Authors:
Jean-Guillaume Dumas
1
;
Pascal Lafourcade
2
;
Francis Melemedjian
3
;
Jean-Baptiste Orfila
1
and
Pascal Thoniel
3
Affiliations:
1
Université Grenoble Alpes, CNRS and LJK, France
;
2
University Clermont Auvergne and LIMOS, France
;
3
NTX Research SA, France
Keyword(s):
Security Protocols, Security Information Systems Architecture, Authentication and Non-repudiation, Formal Methods for Security, Identification.
Related
Ontology
Subjects/Areas/Topics:
Data and Application Security and Privacy
;
Formal Methods for Security
;
Identification, Authentication and Non-Repudiation
;
Information and Systems Security
;
Information Assurance
;
Management of Computing Security
;
Network Security
;
Security Management
;
Security Protocols
;
Trust Management and Reputation Systems
;
Wireless Network Security
Abstract:
Abstract. A public-key infrastructure (PKI) binds public keys to identities of
entities. Usually, this binding is established through a process of registration and
issuance of certificates by a certificate authority (CA) where the validation of the
registration is performed by a local registration authority. In this paper, we pro-
pose an alternative scheme, called L OCALPKI, where the binding is performed
by the local authority and the issuance is left to the end user or to the local au-
thority. The role of our third entity is then to register this binding and to provide
up-to-date status information on this registration. The idea is that many more lo-
cal actors could then take the role of a local authority, thus allowing for an easier
spread of public-key certificates in the population. We formally prove the security
of this new scheme and show how to deploy it using existing tools and protocols.