On the Security of Holder-of-Key Single Sign-On.

Thus for quite some time, the problem of IP address shortage will persist. To solve the problem, we propose the mechanism of secure IP address trading. ... This mechanism is based on the Resource PKI (RPKI). The RPKI is the working item of IETF. This proposed mechanism maximizes the trust of IP address trading using RPKI. ... Characteristic of resource PKIs is the one-to-one mapping between EE certificates and signed objects e.g. ROAs. So the private key is used to sign only one object. ...

doi:10.3745/jips.2010.6.1.107 fatcat:d3wxdblvmbaf3av6rckuaquoym

The key idea is: replicate the key shares and make the signing servers anonymous to clients (and thus also to the would-be attackers), in addition to using threshold signing. ... This paper presents the architecture and protocols of DSO, and the analytical models for reliability and security analysis. ... On receiving the share, a share holder calculates the index keys using a number of (n b ) well-known consistent hash functions as in SOS [13] operated on the service key tag. ...

doi:10.1007/11767480_3 fatcat:hxxsdmcjnbacpi3lczol4o6mkm

We also update the secret shares to further enhance robustness against break-ins. Both simulations and implementation confirm the effectiveness of our design. ... In this paper, we describe a solution that supports ubiquitous security services for mobile hosts, scales to network size, and is robust against break-ins. ... No single entity in the network knows or holds the complete system secret (e.g., a certification authority's signing key). ...

doi:10.1109/icnp.2001.992905 dblp:conf/icnp/KongZLLZ01 fatcat:uvj4ir4irzaznmlm2ipwtnk76y

The issues related to the application of this PKI to inter-domain routing security are considered, and the design, management and use of resource certificates, and the structure of the related Public Key ... This has particular application in the area of demonstrable attestations related to the right-of-use of IP addresses, and in the area of inter-domain routing security. ... It is also a property of this PKI that the key used to sign a CRL must be the same key used to sign the certificates being revoked, therefore binding a logical instance of a CA to a single key. ...

doi:10.1109/glocomw.2009.5360715 fatcat:mpxkqfqf6nat5l6bn624uti7he

Public Key Infrastructure (PKI) is a way of providing security measures by implementing the means of key pairs among users. ... In this paper, an overview of the public key infrastructure is discussed that includes various components and operation, some well known PKIs and their comparisons. ... messages signed by the key holder. ...

doi:10.4236/jis.2015.61004 fatcat:3fbmf4zhszgvpg7pqcbllmlkqy

Open Access

A Single Sign-on is a new authentication mechanism for user to use multiple services provided by service provider in distributed computer network. ... It enables a legal user with a single credential to be authenticated by multiple service providers in distributed computer networks. This scheme has security flaws. ... This is the current example of single sign-on (SSO). ...

doi:10.5120/15489-4227 fatcat:s2bcmsllwngx3injhaju652kui

This paper focuses on the propagation problem of digital credentials, which may contain sensitive information about a credential holder. ... The proposed approach in this paper uses shortlived credentials based on reverse forward secure signatures to remove this assumption and mitigate the damage caused by a dishonest or honest but compromised ... Any opinions, findings, and conclusions or recommendations expressed in this publication are those of the author(s) and do not necessarily reflect the views of the National Science Foundation. ...

doi:10.1007/978-3-540-77048-0_9 fatcat:mum56frjifbndhjnkwdqarjvsu

The electronic passport, supporting authentication using secure credentials on a tamper-resistant chip, is an attempt to improve on the security of the paper-based passport at minimum cost. ... The encoded data includes the holder's name, date of birth, and other identifying information for the holder or the document. ... The public key is signed and stored in one of the public data groups and the private key is stored in secure memory of the chip [21] . ...

arXiv:1011.2946v1 fatcat:a632gnz5ejbmxapgnwkcmcp6x4

One of the most promising features of smart card technology is its potential to serve several applications using a single hardware token. ... Moreover, it protects the privacy of card holders by providing a possibility to use pseudonymous identities that cannot be linked to one another. ... All the DPs of a given group are assigned the same key pair (S g , P g ). DPs are grouped in order to protect the privacy of their holders. ...

doi:10.1007/11733447_2 fatcat:so26mlhmcba4nkgefyfzef7lf4

Based on the lifecycles of three main objects involved in self-sovereign identity, we categorise the patterns into three groups: key management patterns, decentralised identifier management patterns, and ... The proposed patterns provide a systematic and holistic guide for architects to design the architecture of blockchain-based self-sovereign identity systems. ... The loss of signing key of one identifier does not affect the other identifiers. Drawbacks: • Cost. ...

arXiv:2005.12112v3 fatcat:7gli7txgyvdyjgysfsenvaltzm

Multiple Versions

Secure routing protocols such as SRP, Ariadne, ARAN, and SEAD [2] [3] [4] [5] , all assume that two nodes of the network share the pre-existing symmetric key ... Ad hoc network security research focuses on secure routing protocol, because routing protocol is a hot issue in ad hoc networks. ... The public key of him is set to Q ID = H 2 (ID). Sign. ...

doi:10.1002/wcm.500 fatcat:2jrvigqmqbbypeyoqjmdqjm3mq

DOAJ

of the German eID system, a more simple and secure variant for this SSO system, based on the SAML Holder-of-Key web browser profile. 5 See http://www.oasis-open.org/committees/security. 6 See ... Finally we describe a system setup based on the SAML Holder-of-Key web browser profile, which also mitigates interoperability problems. 2 See www.futureid.eu. 3 See www.skidentity.de. drivers), but this ... Optimized version of Holder-of-Key Web Browser SSO Profile We now show how to optimize the Holder-of-Key Web Browser SSO Profile to allow for efficient and secure authentication using eID-specific methods ...

doi:10.1145/2517881.2517892 dblp:conf/dim/HuhnleinSWMFMSBH13 fatcat:22vdtpuownhghjvfmqju6zz2ga

Our framework resolves some problems of PGP key servers focusing in particular on fast propagation of certificate revocation among key servers and elimination of man-in-the-middle risk. ... We also provided user access right control where only the certificate holder can change information related to the certificate. ... Given the potential vulnerabilities of PKI stemming from its single point of failure at CAs, it can be concluded that the whole PGP ecosystem becomes dependent on security of PKI. ...

doi:10.1109/candarw.2018.00065 dblp:conf/ic-nc/YakubovSS18 fatcat:7644yoeczvgnjh7detkozvhdu4

The paper also provides a cryptographic security analysis of the e-passport using face fingerprint, and iris biometric that are intended to provide improved security in protecting biometric information ... of the e-passport bearer. ... It also digitally signs its part of the session key K IS . ...

doi:10.5815/ijcnis.2012.08.07 fatcat:eepgrn3tpfg2ji32afeziajtvm

Open Access

We also propose proper security definitions for the protocol, aiming to protect the security of both the credential issuer and the credential owner against concurrent attacks. ... Finally, we show that the GQ identification protocol yields an efficient credential ownership proof for credentials signed by the RSA-FDH signature scheme of Bellare and Rogaway and prove the protocol ... [SBWP03] and the security model is mainly geared to ensure security of a single credential holder and with no concern about security of the credential issuer. ...

doi:10.1145/1229285.1229309 dblp:conf/ccs/ShahandashtiSB07 fatcat:j42ymtjprzaebdbyzyb7sh3xfi

IPv4 Address Trading Using Resource Certificate

Preserved Fulltext

DSO: Dependable Signing Overlay [chapter]

Preserved Fulltext

Providing robust and ubiquitous security support for mobile ad-hoc networks

Preserved Fulltext

Resource Certification - A Public Key Infrastructure for IP Addresses and AS's

Preserved Fulltext

Public Key Infrastructure: A Survey

Preserved Fulltext

Improving the Security of SSO in Distributed Computer Network using Digital Certificate and one Time Password (OTP)

Preserved Fulltext

Preventing Unofficial Information Propagation [chapter]

Preserved Fulltext

A Survey of System Security in Contactless Electronic Passports [article]

Preserved Fulltext

Towards a Secure and Practical Multifunctional Smart Card [chapter]

Preserved Fulltext

Design Patterns for Blockchain-based Self-Sovereign Identity [article]

Preserved Fulltext

Other Versions

A practical approach of ID-based cryptosystem in ad hoc networks

Preserved Fulltext

Options for integrating eID and SAML

Preserved Fulltext

BlockPGP: A Blockchain-Based Framework for PGP Key Servers

Preserved Fulltext

Enhancement of Security and Privacy in Biometric Passport Inspection System Using Face, Fingerprint, and Iris Recognition

Preserved Fulltext

Concurrently-secure credential ownership proofs

Preserved Fulltext