The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
In this paper, we present a new composite key management technique for key management in ad hoc network. The technique includes hierarchical clustering, partially distributed key management, offline certification authority and mobile agent. We apply the concept of dominating set based clustering for partitioning network into clusters. The cluster head is elected based on the trust ability of the node...
This paper forward a method for making FMIPv6 security and fast handover based on the context transfer protocol. The context transfer protocol realizes foreign network certificates the mobile node MN rapidly and safely without home network participating. Besides, during the transferring period, the paper adopts ECC mechanism to keep the context safe and reliable. At the end of the paper, this method...
Wireless sensor networks (WSN) are inherently difficult to secure: Limited memory resources rule out the predistribution of keys or certificates, while manual device (and key) configuration in the field is not feasible due to the dynamic and ad-hoc nature of WSNs. All this is complicated by the fact that WSN nodes are not tamper resistant and operate over an unsecure wireless medium. Public key infrastructures...
A hi-speed system to execute certification path validation of the X.509 Certificate was developed. The algorithm used not only certificates and certificate revocation information but also certification path information as cached information in order to speed up transactions. The effect of it was confirmed by the performance experiment of the certification path validation system in test and real environment.
PKI-based CA system scalability and system maintenance is a research hotspot, the main line of business processes, combined with modern software engineering methods, the traditional architecture of the CA system are analyzed to identify the CA system in the expansion of and maintenance deficiencies, separation of the business to break the traditional way, using the idea of hierarchical tasks, By SSH...
In IEEE ISI 2008, an anonymous attribute authentication scheme has been proposed using a self-blindable certificate scheme. This scheme enables the anonymity and certificate revocation. A Certificate Revocation List (CRL) is used in the revocation check. Even if an attacker can obtain a CRL, the attacker cannot execute the revocation check. This means that this scheme enables the designated revocation...
This paper introduces definitions and constructions of public key infrastructure, certification authority and XTR public key system, describes the principle of digital signature of XTR-Nyberg-Rueppel signatures, and then designs a certificate authority system by using this kind of signature in order to save the time and space both in communication and computation without compromising security.
The public key infrastructure (PKI) provides security services for e-commerce, e-government and other cyber transactions. certification authority (CA), a critical component of PKI, acts as a trust third party (TTP) among these applications. A CA is usually controlled and operated by an authority in real world, which stores and publishes users' public key and other attributes. However, various types...
The existing versions of the SSL and TLS protocols allow servers to request end-entity X.509 certificates from clients by specifying a list of certificate authorities (CAs) they trust. This model is insufficient in complex PKI meshes because clients and servers separately may not possess enough information about the trust fabric to which they are attached. To address the problem, we propose a simple...
One-time signature schemes (OTSS) are based on efficient one-way functions. They achieve fast signing and verification, and sign the message at most 1 time. OTSSs are used to replace asymmetric signatures that incur highercosts in cases where performance is critical. For example, OTSSs are employed in chip cards where low computation complexity is required. The secret key and public key of an OTSS...
In ad hoc networks, all networking functions such as routing and mobility management are performed by the nodes themselves in a self-organizing manner since they do not depend on any centralized authority. However, lack of a centralized authority and a dynamic topology change prompt many security-related challenges, specifically, in providing secure, effective and efficient key management. In this...
The growing number of PKIs (public key infrastructure) and the increasing number of situations where partners of a transaction may carry certificates signed by different CAs (certification authority) point out the problematic of trust between the different CAs. The degree to which a relying party can trust a CA depends upon the quality of its announced policy and its commitment to this policy. In...
The establishment of a public key infrastructure (PKI) in mobile ad hoc networks (MANETs) is considered a difficult task because of the intrinsic characteristics of these networks. The absence of centralized services and the possible network partitions make traditional security solutions not straightforwardly applicable in MANETs. In this paper, we propose a public key management scheme based on a...
Digital watermarking is the enabling technology to prove ownership on copyrighted product, and it monitor the usage of them, even trace them back to the user with embedding of unique buyer identification(ID) as a part of watermark into them. This threat of detection will deter users from releasing unauthorized copies. A problem arises when the seller is untruthful, he has a chance to use the digital...
The certificate-based encryption is a new PKC paradigm which combines public-key encryption (PKE) and identity based encryption (IBE) while preserving their features. CBE provides an efficient implicit certification mechanism for a PKI and allows a form of automatic certificate revocation, while it is not subjected to the private key escrow problem and secret key distribution problem inherent in IBE...
The Fujisaki-Okamoto (FO) conversion is a generic conversion to enhance a public key encryption scheme with security of one-way against chosen plaintext attacks (OW-CPA) to security of indistinguishable against adaptive chosen ciphertext attacks (IND-CCA) in the random oracle model. Existing works have shown that the FO conversion also can generically upgrade the security of the identity-based encryption...
Most solutions focus on the home network security server management and gateway device certification. It is unrealistic where the most subjects are mobile users who want to control home network devices. Therefore minor and fast certification structures are needed to control other devices with mobile device that has lower computing capacity. To solve the above problems, this paper wants to build safe...
Optimal PKI life cycle management depends directly on the strategy to deal with the update and replacement of CA certificates and CA private keys. To reach optimal strategy, it is necessary to develop methods that the replacement is executed to match the specific needs of each PKI. Only one strategy is defined in RFC 4210, but real PKIs need a variety of different strategies. This paper classifies...
When e-business changing people's business model, security has also become the focus the people attended increasingly. PKI (public key infrastructure) is the key technology to ensure the network security. In this paper, the composition of the PKI and architecture are minutely analyzed, the PKI-based e-business security system is established from the basic process of ebusiness activities, and the security...
Ubiquitous computing systems typically have lots of security problems in the area of service supply. The service types and levels, the security delegation of services and the identity hiding of principal etc are all these unsolved problems. In this paper, UCSMssp, a new novel ubiquitous computing service model based on SPKI/SDSI and P2P is presented. SPKI-based authorization is exploited in UCSMssp...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.