Biblio
A permissioned blockchain platform comes with numerous assurances such as transaction confidentiality and system scalability to several organizations. Most permissioned blockchains rely on a Public-Key Infrastructure (PKI)as cryptographic tools to provide security services such as identity authentication and data confidentiality. Using PKI to validate transactions includes validating digital certificates of endorsement peers which creates an overhead in the system. Because public-key operations are computationally intensive, they limit the scalability of blockchain applications. Due to a large modulus size and expensive modular exponentiation operations, public-key operations such as RSA become slower than polynomial-based schemes, which involve a smaller modulus size and a less smaller number of modular multiplications. For instance, the 2048-bit RSA is approximately 15,728 times slower than a polynomial with a degree of 50 and 128-bit modulus size. In this paper, we propose a lightweight polynomial-based key management scheme in the context of a permissioned blockchain. Our scheme involves computationally less intensive polynomial evaluation operations such as additions and multiplications that result in a faster processing compared with public-key schemes. In addition, our proposed solution reduces the overhead of processing transactions and improves the system scalability. Security and performance analysis are provided in the paper.
It is standard practice that the secret key derived from an execution of a Password Authenticated Key Exchange (PAKE) protocol is used to authenticate and encrypt some data payload using a Symmetric Key Protocol (SKP). Unfortunately, most PAKEs of practical interest are studied using so-called game-based models, which – unlike simulation models – do not guarantee secure composition per se. However, Brzuska et al. (CCS 2011) have shown that a middle ground is possible in the case of authenticated key exchange that relies on Public-Key Infrastructure (PKI): the game-based models do provide secure composition guarantees when the class of higher-level applications is restricted to SKPs. The question that we pose in this paper is whether or not a similar result can be exhibited for PAKE. Our work answers this question positively. More specifically, we show that PAKE protocols secure according to the game-based Real-or-Random (RoR) definition with the weak forward secrecy of Abdalla et al. (S&P 2015) allow for safe composition with arbitrary, higher-level SKPs. Since there is evidence that most PAKEs secure in the Find-then-Guess (FtG) model are in fact secure according to RoR definition, we can conclude that nearly all provably secure PAKEs enjoy a certain degree of composition, one that at least covers the case of implementing secure channels.
Public key infrastructure (PKI) is the foundation and core of network security construction. Blockchain (BC) has many technical characteristics, such as decentralization, impossibility of being tampered with and forged, which makes it have incomparable advantages in ensuring information credibility, security, traceability and other aspects of traditional technology. In this paper, a method of constructing PKI certificate system based on permissioned BC is proposed. The problems of multi-CA mutual trust, poor certificate configuration efficiency and single point failure in digital certificate system are solved by using the characteristics of BC distribution and non-tampering. At the same time, in order to solve the problem of identity privacy on BC, this paper proposes a privacy-aware PKI system based on permissioned BCs. This system is an anonymous digital certificate publishing scheme., which achieves the separation of user registration and authorization, and has the characteristics of anonymity and conditional traceability, so as to realize to protect user's identity privacy. The system meets the requirements of certificate security and anonymity, reduces the cost of CA construction, operation and maintenance in traditional PKI technology, and improves the efficiency of certificate application and configuration.
Different organizations or countries maybe adopt different PKI trust model in real applications. On a large scale, all certification authorities (CA) and end entities construct a huge mesh network. PKI trust model exhibits unstructured mesh network as a whole. However, mesh trust model worsens computational complexity in certification path processing when the number of PKI domains increases. This paper proposes an enhanced mesh trust model for PKI. Keys generation and signature are fulfilled in Trusted Platform Module (TPM) for higher security level. An algorithm is suggested to improve the performance of certification path processing in this model. This trust model is less complex but more efficient and robust than the existing PKI trust models.
Vehicular Ad-Hoc Networks (VANET) are the creation of several vehicles communicating with each other in order to create a network capable of communication and data exchange. One of the most promising methods for security and trust amongst vehicular networks is the usage of Public Key Infrastructure (PKI). However, current implementations of PKI as a security solution for determining the validity and authenticity of vehicles in a VANET is not efficient due to the usage of large amounts of delay and computational overhead. In this paper, we investigate the potential of PKI when predictively and preemptively passing along certificates to roadside units (RSU) in an effort to lower delay and computational overhead in a dynamic environment. We look to accomplish this through utilizing fog computing and propose a new protocol to pass certificates along the projected path.
Most of the existing authentication protocols are based on either asymmetric cryptography like public-key infrastructure (PKI) or symmetric cryptography. The PKI-based authentication protocols are strongly recommended for solving security issues in VANETs. However, they have following shortcomings: (1) lengthy certificates lead to transmission and computation overheads, and (2) lack of privacy-preservation due to revealing of vehicle identity, communicated in broadcasting safety-message. Symmetric cryptography based protocols are faster because of a single secret key and simplicity; however, it does not ensure non-repudiation. In this paper, we present an Efficient, Scalable and Privacy-preserving Authentication (ESPA) protocol for secure vehicular ad hoc networks (VANETs). The protocol employs hybrid cryptography. In ESPA, the asymmetric PKI based pre-authentication and the symmetric hash message authentication code (HMAC) based authentication are adopted during vehicle to infrastructure (V2I) and vehicle to vehicle (V2V) communications, respectively. Extensive simulations are conducted to validate proposed ESPA protocol and compared with the existing work based on PKI and HMAC. The performance analysis showed that ESPA is more efficient, scalable and privacy-preserving secured protocol than the existing work.