Paper 2017/028

A Decentralized PKI In A Mobile Ecosystem

Varun Chandrasekaran and Lakshminarayanan Subramanian

Abstract

A public key infrastructure (PKI) supports the authentication and distribution of public encryption keys, enabling secure communication among other uses. However, PKIs rely heavily on a centralized trusted party called the certificate authority (CA) which acts as the root of trust, and is also a single point of compromise. We describe the design of a decentralized PKI utilizing the intrinsic trust of the cellular (GSM) network. Secure Mobile Identities (SMI) is a repetitive key-exchange protocol that utilizes cryptographic proofs to prove the unique identities of mobile users. In this paper, we discuss how one can create strong reputations for an identity despite the presence of an adversary who can exploit the probabilistic one-way trust property of GSM networks. Our evaluation shows minimal computational overhead on existing devices, and quick bootstrap times of under 10 minutes of mobile interaction despite minimal trust assumptions placed, suggesting easy adoption in today's operational ecosystem.

Metadata
Available format(s)
-- withdrawn --
Publication info
Preprint. MINOR revision.
Contact author(s)
vc1113 @ nyu edu
History
2017-07-31: withdrawn
2017-01-13: received
See all versions
Short URL
https://ia.cr/2017/028
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.