Séminaire confiance numérique (Ralf Sasse Institute of Information Security, Department of Computer Science, ETH Zurich, ARPKI)

Attack Resilient Public-Key Infrastructure.

We present ARPKI, a public-key infrastructure that ensures that certificate-related operations, such as certificate issuance, update, revocation, and validation, are transparent and accountable. ARPKI is the first such infrastructure that systematically takes into account requirements identified by previous research. Moreover, ARPKI is co-designed with a formal model, and we verify its core security property using the Tamarin prover. We present a proof-of-concept implementation providing all features required for deployment. ARPKI efficiently handles the certification process with low overhead and without incurring additional latency to TLS.
ARPKI offers extremely strong security guarantees, where compromising n-1 trusted signing and verifying entities is insufficient to launch an impersonation attack. Moreover, it deters misbehavior as all its operations are publicly visible.     

195 vues
Lundi 07 Septembre 2015
Tag(s) : confiance numerique, sécurité informatique
Partager : Facebook
Intégrer :
Vidéos suggérées