C. AmirK., H. Forsgren, Kaj Grahn, T. Karvi, G. Pulkkis
{"title":"HIP和HIP组播公钥加密的安全性和可信度","authors":"C. AmirK., H. Forsgren, Kaj Grahn, T. Karvi, G. Pulkkis","doi":"10.4018/jdtis.2011070102","DOIUrl":null,"url":null,"abstract":"Host Identity Protocol (HIP) gives cryptographically verifiable identities to hosts. These identities are based on public key cryptography and consist of public and private keys. Public keys can be stored, together with corresponding IP addresses, in DNS servers. When entities are negotiating on a HIP connection, messages are signed with private keys and verified with public keys. Even if this system is quite secure, there is some vulnerability concerning the authenticity of public keys. The authors examine some possibilities to derive trust in public parameters. These are DNSSEC and public key certificates (PKI). Especially, the authors examine how to implement certificate handling and what is the time complexity of using and verifying certificates in the HIP Base Exchange. It turned out that certificates delayed the HIP Base Exchange only some milliseconds compared to the case where certificates are not used. In the latter part of our article the authors analyze four proposed HIP multicast models and how they could use certificates. There are differences in the models how many times the Base Exchange is performed and to what extent existing HIP specification standards must be modified. Security and Trust of Public Key Cryptography for HIP and HIP Multicast","PeriodicalId":298071,"journal":{"name":"Int. J. Dependable Trust. Inf. Syst.","volume":"25 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Security and Trust of Public Key Cryptography for HIP and HIP Multicast\",\"authors\":\"C. AmirK., H. Forsgren, Kaj Grahn, T. Karvi, G. Pulkkis\",\"doi\":\"10.4018/jdtis.2011070102\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Host Identity Protocol (HIP) gives cryptographically verifiable identities to hosts. These identities are based on public key cryptography and consist of public and private keys. Public keys can be stored, together with corresponding IP addresses, in DNS servers. When entities are negotiating on a HIP connection, messages are signed with private keys and verified with public keys. Even if this system is quite secure, there is some vulnerability concerning the authenticity of public keys. The authors examine some possibilities to derive trust in public parameters. These are DNSSEC and public key certificates (PKI). Especially, the authors examine how to implement certificate handling and what is the time complexity of using and verifying certificates in the HIP Base Exchange. It turned out that certificates delayed the HIP Base Exchange only some milliseconds compared to the case where certificates are not used. In the latter part of our article the authors analyze four proposed HIP multicast models and how they could use certificates. There are differences in the models how many times the Base Exchange is performed and to what extent existing HIP specification standards must be modified. Security and Trust of Public Key Cryptography for HIP and HIP Multicast\",\"PeriodicalId\":298071,\"journal\":{\"name\":\"Int. J. Dependable Trust. Inf. Syst.\",\"volume\":\"25 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Int. J. Dependable Trust. Inf. Syst.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4018/jdtis.2011070102\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Int. J. Dependable Trust. Inf. Syst.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/jdtis.2011070102","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
摘要
主机身份协议(Host Identity Protocol, HIP)为主机提供可加密验证的身份。这些身份基于公钥加密,由公钥和私钥组成。公钥可以与对应的IP地址一起存储在DNS服务器中。当实体在HIP连接上进行协商时,使用私钥对消息进行签名,并用公钥对消息进行验证。即使这个系统是相当安全的,也存在一些关于公钥真实性的漏洞。作者研究了在公共参数中推导信任的一些可能性。它们是DNSSEC和公钥证书(PKI)。作者特别研究了在HIP Base Exchange中如何实现证书处理以及使用和验证证书的时间复杂度。结果表明,与不使用证书的情况相比,证书只会使HIP Base Exchange延迟几毫秒。在本文的后半部分,作者分析了四种提出的HIP组播模型以及它们如何使用证书。执行Base Exchange的次数以及必须修改现有HIP规范标准的程度在模型中存在差异。HIP和HIP组播公钥加密的安全性和可信度
Security and Trust of Public Key Cryptography for HIP and HIP Multicast
Host Identity Protocol (HIP) gives cryptographically verifiable identities to hosts. These identities are based on public key cryptography and consist of public and private keys. Public keys can be stored, together with corresponding IP addresses, in DNS servers. When entities are negotiating on a HIP connection, messages are signed with private keys and verified with public keys. Even if this system is quite secure, there is some vulnerability concerning the authenticity of public keys. The authors examine some possibilities to derive trust in public parameters. These are DNSSEC and public key certificates (PKI). Especially, the authors examine how to implement certificate handling and what is the time complexity of using and verifying certificates in the HIP Base Exchange. It turned out that certificates delayed the HIP Base Exchange only some milliseconds compared to the case where certificates are not used. In the latter part of our article the authors analyze four proposed HIP multicast models and how they could use certificates. There are differences in the models how many times the Base Exchange is performed and to what extent existing HIP specification standards must be modified. Security and Trust of Public Key Cryptography for HIP and HIP Multicast
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
