A New Certificateless Public Key Distribution and Lightweight Secure Communication : 새로운 무인증서 공개키 배포 방법과 경량 보안 연결 방법

Cited 0 time in Web of Science Cited 0 time in Scopus


공과대학 전기·컴퓨터공학부
Issue Date
서울대학교 대학원
Public Key Infrastructure (PKI)Certificateless Public Key Cryptography (CL-PKC)Transport Layer Security (TLS)Datagram Transport Layer Security (DTLS)DelegationSession ResumptionInternet of Things (IoT)
학위논문 (박사)-- 서울대학교 대학원 : 전기·컴퓨터공학부, 2017. 2. 권태경.
Authenticating the other endpoint and protecting the data communication are the basic and important ways of secure communication. As the penetration of the Internet to the everyday life is getting accelerated, e.g. Internet of Things (IoT), the demand of secure communications increases. However, the aforementioned two ways have been threatened due to the problems of the Public Key Infrastructure (PKI) and the constrained resources of IoT devices. Therefore, this dissertation focuses on enhancing authentication regarding public key distribution and data protection considering resource-limited IoT devices.

First, the current PKI has problems like certificate revocations and fraudulent certificates. To address such issues, we propose TwinPeaks, which is a new infrastructure to distribute public keys of named entities online. TwinPeaks leverages certificateless public key cryptography (CL-PKC), which we extend to make the public key of an entity depend on any combination of its networking parameters
thus TwinPeaks can mitigate spoofing attacks systematically. TwinPeaks needs public key servers, which constitute a hierarchical tree like Domain Name System (DNS). For each parent-child link in the tree, the parent and the child interact in such a way that every named entity has its own public/secret key pair. TwinPeaks removes certificates and hence has no revocation overhead. Instead, each named entity should keep/update its IP address and public key up-to-date in its DNS server and key server, respectively. TwinPeaks also achieves scalable distribution of public keys since public keys can be cached long term without elevating security risks.

Next, the IoT will be the norm in the foreseeable future. However, the security problem in the Internet will be worsened in IoT services considering the constrained resources of IoT devices. We propose a delegation-based DTLS/TLS framework (D2TLS) for cloud-based IoT services. D2TLS aims to achieve mutual authentication and to lower the burden of setting up secure connections significantly while keeping the private keys of IoT devices secret. Leveraging the session resumption in the DTLS/TLS standard and introducing a security agent, D2TLS achieves these goals with the modifications only within the IoT domain. That is, cloud and PKI systems need no change to deploy D2TLS. Numerical results show that D2TLS can achieve better performance in terms of delay and energy consumption than making a DTLS/TLS connection in standalone mode.
Files in This Item:
Appears in Collections:
College of Engineering/Engineering Practice School (공과대학/대학원)Dept. of Electrical and Computer Engineering (전기·정보공학부)Theses (Ph.D. / Sc.D._전기·정보공학부)
  • mendeley

Items in S-Space are protected by copyright, with all rights reserved, unless otherwise indicated.