Distributing security-mediated PKI

Authors:
Gabriel Vanrenen;Sean Smith;John Marchesini
Affiliations:
Department of Computer Science/PKI Lab, Dartmouth College, 03755, Hanover, NH, USA;Department of Computer Science/PKI Lab, Dartmouth College, 03755, Hanover, NH, USA;Department of Computer Science/PKI Lab, Dartmouth College, 03755, Hanover, NH, USA
Venue:
International Journal of Information Security
Year:
2006

Citing 0
Cited 2

Instant Revocation

EuroPKI '08 Proceedings of the 5th European PKI workshop on Public Key Infrastructure: Theory and Practice
Concord: a secure mobile data authorization framework for regulatory compliance

LISA'08 Proceedings of the 22nd conference on Large installation system administration conference

Quantified Score

Hi-index	0.00

Visualization

Abstract

The security-mediated approach to PKI offers several advantages, such as instant revocation and compatibility with standard RSA tools. In this paper, we present a design and prototype that addresses its trust and scalability problems. We use trusted computing platforms linked with peer-to-peer networks to create a network of trustworthy mediators and improve availability. We use threshold cryptography to build a back-up and migration technique which allows recovery from a mediator crashing while also avoiding having all mediators share all secrets. We then use strong forward secrecy with this migration, to mitigate the damage should a crashed mediator actually be compromised.