Articoli di riviste sul tema "Certificate revocation list, CRL"

Open banking allows banks and financial sectors to easily access the customers’ financial data which is revolutionizing. It also provides the customers with excellent cloud access to various providers’ wide range of financial services. The storage of such sensitive services and data on cloud servers is a double-edged sword. It can ease and support fine-grained access to such services/data anywhere and anytime, supporting the open banking system. But, on the other hand, data privacy and secrecy are a challenge. Thus, efficient access control should exist for open banking’s services and data to protect cloud-hosted financial sensitive data from unauthorized customers. This paper proposes a new access control scheme that employs blockchain for the key-revocation process. We implement the smart contract’s functions on the Ethereum platform and test the contract’s code on the Kovan Testnet before deploying it to the Mainnet. Although the customer is authenticated to open banking, his key/s can be revoked according to the status response of the bank branch. Thus, his access to financial services and data is denied. We did comprehensive experiments for the revocation status response time, data exchanged until receiving the revocation status, and the time spent updating the policy. Also, we compared the results of our proposed scheme with two well-known methods—Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP). The experimental results show that our proposed scheme (BKR-AC) has a faster response time than Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP) in case of nonrevoked keys/certificates and a slower response time in case of revoked keys to avoid nonrevoking a revoked key. But the data exchanged is an average for BKR-AC between CRL and OCSP, which is still a tiny amount and accepted. The security analysis proved that our scheme is secure against some well-known attacks on open banking systems. In addition, it is also secured against the chosen-text attack by employing the challenge-response authentication mechanism.

Vehicular ad hoc network (VANET) plays a vital role in the intelligent transportation system (ITS). When a vehicle receives a message through network, the CRL (certificate revocation list) checking process will operate before certificate and signature verification. After successful authentication, a CRL list is created based on authentication. This CRL is used to verify whether a vehicle node can be permitted for communication in the VANET network. But when using CRL, a huge amount of storage space and checking time is needed. So we proposed a method without the CRL list. It mentions a key management list to overcome large storage space and checking time. Even it reduced the access delay. For access permission we can do an authentication system based digital novel signature authentication (DNSA) for each vehicle in the VANET with the RSU unit or with other participant node vehicles in the communication as per the topology. We can perform an efficient and secured communication in VANET.

Vehicle ad hoc networks (VANETs) are special wireless networks which help vehicles to obtain continuous and stable communication. Pseudonym revocation, as a vital security mechanism, is able to protect legal vehicles in VANETs. However, existing pseudonym-revocation schemes suffer from the issues of low certificate revocation list (CRL) generation and update efficiency, along with high CRL storage and transmission costs. In order to solve the above issues, this paper proposes an improved Morton-filter-based pseudonym-revocation scheme for VANETs (IMF-PR). IMF-PR establishes a new distributed CRL management mechanism to maintain a low CRL distribution transmission delay. In addition, IMF-PR improves the Morton filter to optimize the CRL management mechanism so as to improve CRL generation and update efficiency and reduce the CRL storage overhead. Moreover, CRLs in IMF-PR store illegal vehicle information based on an improved Morton filter data structure to improve the compress ratio and the query efficiency. Performance analysis and simulation experiments showed that IMF-PR can effectively reduce storage by increasing the compression gain and reducing transmission delay. In addition, IMF-PR can also greatly improve the lookup and update throughput on CRLs.

Smart Grid (SG) infrastructure is an energy network connected with computer networks for communication over the internet and intranets. The revolution of SGs has also introduced new avenues of security threats. Although Digital Certificates provide countermeasures, however, one of the issues that exist, is how to efficiently distribute certificate revocation information among Edge devices. The conventional mechanisms, including certificate revocation list (CRL) and online certificate status protocol (OCSP), are subjected to some limitations in energy efficient environments like SG infrastructure. To address the aforementioned challenges, this paper proposes a scheme incorporating the advantages and strengths of the fog computing. The fog node can be used for this purpose with much better resources closer to the edge. Keeping the resources closer to the edge strengthen the security aspect of smart grid networks. Similarly, a fog node can act as an intermediate Certification Authority (CA) (i.e., Fog Node as an Intermediate Certification Authority (FONICA)). Further, the proposed scheme has reduced storage, communication, processing overhead, and latency for certificate verification at edge devices. Furthermore, the proposed scheme reduces the attack surface, even if the attacker becomes a part of the network.

The security in vehicular ad hoc networks (VANETs) has become a large consideration in safeguarding growing applications and intelligent transport systems. A group signature, a popular authentication approach for VANETs, can be implemented to protect vehicular communications against malicious users. However, the issue of securely distributing group keys to fast-moving vehicular nodes arises. The growing size of the certificate revocation list (CRL) has provided the corresponding complication in its management and distribution in VANETs. In this paper, an efficient key management protocol for group signature based authentication is proposed. A group is extended to a domain with various roadside units forming a hierarchical topology. Our proposed scheme provides a secure method to deliver group keys to vehicular nodes, ensuring the security requirements. Similarly, through utilizing the two Bloom filters in our hierarchical topology, an efficient and scalable vehicle revocation mechanism can be achieved that can minimize the CRL size. Our experiment results demonstrate a scalable, efficient, and secure key distribution scheme in vehicular networking. Moreover, an effective CRL management mechanism can be accomplished using the hierarchical topology.

Underwater Wireless Sensor Networks (UWSNs) obtains more attention due to their wide range of applications such as underwater oil field discovery, Tsunami monitoring systems, surveillance systems, and many more. In such a resource-constrained environment, sensors are more vulnerable to malicious attacks. Node authentication and secure communication is one of the vital issues in UWSNs. In this study, a secure and lightweight key management framework for UWSNs is proposed. The proposed framework includes key generation, key distribution, revocation, and authentication mechanisms along with lightweight implementation, and scalability. We use an elliptic curve-based algorithm for key distribution, and certificate revocation list (CRL) for key revocation. We also examine the performance of the proposed framework taking into account the amount of communication overhead as well as the level of security. The simulation results show that the proposed framework provides better security with less communication overhead compared to existing frameworks. This framework can be used for secure data communication in UWSNs, which has various applications in oceanography, environmental monitoring, and military operations.

Due to its complexity and mobility, VANET (vehicle ad hoc network) security has long plagued the development of the IoT industry. It is still a big challenge for users to decide the trustworthiness of an anonymous message or the preservation of personal information. Group signature is widely used in VANET anonymous authentication, but the existing solutions suffer from high computation costs in certificate revocation list (CRL) checking and signature verification process. In our scheme, we develop a lightweight protocol based on hashing functions and group keys, which escapes from the heavy computation cost. Then, we propose a dynamic batch-based group key distribution process, which is based on long short-term memory (LSTM) neural network to predict traffic flow and calculate the weight to determine the right time for key update. In this way, our method will significantly reduce computation delay and communication overhead. The security and performance analyses show that our scheme is more efficient in terms of authentication speed while keeping conditional privacy in VANET.

The PKI framework is a widely used network identity verification framework. Users will register their identity information with a certification authority to obtain a digital certificate and then show the digital certificate to others as an identity certificate. After others receive the certificate, they must check the revocation list from the CA to confirm whether the certificate is valid. Although this architecture has a long history of use on the Internet, significant doubt surrounds its security. Because the CA may be attacked by DDoS, the verifier may not obtain the revocation list to complete the verification process. At present, there are many new PKI architectures that can improve on the CA’s single point of failure, but since they still have some shortcomings, the original architecture is still used. In this paper, we proposed a semidecentralized PKI architecture that can easily prevent a single point of failure. Users can obtain cryptographic evidence through specific protocols to clarify the responsibility for the incorrect certificate and then submit the cryptographic evidence to the smart contract for automatic judgment and indemnification.

There are a large number of applications of ad-hoc networks (i) military, (ii) Disaster rescue, (iii) Medical etc. But the security of the data during transfer is a major concern. This paper proposes a technique for identifying and preventing the malicious nodes to be in a path from sender to receiver, known as certificate revocation method. Here certificate authority Scheme (CAS) is responsible for the issue of the certificates for these nodes. The CAS maintains two sets of lists – a warning list and a blocked list. The node is added to a warning list if any of the neighbor nodes raises a suspension about a node. Both the accuser and the accused are added to this list. The node is transferred to blocked list when the corruption in the node is confirmed. A node from the blocked list is never added to the network again. This process is termed as cluster-based certificate revocation scheme (CBCRS). The priority of this technique is not the detection of the corrupted node but the removal of the corrupted node from the network. Experimental results reveal that this protocol is free from vulnerabilities.

Certificate revocation is a challenging task, especiallyin mobile network environments such as vehicular ad Hoc networks (VANETs).According to the IEEE 1609.2 security standard for VANETs, public keyinfrastructure (PKI) will provide this functionality by means of certificate revocation lists (CRLs).When a certificate authority (CA)needs to revoke a certificate, itglobally distributes CRLs.Transmitting these lists pose a problem as they require high update frequencies and a lot of bandwidth. In this article, we propose BECSI, aBandwidth Efficient Certificate Status Informationmechanism to efficiently distributecertificate status information (CSI) in VANETs.By means of Merkle hash trees (MHT), BECSI allowsto retrieve authenticated CSI not onlyfrom the infrastructure but also from vehicles actingas mobile repositories.Since these MHTs are significantly smaller than the CRLs, BECSIreduces the load on the CSI repositories and improves the response time for the vehicles.Additionally, BECSI improves the freshness of the CSIby combining the use of delta-CRLs with MHTs.Thus, vehicles that have cached the most current CRLcan download delta-CRLs to have a complete list of revoked certificates.Once a vehicle has the whole list of revoked certificates, it can act as mobile repository.

Certificateless cryptosystems have attracted great interests in cryptographic research since its invention. Because compared with traditional public key cryptosystems or identity-based cryptosystems, they could not only simplify the certificate management, but also alleviate the key escrow problem. In certificateless cryptosystems, user revocation is a challenging issue. To address this issue, one popular method is to update the key via public channels. However, most of the existing schemes in this approach are impractical because of the following two shortcomings. Firstly, the user needs to maintain a list of decryption keys, but the size of the list will keep increasing. Secondly, the revoked user can still recover the plaintexts of the encrypted data prior to revocation, and this is a particular threat in some applications. To solve these problems, this paper presents revocable certificateless encryption with ciphertext evolution. We give a generic construction and then describe how it can be initialized concretely. In our proposed scheme, the user only needs to keep one decryption key, and once a user is revoked, it can no longer decrypt any ciphertext in the server. Moreover, the IND-CCA security model is defined against three types of attacks. And our schemes are formally proved to satisfy these security requirements.

History of Seal and Printing Cultures Implications of the four important Chinese inventions, the compass, gun powder, papermaking, and printing, have far-reaching significance for human civilisation. The Chinese seal is intimately related to printing. Seals have the practical function of duplicating impressions of words or patterns. This process shares a very similar concept to printing on a small scale. Printing originated from the function of seals for making duplicated impressions, and for this reason Wang believes that seals constitute the prototype of printing. Seals in Traditional Commere Seals in certain Asian countries, such as Taiwan and Japan, play a vital role similar to that played by signatures in Western society. Particularly, the Chinese seal has been an integral part of Chinese heritage and culture. Wong states that seals usually symbolise tokens of promise in Chinese society. Ancient seals in their various forms have played a major role in information systems, in terms of authority, authentication, identification, certified proof, and authenticity, and have also been used for tamper-proofing, impression duplication, and branding purposes. To illustrate, clay sealing has been applied to folded documents to detect when sealed documents have been exposed or tampered with. Interestingly, one of the features of digital signature technology is also designed to achieve this purpose. Wong records that when the commodity economy began to develop and business transactions became more frequent, seals were used to prove that particular goods had been certified by customs. Moreover, when the goods were subject to tax by the government, seals were applied to the goods to prove the levy paid. Seals continue to be used in Chinese society as personal identification and in business transactions, official and legal documents, administrative warrants and charters. Paper-based Contract Signing with Seal Certificates In Taiwan and Japan, in certain circumstances, when two parties wish to formalise a contract, the seals of the two parties must be affixed to the contract. As Figure 1 illustrates, seal certificates are required to be attached to the signed and sealed contract for authentication as well as the statement of intent of a voluntary agreement in Taiwan. Figure 1. Example of a contract attached with the seal certificates A person can have more than one seal; however, only one seal at a time is allowed to be registered with a jurisdictional registration authority. The purpose of seal registration is to prevent seal forgery and to prove the identity of the seal owner. Namely, the seal registration process aims to associate the identity of the seal owner with the seal owner’s nominated seal, through attestation by a jurisdictional registration authority. Upon confirmation of the seal registration, the registration authority issues a seal certificate with both the seals of the registration authority and the registration authority executive. Digital Signatures for Electronic Commerce Handwritten signatures and tangible ink seals are highly impractical within the electronic commerce environment. However, the shift towards electronic commerce by both the public and private sector is an inevitable trend. ‘Trust’ in electronic commerce is developed through the use of ‘digital signatures’ in conjunction with a trustworthy environment. In principle, digital signatures are designed to simulate the functions of handwritten signatures and traditional seals for the purposes of authentication, data integrity, and non-repudiation within the electronic commerce environment. Various forms of Public Key Infrastructure (PKI) are employed to ensure the reliability of using digital signatures so as to ensure the integrity of the message. PKI does not, however, contribute in any way to the signatory’s ability to verify and approve the content of an electronic document prior to the affixation of his/her digital signature. Shortcomings of Digital Signature Scheme One of the primary problems with existing digital signatures is that a digital signature does not ’feel’ like, or resemble, a traditional seal or signature to the human observer; it does not have a recognisably individual or aesthetic quality. Historically, the authenticity of documents has always been verified by visual examination of the document. Often in legal proceedings, examination of both the affixed signature or seal as an integral part of the document will occur, as well as the detection of any possible modifications to the document. Yet, the current digital signature regime overlooks the importance of this sense of visualisation. Currently, digital signatures, such as the OpenPGP (Pretty Good Privacy) digital signature, are appended to an electronic document as a long, incomprehensible string of arbitrary characters. As shown in Figure 2, this offers no sense of identity or ownership by simple visual inspection. Figure 2. Example of a PGP signature To add to this confusion for the user, a digital signature will be different each time the user applies it. The usual digital signature is formed as an amalgam of the contents of the digital document and the user’s private key, meaning that a digital signature attached to an electronic document will vary with each document. This again represents a departure from the traditional use of the term ‘signature’. A digital signature application generates its output by firstly applying a hash algorithm over the contents of the digital document and then encrypting that hash output value using the user’s private cryptographic key of the normal dual-key pair provided by the Public Key cryptography systems. Therefore, digital signatures are not like traditional signatures which an individual can identify as being uniquely theirs, or as a recognisable identity attributable to an individual entity. New Visualised Digital Signature Scheme Liu et al. have developed the visualised digital signature scheme to enhance existing digital signature schemes through visualisation; namely, this scheme makes the intangible digital signature virtually tangible. Liu et al.’s work employs the visualised digital signature scheme with the aim of developing visualised signing and verification in electronic situations. The visualised digital signature scheme is sustained by the digital certificate containing both the certificate issuer’s and potential signer’s seal images. This thereby facilitates verification of a signer’s seal by reference to the appropriate certificate. The mechanism of ensuring the integrity and authenticity of seal images is to incorporate the signer’s seal image into an X.509 v3 certificate, as outlined in RFC 3280. Thus, visualised digital signature applications will be able to accept the visualised digital certificate for use. The data structure format of the visualised digital certificate is detailed in Liu. The visualised signing and verification processes are intended to simulate traditional signing techniques incorporating visualisation. When the signer is signing the document, the user interface of the electronic contracting application should allow the signer to insert the seal from the seal image file location into the document. After the seal image object is embedded in the document, the document is referred to as a ’visually sealed’ document. The sealed document is ready to be submitted to the digital signing process, to be transmitted with the signer’s digital certificate to the other party for verification. The visualised signature verification process is analogous to the traditional, sealed paper-based document with the seal certificate attached for verification. In history, documents have always required visual stimulus for verification, which highlights the need for visual stimulus evidence to rapidly facilitate verification. The user interface of the electronic contracting application should display the visually sealed document together with the associated digital certificate for human verification. The verifier immediately perceives the claimed signer’s seal on the document, particularly when the signer’s seal is recognisable to the verifier. This would be the case particularity where regular business transactions between parties occur. Significantly, having both the issuing CA’s and the signer’s seal images on the digital certificate instils confidence that the signer’s public key is attested to by the CA, as shown in Figure 3. This is unlike the current digital signature verification process which presents long, meaningless strings to the verifier. Figure 3. Example of a new digital certificate presentation Conclusions Seals have a long history accompanying the civilisation of mankind. In particular, certain business documents and government communities within seal-culture societies still require the imprints of the participating entities. Inevitably, the use of modern technologies will replace traditional seals and handwritten signatures. Many involved in implementing electronic government services and electronic commerce care little about the absence of imprints and/or signatures; however, there is concern that the population may experience difficulty in adapting to a new electronic commerce system where traditional practices have become obsolete. The purpose of the visualised digital signature scheme is to explore enhancements to existing digital signature schemes through the integration of culturally relevant features. This article highlights the experience of the use and development of Chinese seals, particularly in visualised seals used in a recognition process. Importantly, seals in their various forms have played a major role in information systems for thousands of years. In the advent of the electronic commerce, seal cultures still remain in the digital signing environment. References Housley, R., et al. RFC 3280 Internet X.509 Public Key Infrastructure: Certificate and Certificate Revocation List (CRL) Profile. The Internet Engineering Task Force, 2002. Liu, V., et al. “Visually Sealed and Digital Signed Documents.” 27th Australasian Computer Science Conference. Dunedin, NZ: Australian Computer Science Communications, 2004. Liu, V. “Visually Sealed and Digital Signed Electronic Documents: Building on Asian Tradition.” Dissertation. Queensland University of Technology, 2004. Wang, P.Y. The Art of Seal Carving. Taipei: Council for Cultural Planning and Development, Executive Yuan, 1991. Wong, Y.C., and H.W. Yau. The Art of Chinese Seals through the Ages. Hong Kong: The Zhejiang Provincial Museum and the Art Museum of the Chinese University Hong Kong, 2000. Citation reference for this article MLA Style Liu, Vicky. "Seal Culture Still Remains in Electronic Commerce." M/C Journal 8.2 (2005). echo date('d M. Y'); ?> <http://journal.media-culture.org.au/0506/03-liu.php>. APA Style Liu, V. (Jun. 2005) "Seal Culture Still Remains in Electronic Commerce," M/C Journal, 8(2). Retrieved echo date('d M. Y'); ?> from <http://journal.media-culture.org.au/0506/03-liu.php>.

The growing use of mobile devices in MANET has influenced a lot of application in the field of wireless technology. To provide security to the network is a major challenge. Of all the goals of wireless network security, authentication is crucial. Communication among authenticated nodes is done with digital certificate. Nodes which misbehave in the cluster are eliminated from the network by revoking its certificate. Our proposed system uses voting based mechanism using trust of the node present in the black list. The trust value calculation is done for all the nodes in black list by cluster head using direct and recommendation trust. Total trust is the combination of 80% of direct trust and 20% of indirect trust. Revocation is done based on the threshold to reduce the false accusation. Simulation result of the proposed system using NS-2 shows improved results when compared with existing scheme in terms of malicious node revocation, false revocation, normalized time to revocation, revocation accuracy ratio and number of warned nodes. Simulation results articulate that the proposed mechanism yields an exemplary outcome for providing secure communication in MANETs.

Vehicular adhoc structures (VANETs) handle the Public Key Infrastructure (PKI) and Certificate Revocation Lists (CRLs) for their security. In any PKI structure, the check of a got message is performed by checking if the check of the sender is joined into the current CRL, Verifying the reliability of the certification and standard for the sender. In this paper, it has been propose a Vehicular Digital Hash Gen show up (VDHG) for VANETs, which replaces the dull CRL checking process by a profitable revoking checking process. The renouncing check process in VDHG uses a Private Key Infrastructure (PKI), where the key used in finding the VDHG is shared particularly between On-Board Units (OBUs). In like manner, VDHG uses a novel probabilistic key stream, which extras with OBUs to trade and revive an issue key. VDHG can on a very basic level lessen the data torment in light of the message declaration deferral pulled back and the standard assistance structures using CRL.

One of the challenges in MANET is authentication. To aid authentication, digital certificate are used by all the nodes in MANET. The network performs well if the nodes are trustworthy and cooperate properly. The certificate of the misbehaving nodes is revoked by certificate authority, there by debarring them from the network. The objective of this paper is to identify the malicious nodes which drop the packet deliberately to disrupt the network. Any node accusing the malicious node is inserted in the white list and the accused node is inserted in the blacklist based on Non-voting mechanism. The nodes placed in the black list are barred from the network. . Packet dropping due to link failure, mobility and traffic load intensity is excluded for accurate detection of the malicious node. Cluster based Non-voting mechanism with watchdog shows better performance in terms of better packet delay rate, packet delivery rate and packet loss rate while transmitting data. Clustering mechanism helps to reduce the communication overhead and certificate revocation provides secure network. Also, the false accusation is reduced as not all nodes accuse without proper analysis, with fear of being put on the whitelist, and being denied of further accusation. The algorithm is studied theoretically and evaluated practically using NS-2 to show better performance.