![[PRINT]](/_images/printer1.png)
Various Methods for Encryption Key Management and Revocation
Public Key Infrastructure(PKI) is a system to manage digital certificates, which are used to confirm the authenticity of users and entities over the internet. Certificate-based encryption(CBE) depends on certificates. These certificates attach public keys to identities( for instance email addresses, domain names) and are used for authentication and encryption. A digital certificate is needed to establish a secure connection and it initiates trust that the entity is authentic. It is used in the encryption process to secure communications and create reliance in transactions, most often by using Transport Layer Security(TLS) or Secure Sockets Layer(SSL) protocol. The digital certificate for an entity includes a public encryption key that is paired with a private encryption key. A certificate signed and issued by the certificate authority and then installed on requested web server. Whereas identity based encryption(IBE) facilitates key management by using identities as public keys that eradicates the need for a separate key distribution mechanism. In IBE, users can be derived from their identity, so the exchange of public keys aren’t required. Sometimes we need to get rid of a certificate because of the certificate is no longer used, details of a certificate are modified, certificate owner’s private key was compromised, certificates were stolen from the certificate authority and etc. reasons. Revocation key management is a very important characteristic of Public Key Infrastructure(PKI) that assigns with controlling of keys used for revoking digital certificates. Revoking access in certificate based encryption(CBE) is much easier than in Identity-based encryption. An users access can be revoked or invalidated by revoking or invalidating the digital certificates issued to specific users in Certificate-based encryption. After the revocation or invalidation of a certificate, the systems will no longer accept that certificate for authentication or encryption purposes. In this thesis, we will discuss how to revoke access in identity based encryption and distinct certificate based key revocation methods like Certificate Revocation List(CRL), Online Certificate Status Protocol(OCSP), OCSP Stapling. We will also compare some other revocation options like Key Revocation Lists(KRL), Blacklists, Whitelists, Physical Security Measures, Key Escrow, Encryption Key Destruction with certificate-based encryption. At last we will give an outline of all discussed revocation methods that will help us to prevent unauthorized and unwanted uses.
Aufgaben:
- Research Identity-based, certificate-based and others cryptographic encryption techniques. Find out their usefulness and differences in the encryption processes.
- Research distinct revocation methods from different resources and analyse existing revocation techniques and discuss their strengths and weakness.
- Describe which revocation method is compatible for which purposes and write down their implementations.
Aufgabensteller:
Prof. Dr. D. Kranzlmüller
Dauer der Arbeit:
- Bachelorarbeit: 20 Wochen
Anzahl Bearbeiter: 1 (vergeben)
Betreuer:
Diese Seite wurde 1275 mal aufgerufen.