56 resultados para PKI
Resumo:
The primary goal of the Vehicular Ad Hoc Network (VANET) is to provide real-time safety-related messages to motorists to enhance road safety. Accessing and disseminating safety-related information through the use of wireless communications technology in VANETs should be secured, as motorists may make critical decisions in dealing with an emergency situation based on the received information. If security concerns are not addressed in developing VANET systems, an adversary can tamper with, or suppress, the unprotected message to mislead motorists to cause traffic accidents and hazards. Current research on secure messaging in VANETs focuses on employing the certificate-based Public Key Infrastructure (PKI) scheme to support message encryption and digital signing. The security overhead of such a scheme, however, creates a transmission delay and introduces a time-consuming verification process to VANET communications. This thesis has proposed a novel public key verification and management approach for VANETs; namely, the Public Key Registry (PKR) regime. Compared to the VANET PKI scheme, this new approach can satisfy necessary security requirements with improved performance and scalability, and at a lower cost by reducing the security overheads of message transmission and eliminating digital certificate deployment and maintenance issues. The proposed PKR regime consists of the required infrastructure components, rules for public key management and verification, and a set of interactions and associated behaviours to meet these rule requirements. This is achieved through a system design as a logic process model with functional specifications. The PKR regime can be used as development guidelines for conforming implementations. An analysis and evaluation of the proposed PKR regime includes security features assessment, analysis of the security overhead of message transmission, transmission latency, processing latency, and scalability of the proposed PKR regime. Compared to certificate-based PKI approaches, the proposed PKR regime can maintain the necessary security requirements, significantly reduce the security overhead by approximately 70%, and improve the performance by 98%. Meanwhile, the result of the scalability evaluation shows that the latency of employing the proposed PKR regime stays much lower at approximately 15 milliseconds, whether operating in a huge or small environment. It is therefore believed that this research will create a new dimension to the provision of secure messaging services in VANETs.
Resumo:
A self-escrowed public key infrastructure (SE-PKI) combines the usual functionality of a public-key infrastructure with the ability to recover private keys given some trap-door information. We present an additively homomorphic variant of an existing SE-PKI for ElGamal encryption. We also propose a new efficient SE-PKI based on the ElGamal and Okamoto-Uchiyama cryptosystems that is more efficient than the previous SE-PKI. This is the first SE-PKI that does not suffer from a key doubling problem of previous SE-PKI proposals. Additionally, we present the first self-escrowed encryption schemes secure against chosen-ciphertext attack in the standard model. These schemes are also quite efficient and are based on the Cramer-Shoup cryptosystem, and the Kurosawa-Desmedt hybrid variant in different groups.
Resumo:
To protect the health information security, cryptography plays an important role to establish confidentiality, authentication, integrity and non-repudiation. Keys used for encryption/decryption and digital signing must be managed in a safe, secure, effective and efficient fashion. The certificate-based Public Key Infrastructure (PKI) scheme may seem to be a common way to support information security; however, so far, there is still a lack of successful large-scale certificate-based PKI deployment in the world. In addressing the limitations of the certificate-based PKI scheme, this paper proposes a non-certificate-based key management scheme for a national e-health implementation. The proposed scheme eliminates certificate management and complex certificate validation procedures while still maintaining security. It is also believed that this study will create a new dimension to the provision of security for the protection of health information in a national e-health environment.
Resumo:
Most security models for authenticated key exchange (AKE) do not explicitly model the associated certification system, which includes the certification authority (CA) and its behaviour. However, there are several well-known and realistic attacks on AKE protocols which exploit various forms of malicious key registration and which therefore lie outside the scope of these models. We provide the first systematic analysis of AKE security incorporating certification systems (ASICS). We define a family of security models that, in addition to allowing different sets of standard AKE adversary queries, also permit the adversary to register arbitrary bitstrings as keys. For this model family we prove generic results that enable the design and verification of protocols that achieve security even if some keys have been produced maliciously. Our approach is applicable to a wide range of models and protocols; as a concrete illustration of its power, we apply it to the CMQV protocol in the natural strengthening of the eCK model to the ASICS setting.
Resumo:
The notion of certificateless public-key encryption (CL-PKE) was introduced by Al-Riyami and Paterson in 2003 that avoids the drawbacks of both traditional PKI-based public-key encryption (i.e., establishing public-key infrastructure) and identity-based encryption (i.e., key escrow). So CL-PKE like identity-based encryption is certificate-free, and unlike identity-based encryption is key escrow-free. In this paper, we introduce simple and efficient CCA-secure CL-PKE based on (hierarchical) identity-based encryption. Our construction has both theoretical and practical interests. First, our generic transformation gives a new way of constructing CCA-secure CL-PKE. Second, instantiating our transformation using lattice-based primitives results in a more efficient CCA-secure CL-PKE than its counterpart introduced by Dent in 2008.
Resumo:
The first generation e-passport standard is proven to be insecure and prone to various attacks. To strengthen, the European Union (EU) has proposed an Extended Access Control (EAC) mechanism for e-passports that intends to provide better security in protecting biometric information of the e-passport bearer. But, our analysis shows, the EU proposal fails to address many security and privacy issues that are paramount in implementing a strong security mechanism. In this paper we propose an on-line authentication mechanism for electronic passports that addresses the weakness in existing implementations, of both The International Civil Aviation Organisation (ICAO) and EU. Our proposal utilises ICAO PKI implementation, thus requiring very little modifications to the existing infrastructure which is already well established.
Resumo:
The now-banned anorectic molecule, dexfenfluramine, promotes serotonin release through a serotonin transporter-dependent mechanism, and it has been widely prescribed for the treatment of obesity. Previous studies have identified that 5-HT(2B) receptors have important roles in dexfenfluramine side effects, that is, pulmonary hypertension, plasma serotonin level regulation, and valvulopathy. We thus investigated a putative contribution of 5-HT(2B) receptors in dexfenfluramine-dependent feeding behavior in mice. Interestingly, the hypophagic response to dexfenfluramine (3-10 mg/kg) observed in wild-type mice (1-4 h) was eliminated in mice lacking 5-HT(2B) receptors (5-HT(2B)(-/-)). These findings were further validated by the lack of hypophagic response to dexfenfluramine in wild-type mice treated with RS127445, a highly selective and potent antagonist (pKi=8.22 ± 0.24). Using microdialysis, we observed that in 5-HT(2B)(-/-) awake mice, the dexfenfluramine-induced hypothalamic peak of serotonin release (1 h) was strongly reduced (fourfold) compared with wild type. Moreover, using hypothalamic synaptosomes, we established the serotonergic neuron autonomous properties of this effect: a strong serotonin release was observed upon dexfenfluramine stimulation of synaptosome preparation from wild type but not from mice lacking active 5-HT(2B) receptors. These findings strongly suggest that activation of presynaptic 5-HT(2B) receptors is a limiting step in the serotonin transporter dependent-releasing effect of dexfenfluramine, whereas other serotonin receptors act downstream with respect to feeding behavior.
Resumo:
Cooperative Intelligent Transportation Systems (C-ITS) allow in-vehicle systems, and ultimately the driver, to enhance their awareness of their surroundings by enabling communication between vehicles and road infrastructure. C-ITS are widely considered as the next major step in driving assistance systems, aiming at increasing safety, comfort and mobility for drivers. However, any communicating systems are subjected to security threats. A key component for providing secure communications at a large scale is a Public Key Infrastructure (PKI). Due to the safety-critical nature of Vehicle-to-Vehicle (V2V) communications, a C-ITS PKI has functional, performance and scalability requirements that differ from traditional non-automotive environments. This paper identifies and defines the key functional and security requirements for C-ITS PKI systems and analyses proposed C-ITS PKI standards against these requirements. In particular, the proposed US and European C-ITS PKI systems are identified as being too complex and not scalable. The paper also highlights various privacy, security and scalability concerns that should be considered for a secure C-ITS PKI solution in the Australian transport landscape.
Resumo:
Pathogenic rnycobacteria, including Mycobacterium tuberculosis and Mycobacterium bovis, cause significant morbidity and mortality worldwide. However, the vaccine strain Mycobacterium bovis BCG, unlike virulent strains, triggers extensive apoptosis of infected macrophages, a step necessary for the elicitation of robust protective immunity. We here demonstrate that M. bovis BCG triggers Toll-like receptor 2 (TLR2)-dependent microRNA-155 (miR-155) expression, which involves signaling cross talk among phosphatidylinositol 3-kinase (PI3K), protein kinase C delta (PKC delta), and mitogen-activated protein kinases (MAPKs) and recruitment of NF-kappa B and c-ETS to miR-155 promoter. Genetic and signaling perturbations presented the evidence that miR-155 regulates PKA signaling by directly targeting a negative regulator of PKA, protein kinase inhibitor alpha (PKI-alpha). Enhanced activation of PKA signaling resulted in the generation of PKA C-alpha; phosphorylation of MSK1, cyclic AMP response element binding protein (CREB), and histone H3; and recruitment of phospho-CREB to the apoptotic gene promoters. The miR-155-triggered activation of caspase-3, BAK1, and cytochrome c translocation involved signaling integration of MAPKs and epigenetic or posttranslational modification of histones or CREB. Importantly, M. bovis BCG infection-induced apoptosis was severely compromised in macrophages derived from miR-155 knockout mice. Gain-of-function and loss-of-function studies validated the requirement of miR-155 for M. bovis BCG's ability to trigger apoptosis. Overall, M. bovis BCG-driven miR-155 dictates cell fate decisions of infected macrophages, strongly implicating a novel role for miR-155 in orchestrating cellular reprogramming during immune responses to mycobacterial infection.
Resumo:
The RSA-based Password-Authenticated Key Exchange (PAKE) protocols have been proposed to realize both mutual authentication and generation of secure session keys where a client is sharing his/her password only with a server and the latter should generate its RSA public/private key pair (e, n), (d, n) every time due to the lack of PKI (Public-Key Infrastructures). One of the ways to avoid a special kind of off-line (so called e-residue) attacks in the RSA-based PAKE protocols is to deploy a challenge/response method by which a client verifies the relative primality of e and φ(n) interactively with a server. However, this kind of RSA-based PAKE protocols did not give any proof of the underlying challenge/response method and therefore could not specify the exact complexity of their protocols since there exists another security parameter, needed in the challenge/response method. In this paper, we first present an RSA-based PAKE (RSA-PAKE) protocol that can deploy two different challenge/response methods (denoted by Challenge/Response Method1 and Challenge/Response Method2). The main contributions of this work include: (1) Based on the number theory, we prove that the Challenge/Response Method1 and the Challenge/Response Method2 are secure against e-residue attacks for any odd prime e; (2) With the security parameter for the on-line attacks, we show that the RSA-PAKE protocol is provably secure in the random oracle model where all of the off-line attacks are not more efficient than on-line dictionary attacks; and (3) By considering the Hamming weight of e and its complexity in the RSA-PAKE protocol, we search for primes to be recommended for a practical use. We also compare the RSA-PAKE protocol with the previous ones mainly in terms of computation and communication complexities.
Resumo:
CA(certificate authority)是PKI中的关键设施.CA的私有密钥一旦泄露,该CA签发的所有证书就只能全部作废.保护在线服务CA的私钥也就成为一个非常重要的课题.不是从保护系统或检测入侵出发来保证CA的安全,而是确保当少数部件被攻击或占领后,CA系统的机密信息并没有暴露.通过将私钥分发给不同的部件,并保证任何一个在线的部件无法恢复CA的私钥,从而保护了CA私钥的保密性.
Resumo:
分析了现有的网格认证框架中存在的问题,提出了一种基于身份的多信任域网格认证模型.该模型以基于身份的PKI为基础,避免了基于传统PKI的认证框架的诸多缺点.同时,该模型提供了跨信任域的双向实体认证功能.模拟试验表明,该认证模型比基于传统PKI的认证框架更轻量、更高效.而且由于该模型可以在多信任域的环境下工作,故而比W Mao提出的只能在单一信任域中工作的认证框架更符合网格认证的实际需要.
Resumo:
证书状态查询是PKI中的一个关键问题,OCSP是解决这个问题的一种重要机制。本文分析了OCSP协议的技术细节,并在此基础上设计了一种高效的、可扩展的OCSP系统。文中对该系统的关键技术和其自身的安全性问题进行了详细的论述。最后,给出了关于OCSP机制的一些未决问题以及某些思考。
Resumo:
针对目前基于公钥证书的PKI体系所固有的网络开销大,证书往来过于频繁等缺点,提出并分析了基于身份加密体系(IBC体系)的认证架构和互动模型,说明了IBC模型相对于PKI体系结构的优缺点。针对XML签名和XML加密这两个Web-Security核心协议,比较了使用X.509公钥证书体系和IBC无证书方式在SOAP协议中的实现方式。证明了在保证信息安全的同时,使用IBC模型可以大幅降低网络传输内容,提高了SOA体系的效率和可扩展性。
Resumo:
Three kinds of high-performance polyimides 1 (poly(ketone-imide) PKI), 2 (poly(ether-imide) PEI) and 3 (poly(oxy-imide) POI) were studied using nuclear magnetic resonance (NMR). The NMR spectra of the polyimides were assigned according to the comprehensive consideration of the substitution effect of different substituting groups, viz. distortionless enhancement by polarization transfer (DEPT), no nuclear Overhauser effect (NNE), analysis of relaxation time, and two-dimensional correlated spectroscopy (COSY) techniques. The structural units of these three polyimides were determined. Carbon-13 and proton relaxation times for PEI and PKI were interpreted in terms of segmental motion characterized by the sharp cutoff model of Jones and Stockmayer (JS model) and anisotropic group rotation such as phenyl group rotation and methyl group rotation. Correlation times for the main-chain motion are in the tens of picosecond range which indicates the high flexibility of polyimide chains. Correlation times for phenyl group and methyl group rotations are more than 1 order of magnitude lower and approximately 1 order of magnitude higher than that of the main chain, respectively.
