockchain technology, we propose a novel system, called CTB, that makes it impossible for a CA to issue a certificate for a domain without obtaining consent from the domain owner. We further make progress to equip CTB with certificate revocation mechanism. We implement CTB using IBM's Hyperledger Fabric blockchain platform. CTB's smart contract, written in Go, is provided for complete reference.

Chen, Jing, Yao, Shixiong, Yuan, Quan, He, Kun, Ji, Shouling, Du, Ruiying.  2018.  CertChain: Public and Efficient Certificate Audit Based on Blockchain for TLS Connections. IEEE INFOCOM 2018 - IEEE Conference on Computer Communications. :2060-2068.

In recent years, real-world attacks against PKI take place frequently. For example, malicious domains' certificates issued by compromised CAs are widespread, and revoked certificates are still trusted by clients. In spite of a lot of research to improve the security of SSL/TLS connections, there are still some problems unsolved. On one hand, although log-based schemes provided certificate audit service to quickly detect CAs' misbehavior, the security and data consistency of log servers are ignored. On the other hand, revoked certificates checking is neglected due to the incomplete, insecure and inefficient certificate revocation mechanisms. Further, existing revoked certificates checking schemes are centralized which would bring safety bottlenecks. In this paper, we propose a blockchain-based public and efficient audit scheme for TLS connections, which is called Certchain. Specially, we propose a dependability-rank based consensus protocol in our blockchain system and a new data structure to support certificate forward traceability. Furthermore, we present a method that utilizes dual counting bloom filter (DCBF) with eliminating false positives to achieve economic space and efficient query for certificate revocation checking. The security analysis and experimental results demonstrate that CertChain is suitable in practice with moderate overhead.

2018-11-19
Cebe, M., Akkaya, K..  2017.  Efficient Management of Certificate Revocation Lists in Smart Grid Advanced Metering Infrastructure. 2017 IEEE 14th International Conference on Mobile Ad Hoc and Sensor Systems (MASS). :313–317.

Advanced Metering Infrastructure (AMI) forms a communication network for the collection of power data from smart meters in Smart Grid. As the communication within an AMI needs to be secure, key management becomes an issue due to overhead and limited resources. While using public-keys eliminate some of the overhead of key management, there is still challenges regarding certificates that store and certify the public-keys. In particular, distribution and storage of certificate revocation list (CRL) is major a challenge due to cost of distribution and storage in AMI networks which typically consist of wireless multi-hop networks. Motivated by the need of keeping the CRL distribution and storage cost effective and scalable, in this paper, we present a distributed CRL management model utilizing the idea of distributed hash trees (DHTs) from peer-to-peer (P2P) networks. The basic idea is to share the burden of storage of CRLs among all the smart meters by exploiting the meshing capability of the smart meters among each other. Thus, using DHTs not only reduces the space requirements for CRLs but also makes the CRL updates more convenient. We implemented this structure on ns-3 using IEEE 802.11s mesh standard as a model for AMI and demonstrated its superior performance with respect to traditional methods of CRL management through extensive simulations.

2018-06-07
Chariton, A. A., Degkleri, E., Papadopoulos, P., Ilia, P., Markatos, E. P..  2017.  CCSP: A compressed certificate status protocol. IEEE INFOCOM 2017 - IEEE Conference on Computer Communications. :1–9.

Trust in SSL-based communications is provided by Certificate Authorities (CAs) in the form of signed certificates. Checking the validity of a certificate involves three steps: (i) checking its expiration date, (ii) verifying its signature, and (iii) ensuring that it is not revoked. Currently, such certificate revocation checks are done either via Certificate Revocation Lists (CRLs) or Online Certificate Status Protocol (OCSP) servers. Unfortunately, despite the existence of these revocation checks, sophisticated cyber-attackers, may trick web browsers to trust a revoked certificate, believing that it is still valid. Consequently, the web browser will communicate (over TLS) with web servers controlled by cyber-attackers. Although frequently updated, nonced, and timestamped certificates may reduce the frequency and impact of such cyber-attacks, they impose a very large overhead to the CAs and OCSP servers, which now need to timestamp and sign on a regular basis all the responses, for every certificate they have issued, resulting in a very high overhead. To mitigate this overhead and provide a solution to the described cyber-attacks, we present CCSP: a new approach to provide timely information regarding the status of certificates, which capitalizes on a newly introduced notion called signed collections. In this paper, we present the design, preliminary implementation, and evaluation of CCSP in general, and signed collections in particular. Our preliminary results suggest that CCSP (i) reduces space requirements by more than an order of magnitude, (ii) lowers the number of signatures required by 6 orders of magnitude compared to OCSP-based methods, and (iii) adds only a few milliseconds of overhead in the overall user latency.

Berkowsky, J., Rana, N., Hayajneh, T..  2017.  CAre: Certificate Authority Rescue Engine for Proactive Security. 2017 14th International Symposium on Pervasive Systems, Algorithms and Networks 2017 11th International Conference on Frontier of Computer Science and Technology 2017 Third International Symposium of Creative Computing (ISPAN-FCST-ISCC). :79–86.

Cryptography and encryption is a topic that is blurred by its complexity making it difficult for the majority of the public to easily grasp. The focus of our research is based on SSL technology involving CAs, a centralized system that manages and issues certificates to web servers and computers for validation of identity. We first explain how the certificate provides a secure connection creating a trust between two parties looking to communicate with one another over the internet. Then the paper goes into what happens when trust is compromised and how information that is being transmitted could possibly go into the hands of the wrong person. We are proposing a browser plugin, Certificate Authority Rescue Engine (CAre), to serve as an added source of security with simplicity and visibility. In order to see why CAre will be an added benefit to average and technical users of the internet, one must understand what website security entails. Therefore, this paper will dive deep into website security through the use of public key infrastructure and its core components; certificates, certificate authorities, and their relationship with web browsers.

2018-05-30
P, Rahoof P., Nair, L. R., P, Thafasal Ijyas V..  2017.  Trust Structure in Public Key Infrastructures. 2017 2nd International Conference on Anti-Cyber Crimes (ICACC). :223–227.

Recently perceived vulnerabilities in public key infrastructures (PKI) demand that a semantic or cognitive definition of trust is essential for augmenting the security through trust formulations. In this paper, we examine the meaning of trust in PKIs. Properly categorized trust can help in developing intelligent algorithms that can adapt to the security and privacy requirements of the clients. We delineate the different types of trust in a generic PKI model.

Liu, C., Feng, Y., Fan, M., Wang, G..  2008.  PKI Mesh Trust Model Based on Trusted Computing. 2008 The 9th International Conference for Young Computer Scientists. :1401–1405.

Different organizations or countries maybe adopt different PKI trust model in real applications. On a large scale, all certification authorities (CA) and end entities construct a huge mesh network. PKI trust model exhibits unstructured mesh network as a whole. However, mesh trust model worsens computational complexity in certification path processing when the number of PKI domains increases. This paper proposes an enhanced mesh trust model for PKI. Keys generation and signature are fulfilled in Trusted Platform Module (TPM) for higher security level. An algorithm is suggested to improve the performance of certification path processing in this model. This trust model is less complex but more efficient and robust than the existing PKI trust models.