How to avoid the breakdown of public key infrastructures: forward secure signatures for certificate authorities

Johannes Braun; Andreas Hülsing; Alex Wiesmaier; Martín A G Vigil; Johannes Buchmann

doi:10.1007/978-3-642-40012-4_4

How to avoid the breakdown of public key infrastructures: forward secure signatures for certificate authorities

Johannes Braun
, Andreas Hülsing
, Alex Wiesmaier
, Martín A G Vigil
, Johannes Buchmann

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

2 Citations (Scopus)

Abstract

Recent attacks and publications have shown the vulnerability of hierarchical Public Key Infrastructures (PKIs) and the fatal impact of revoked Certification Authority (CA) certificates in the PKIX validity model. Alternative validity models, such as the extended shell and the chain model, improve the situation but rely on independent proofs of existence, which are usually provided using time-stamps. As time-stamps are validated using certificates, they suffer from the same problems as the PKI they are supposed to protect. Our solution to this problem is abandoning time-stamps and providing proof of existence using Forward Secure Signatures (FSS). In particular, we present different possibilities to use the chain model together with FSS, resulting in schemes that include the necessary proofs of existence into the certificates themselves.

Original language	English
Title of host publication	Public Key Infrastructures, Services and Applications
Subtitle of host publication	9th European Workshop, EuroPKI 2012, Pisa, Italy, September 13-14, 2012, Revised Selected Papers
Editors	S. De Capitani di Vimercati , Chr. Mitchell
Place of Publication	Berlin
Publisher	Springer
Pages	53-68
Number of pages	16
ISBN (Print)	9783642400117
DOIs	https://doi.org/10.1007/978-3-642-40012-4_4
Publication status	Published - 2013
Externally published	Yes
Event	9th European Workshop on Public Key Infrastructures, Services and Applications (EuroPKI 2012) - Pisa, Italy Duration: 13 Sept 2012 → 14 Sept 2012 Conference number: 9

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	7868 LNCS
ISSN (Print)	03029743
ISSN (Electronic)	16113349

Conference

Conference	9th European Workshop on Public Key Infrastructures, Services and Applications (EuroPKI 2012)
Abbreviated title	EuroPKI 2012
Country/Territory	Italy
City	Pisa
Period	13/09/12 → 14/09/12

Keywords

Authentication
CA
Certificate
Forward secure signature
PKI
Revocation
Time-stamping
Validity model

Access to Document

10.1007/978-3-642-40012-4_4

Cite this

Braun, J., Hülsing, A., Wiesmaier, A., Vigil, M. A. G., & Buchmann, J. (2013). How to avoid the breakdown of public key infrastructures: forward secure signatures for certificate authorities. In S. De Capitani di Vimercati , & C. Mitchell (Eds.), Public Key Infrastructures, Services and Applications: 9th European Workshop, EuroPKI 2012, Pisa, Italy, September 13-14, 2012, Revised Selected Papers (pp. 53-68). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7868 LNCS). Springer. https://doi.org/10.1007/978-3-642-40012-4_4

Braun, Johannes ; Hülsing, Andreas ; Wiesmaier, Alex et al. / How to avoid the breakdown of public key infrastructures : forward secure signatures for certificate authorities. Public Key Infrastructures, Services and Applications: 9th European Workshop, EuroPKI 2012, Pisa, Italy, September 13-14, 2012, Revised Selected Papers. editor / S. De Capitani di Vimercati ; Chr. Mitchell. Berlin : Springer, 2013. pp. 53-68 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{c9d07ec635f94836888f7c7370ff8469,

title = "How to avoid the breakdown of public key infrastructures: forward secure signatures for certificate authorities",

abstract = "Recent attacks and publications have shown the vulnerability of hierarchical Public Key Infrastructures (PKIs) and the fatal impact of revoked Certification Authority (CA) certificates in the PKIX validity model. Alternative validity models, such as the extended shell and the chain model, improve the situation but rely on independent proofs of existence, which are usually provided using time-stamps. As time-stamps are validated using certificates, they suffer from the same problems as the PKI they are supposed to protect. Our solution to this problem is abandoning time-stamps and providing proof of existence using Forward Secure Signatures (FSS). In particular, we present different possibilities to use the chain model together with FSS, resulting in schemes that include the necessary proofs of existence into the certificates themselves.",

keywords = "Authentication, CA, Certificate, Forward secure signature, PKI, Revocation, Time-stamping, Validity model",

author = "Johannes Braun and Andreas H{\"u}lsing and Alex Wiesmaier and Vigil, \{Mart{\'i}n A G\} and Johannes Buchmann",

year = "2013",

doi = "10.1007/978-3-642-40012-4\_4",

language = "English",

isbn = "9783642400117",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "53--68",

editor = "\{De Capitani di Vimercati \}, S. and Chr. Mitchell",

booktitle = "Public Key Infrastructures, Services and Applications",

address = "Germany",

note = "9th European Workshop on Public Key Infrastructures, Services and Applications (EuroPKI 2012), EuroPKI 2012 ; Conference date: 13-09-2012 Through 14-09-2012",

}

Braun, J, Hülsing, A, Wiesmaier, A, Vigil, MAG & Buchmann, J 2013, How to avoid the breakdown of public key infrastructures: forward secure signatures for certificate authorities. in S De Capitani di Vimercati & C Mitchell (eds), Public Key Infrastructures, Services and Applications: 9th European Workshop, EuroPKI 2012, Pisa, Italy, September 13-14, 2012, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 7868 LNCS, Springer, Berlin, pp. 53-68, 9th European Workshop on Public Key Infrastructures, Services and Applications (EuroPKI 2012), Pisa, Italy, 13/09/12. https://doi.org/10.1007/978-3-642-40012-4_4

How to avoid the breakdown of public key infrastructures: forward secure signatures for certificate authorities. / Braun, Johannes; Hülsing, Andreas; Wiesmaier, Alex et al.
Public Key Infrastructures, Services and Applications: 9th European Workshop, EuroPKI 2012, Pisa, Italy, September 13-14, 2012, Revised Selected Papers. ed. / S. De Capitani di Vimercati ; Chr. Mitchell. Berlin: Springer, 2013. p. 53-68 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7868 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - How to avoid the breakdown of public key infrastructures

T2 - 9th European Workshop on Public Key Infrastructures, Services and Applications (EuroPKI 2012)

AU - Braun, Johannes

AU - Hülsing, Andreas

AU - Wiesmaier, Alex

AU - Vigil, Martín A G

AU - Buchmann, Johannes

N1 - Conference code: 9

PY - 2013

Y1 - 2013

N2 - Recent attacks and publications have shown the vulnerability of hierarchical Public Key Infrastructures (PKIs) and the fatal impact of revoked Certification Authority (CA) certificates in the PKIX validity model. Alternative validity models, such as the extended shell and the chain model, improve the situation but rely on independent proofs of existence, which are usually provided using time-stamps. As time-stamps are validated using certificates, they suffer from the same problems as the PKI they are supposed to protect. Our solution to this problem is abandoning time-stamps and providing proof of existence using Forward Secure Signatures (FSS). In particular, we present different possibilities to use the chain model together with FSS, resulting in schemes that include the necessary proofs of existence into the certificates themselves.

AB - Recent attacks and publications have shown the vulnerability of hierarchical Public Key Infrastructures (PKIs) and the fatal impact of revoked Certification Authority (CA) certificates in the PKIX validity model. Alternative validity models, such as the extended shell and the chain model, improve the situation but rely on independent proofs of existence, which are usually provided using time-stamps. As time-stamps are validated using certificates, they suffer from the same problems as the PKI they are supposed to protect. Our solution to this problem is abandoning time-stamps and providing proof of existence using Forward Secure Signatures (FSS). In particular, we present different possibilities to use the chain model together with FSS, resulting in schemes that include the necessary proofs of existence into the certificates themselves.

KW - Authentication

KW - CA

KW - Certificate

KW - Forward secure signature

KW - PKI

KW - Revocation

KW - Time-stamping

KW - Validity model

UR - https://www.scopus.com/pages/publications/84894125892

U2 - 10.1007/978-3-642-40012-4_4

DO - 10.1007/978-3-642-40012-4_4

M3 - Conference contribution

AN - SCOPUS:84894125892

SN - 9783642400117

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 53

EP - 68

BT - Public Key Infrastructures, Services and Applications

A2 - De Capitani di Vimercati , S.

A2 - Mitchell, Chr.

PB - Springer

CY - Berlin

Y2 - 13 September 2012 through 14 September 2012

ER -

Braun J, Hülsing A, Wiesmaier A, Vigil MAG, Buchmann J. How to avoid the breakdown of public key infrastructures: forward secure signatures for certificate authorities. In De Capitani di Vimercati S, Mitchell C, editors, Public Key Infrastructures, Services and Applications: 9th European Workshop, EuroPKI 2012, Pisa, Italy, September 13-14, 2012, Revised Selected Papers. Berlin: Springer. 2013. p. 53-68. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-642-40012-4_4

How to avoid the breakdown of public key infrastructures: forward secure signatures for certificate authorities

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this