Papers     Last modified: 10/19/04 10:49:27 AM

G. Vanrenen, S.W. Smith.
"Distributing Security-Mediated PKI."
Public Key Infrastructure: EuroPKI 2004.
Springer-Verlag LNCS 3093. 218-231. June 2004.


The SEM approach to PKI (by Boneh et al) offers many advantages, such as instant revocation and compatibility with standard RSA tools. However, it has some disadvantages with regard to trust and scalability: each user depends on a mediator that may go down or become compromised.

In this paper, we present a design that addresses this problem. We use secure coprocessors linked with peer-to-peer networks, to create a network of trustworthy mediators, to improve availability. We use threshold cryptography to build a back-up and migration technique, to provide recovery from a mediator crashing while also avoiding having all mediators share all secrets. We then use strong forward secrecy with this migration, to mitigate the damage should a crashed mediator actually be compromised. We also discuss a prototype implementation of this design.



Back to home page Maintained by Sean Smith,