The Power of Many: Securing Organisational Identity Through Distributed Key Management

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14330%2F24%3A00136874" target="_blank" >RIV/00216224:14330/24:00136874 - isvavai.cz</a>

Výsledek na webu

<a href="http://dx.doi.org/10.1007/978-3-031-61057-8_28" target="_blank" >http://dx.doi.org/10.1007/978-3-031-61057-8_28</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1007/978-3-031-61057-8_28" target="_blank" >10.1007/978-3-031-61057-8_28</a>

Jazyk výsledku

angličtina

Název v původním jazyce

The Power of Many: Securing Organisational Identity Through Distributed Key Management

Popis výsledku v původním jazyce

Organisational Digital Identity (ODI) often relies on the credentials and keys being controlled by a single person-representative. Moreover, some Information Systems (IS) outsource the key management to a third-party controller. Both the centralisation and outsourcing of the keys threaten data integrity within the IS, allegedly provided by a trusted organisation. Also, outsourcing the control prevents an organisation from cryptographically enforcing custom policies, e.g. time-based, regarding the data originating from it. To address this, we propose a Distributed Key Management System (DKMS) that eliminates the risks associated with centralised control over an organisation's identity and allows organisation-enforceable policies. The DKMS employs threshold signatures to directly involve multiple organisation's representatives (e.g. employees, IS components, and external custodians) in data signing on its behalf. The threshold signature creation and, therefore, the custom signing policy inclusion, is fully backwards compatible with commonly used signing schemes, such as RSA or ECDSA. The feasibility of the proposed system is shown in an example data exchange system, X-Road. The implementation confirms the ability of the design to achieve distributed control over the ODI during the operational key phase. Excluding a network delay, the implementation introduces less than 200ms overhead compared to the built-in signing solution.

Název v anglickém jazyce

The Power of Many: Securing Organisational Identity Through Distributed Key Management

Popis výsledku anglicky

Organisational Digital Identity (ODI) often relies on the credentials and keys being controlled by a single person-representative. Moreover, some Information Systems (IS) outsource the key management to a third-party controller. Both the centralisation and outsourcing of the keys threaten data integrity within the IS, allegedly provided by a trusted organisation. Also, outsourcing the control prevents an organisation from cryptographically enforcing custom policies, e.g. time-based, regarding the data originating from it. To address this, we propose a Distributed Key Management System (DKMS) that eliminates the risks associated with centralised control over an organisation's identity and allows organisation-enforceable policies. The DKMS employs threshold signatures to directly involve multiple organisation's representatives (e.g. employees, IS components, and external custodians) in data signing on its behalf. The threshold signature creation and, therefore, the custom signing policy inclusion, is fully backwards compatible with commonly used signing schemes, such as RSA or ECDSA. The feasibility of the proposed system is shown in an example data exchange system, X-Road. The implementation confirms the ability of the design to achieve distributed control over the ODI during the operational key phase. Excluding a network delay, the implementation introduces less than 200ms overhead compared to the built-in signing solution.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

—

Návaznosti

S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2024

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Advanced Information Systems Engineering (CAiSE 24)

ISBN

9783031610561

ISSN

0302-9743

e-ISSN

—

Počet stran výsledku

17

Strana od-do

475-491

Název nakladatele

Springer Nature Switzerland

Místo vydání

Cham (Switzerland)

Místo konání akce

Limassol

Datum konání akce

1. 1. 2024

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

001284635700028