DTKI: A New Formalized PKI with Verifiable Trusted PartiesReport as inadecuate

DTKI: A New Formalized PKI with Verifiable Trusted Parties - Download this document for free, or read online. Document in PDF available to download.

1 School of Computer Science Birmingham 2 PESTO - Proof techniques for security protocols Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods

Abstract : The security of public key validation protocols for web-based applications has recently attracted attention because of weaknesses in the certificate authority model, and consequent attacks. Recent proposals using public logs have succeeded in making certificate management more transparent and verifiable. However, those proposals involve a fixed set of authorities. This means an oligopoly is created. Another problem with current log-based system is their heavy reliance on trusted parties that monitor the logs. We propose a distributed transparent key infrastructure DTKI, which greatly reduces the oligopoly of service providers and allows verification of the behaviour of trusted parties. In addition, this paper formalises the public log data structure and provides a formal analysis of the security that DTKI guarantees.

Keywords : formal verification trust certificate transparency PKI SSL TLS key distribution

Author: Jiangshan Yu - Vincent Cheval - Mark Ryan -

Source: https://hal.archives-ouvertes.fr/


Related documents