Design and Implementation of a Robust Model for Certi cateless Public Key Infrastructure (CL-PKI)

Abstract

Traditional Public Key Infrastructure(PKI) is a known mechanism to solve the public key authentication problem by providing a complete infrastructure for managing the public keys of the users using digital certi cates. PKI su ers from two main problems which are scalability and key management.

Certi cateless Cryptography(CL-PKC) came to address these two problems by pro-viding a certi cate-free public key management system. However, CL-PKC needs some type of infrastructure and models that determine how the CL-PKC can be applied, what is the components of the CL-PKC and their functions are, whether the PKI's trust models can be used in the CL-PKC or the CL-PKC needs its own models, how the PKI can be integrated into or migrated to the CL-PKC system and so forth.

The main objective of this thesis is to increase the practical opportunity of the CL-PKC by investigating and enhancing its weaknesses. The thesis proposes an inte-grated Certi cateless Public Key Infrastructure(CL-PKI) model. The model de nes the components of the CL-PKC, the function of each components and the manage-ment of the user's keys in the system. Furthermore, the thesis extends the proposed CL-PKI model by proposing new schemes which are: short and strong Certi cateless Digital Signature scheme that is provably secure in the Random Oracle Model(ROM), Hierarchal CL-PKI model that has trust level 3. Also, an integrated PKI/CL-PKI model that explains how the two systems can work together without the need to mod-ify the X.509 standard of the PKI. Finally, a Certi cateless Authenticated Two Party Key Agreement protocol(CTAKA) that is used to generate session symmetric keys for encryption/decryption between two users in the system without interaction. The pro-posed CTAKA protocol has resistance to the famous man-in-the-middle attack along with many other security properties.

The thesis proved the security, e ciency and reliability of the proposed CL-PKI model by developing two applications. These applications are secure mail and secure mobile banking systems. They provide the basic security features in the sense of the CL-PKC. Hence, there is no need to sign users public keys as the traditional PKI. So, the important result of the thesis is proving that the management of the users public keys is more e cient in the context of the proposed Cl-PKI model compared to traditional PKI when the number of users gets large.