Další formáty:
BibTeX
LaTeX
RIS
@inproceedings{2424077, author = {Bakhtina, Mariia and Kvapil, Jan and Švenda, Petr and Matulevicius, Raimundas}, address = {Cham (Switzerland)}, booktitle = {Advanced Information Systems Engineering (CAiSE 24)}, doi = {http://dx.doi.org/10.1007/978-3-031-61057-8_28}, keywords = {distributed control;key management; organisational digital identity; security; threshold signatures; zero trust}, howpublished = {elektronická verze "online"}, language = {eng}, location = {Cham (Switzerland)}, isbn = {978-3-031-61056-1}, pages = {475-491}, publisher = {Springer Nature Switzerland}, title = {The Power of Many: Securing Organisational Identity Through Distributed Key Management}, url = {https://link.springer.com/chapter/10.1007/978-3-031-61057-8_28}, year = {2024} }
TY - JOUR ID - 2424077 AU - Bakhtina, Mariia - Kvapil, Jan - Švenda, Petr - Matulevicius, Raimundas PY - 2024 TI - The Power of Many: Securing Organisational Identity Through Distributed Key Management PB - Springer Nature Switzerland CY - Cham (Switzerland) SN - 9783031610561 KW - distributed control;key management KW - organisational digital identity KW - security KW - threshold signatures KW - zero trust UR - https://link.springer.com/chapter/10.1007/978-3-031-61057-8_28 N2 - Organisational Digital Identity (ODI) often relies on the credentials and keys being controlled by a single person-representative. Moreover, some Information Systems (IS) outsource the key management to a third-party controller. Both the centralisation and outsourcing of the keys threaten data integrity within the IS, allegedly provided by a trusted organisation. Also, outsourcing the control prevents an organisation from cryptographically enforcing custom policies, e.g. time-based, regarding the data originating from it. To address this, we propose a Distributed Key Management System (DKMS) that eliminates the risks associated with centralised control over an organisation's identity and allows organisation-enforceable policies. The DKMS employs threshold signatures to directly involve multiple organisation's representatives (e.g. employees, IS components, and external custodians) in data signing on its behalf. The threshold signature creation and, therefore, the custom signing policy inclusion, is fully backwards compatible with commonly used signing schemes, such as RSA or ECDSA. The feasibility of the proposed system is shown in an example data exchange system, X-Road. The implementation confirms the ability of the design to achieve distributed control over the ODI during the operational key phase. Excluding a network delay, the implementation introduces less than 200ms overhead compared to the built-in signing solution. ER -
BAKHTINA, Mariia, Jan KVAPIL, Petr ŠVENDA a Raimundas MATULEVICIUS. The Power of Many: Securing Organisational Identity Through Distributed Key Management. Online. In \textit{Advanced Information Systems Engineering (CAiSE 24)}. Cham (Switzerland): Springer Nature Switzerland, 2024, s.~475-491. ISBN~978-3-031-61056-1. Dostupné z: https://dx.doi.org/10.1007/978-3-031-61057-8\_{}28.
|