The SEM approach to PKI (by Boneh et al [4]) offers many advantages, such as instant revocation and compatibility with standard RSA tools. However, it has some disadvantages with regard to trust and scalability: each user depends on a mediator that may go down or become compromised. In this paper, we present a design that addresses this problem. We use secure coprocessors linked with peer-to-peer networks, to create a network of trustworthy mediators, to improve availability. We use threshold cryptography to build a back-up and migration technique, to provide recovery from a mediator crashing while also avoiding having all mediators share all secrets. We then use strong forward secrecy with this migration, to mitigate the damage should a crashed mediator actually be compromised. We also discuss a prototype implementation of this design. © Springer-Verlag Berlin Heidelberg 2004.
CITATION STYLE
Vanrenen, G., & Smith, S. (2004). Distributing security-mediated PKI. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 3093, 218–231. https://doi.org/10.1007/978-3-540-25980-0_18
Mendeley helps you to discover research relevant for your work.