The work that we’re going to talk about today is close to the work that I talked about here last year1, PKI ad hoc networks. But you know ad hoc networks are useless because you can’t see any properties of truly ad hoc networks, so you have to assume some kind of properties of these nodes if you are ever to do anything with them at all. So, the PKI is by nature ad hoc, but we think that we made a little bit of an advance on the certificate based route where no-one can construe the status by a certificate. You’ll see how this works later on, but the certificate is signed by the group key. That of course begs the question about this infrastructure environment and how you’re going to sign the key. You all know the limitations of systems that have a single sign: it’s a single point of failure, it does all the things you have problems with in a secure environment, you get a bottleneck, it’s also that single point compromise that you had at the top of the X509 issue. Either you instil complexity into it, or you instil multiple points of compromise. If one person is bad, depending on the scheme, that can make Bad Things Happen. At the very least they may be able to deny a service, but having multiple signing can create a problem property too. With threshold schemes you have the difficulty that maybe it can change in this environment. We think there’s a better way, based not on threshold schemes but on dual access structures. The idea is that a threshold scheme and an access structure have a relationship, and that actually the set of access structures for threshold schemes is a pretty important set of structures that helps you understand how they work. Instead of having a single signer you have a single signing key, and you have to have people that are your key signers that collaborate to be able to sign that key in the group. If this is a two of five scheme, then two of the people who are of the qualified set would have to agree to sign that certificate.
展开▼
机译:我们将谈论今天的工作是靠近我在这里谈到的工作过去一年,PKI Ad Hoc网络。但是,您知道Ad Hoc网络是无用的,因为您无法看到真正的Ad Hoc网络的任何属性,所以如果您完全与他们一起做任何事情,您必须假设这些节点的某种属性。因此,PKI是由自然的特设,但我们认为我们在基于证书的路线上进行了一点前进,其中没有人可以通过证书解释状态。您将看到稍后的工作方式,但证书由组密钥签名。当然,乞求关于这个基础架构环境的问题以及你将如何签署密钥。你们都知道有一个标志的系统的局限性:它是一个失败的单点,它在安全的环境中有问题,你得到一个瓶颈,这也是你所拥有的单点妥协X509的顶部。要么你灌输复杂性,要么你灌输多个妥协点。如果一个人是糟糕的,取决于该计划,可以使坏事发生。至少他们可能能够拒绝服务,但具有多个签名也可以创建问题属性。使用阈值方案,您可能难以在此环境中更改。我们认为有一种更好的方法,不基于阈值方案,而是在双门访问结构上。该想法是阈值方案和访问结构具有关系,并且实际上,用于阈值方案的访问结构集是一组非常重要的结构集,可帮助您了解它们是如何工作的。而不是拥有一个签名者,您有一个签名密钥,而是必须让人们是您的关键签名者,可以协作能够在该组中签署该密钥。如果这是五种计划中的两个,那么两个合格集的人必须同意签署该证书。
展开▼
