Your search keyword '"X.509"' showing total 492 results

1. Fully Hybrid TLSv1.3 in WolfSSL on Cortex-M4

Author

Anastasova, Mila, Azarderakhsh, Reza, Kermani, Mehran Mozaffari, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, van Leeuwen, Jan, Series Editor, Hutchison, David, Editorial Board Member, Kanade, Takeo, Editorial Board Member, Kittler, Josef, Editorial Board Member, Kleinberg, Jon M., Editorial Board Member, Kobsa, Alfred, Series Editor, Mattern, Friedemann, Editorial Board Member, Mitchell, John C., Editorial Board Member, Naor, Moni, Editorial Board Member, Nierstrasz, Oscar, Series Editor, Pandu Rangan, C., Editorial Board Member, Sudan, Madhu, Series Editor, Terzopoulos, Demetri, Editorial Board Member, Tygar, Doug, Editorial Board Member, Weikum, Gerhard, Series Editor, Vardi, Moshe Y, Series Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, and Andreoni, Martin, editor

Published

2024

2. Decentralized Zone-Based PKI: A Lightweight Security Framework for IoT Ecosystems.

Author

El-Hajj, Mohammed and Beune, Pim

Subjects

*INTERNET of things, *ELLIPTIC curve cryptography, *DATA integrity, *SECURITY systems

Abstract

The advent of Internet of Things (IoT) devices has revolutionized our daily routines, fostering interconnectedness and convenience. However, this interconnected network also presents significant security challenges concerning authentication and data integrity. Traditional security measures, such as Public Key Infrastructure (PKI), encounter limitations when applied to resource-constrained IoT devices. This paper proposes a novel decentralized PKI system tailored specifically for IoT environments to address these challenges. Our approach introduces a unique "zone" architecture overseen by zone masters, facilitating efficient certificate management within IoT clusters while reducing the risk of single points of failure. Furthermore, we prioritize the use of lightweight cryptographic techniques, including Elliptic Curve Cryptography (ECC), to optimize performance without compromising security. Through comprehensive evaluation and benchmarking, we demonstrate the effectiveness of our proposed solution in bolstering the security and efficiency of IoT ecosystems. This contribution underlines the critical need for innovative security solutions in IoT deployments and presents a scalable framework to meet the evolving demands of IoT environments. [ABSTRACT FROM AUTHOR]

Published

2024

3. A Blockchain-Based Decentralized Public Key Infrastructure Using the Web of Trust.

Author

Halder, Ratna, Das Roy, Dipanjan, and Shin, Dongwan

Subjects

BLOCKCHAINS, DATA integrity, DATA privacy, PUBLIC key infrastructure (Computer security), COMPUTER access control

Abstract

Internet applications rely on Secure Socket Layer (SSL)/Transport Security Layer (TSL) certifications to establish secure communication. However, the centralized nature of certificate authorities (CAs) poses a risk, as malicious third parties could exploit the CA to issue fake certificates to malicious web servers, potentially compromising the privacy and integrity of user data. In this paper, we demonstrate how the utilization of decentralized certificate verification with blockchain technology can effectively address and mitigate such attacks. We present a decentralized public key infrastructure (PKI) based on a distributed trust model, e.g., Web of Trust (WoT) and blockchain technologies, to overcome vulnerabilities like single points of failure and to prevent tampering with existing certificates. In addition, our infrastructure establishes a trusted key-ring network that decouples the authentication process from CAs in order to enhance secure certificate issuance and accelerate the revocation process. Furthermore, as a proof of concept, we present the implementation of our proposed system in the Ethereum blockchain, confirming that the proposed framework meets the five identified requirements. Our experimental results demonstrate the effectiveness of our proposed system in practice, albeit with additional overhead compared to conventional PKIs. [ABSTRACT FROM AUTHOR]

Published

2024

4. A Blockchain-Based Decentralized Public Key Infrastructure Using the Web of Trust

Author

Ratna Halder, Dipanjan Das Roy, and Dongwan Shin

Subjects

decentralized PKI, X.509, blockchain, Ethereum, smart contract, web of trust (WoT), Technology (General), T1-995

Abstract

Internet applications rely on Secure Socket Layer (SSL)/Transport Security Layer (TSL) certifications to establish secure communication. However, the centralized nature of certificate authorities (CAs) poses a risk, as malicious third parties could exploit the CA to issue fake certificates to malicious web servers, potentially compromising the privacy and integrity of user data. In this paper, we demonstrate how the utilization of decentralized certificate verification with blockchain technology can effectively address and mitigate such attacks. We present a decentralized public key infrastructure (PKI) based on a distributed trust model, e.g., Web of Trust (WoT) and blockchain technologies, to overcome vulnerabilities like single points of failure and to prevent tampering with existing certificates. In addition, our infrastructure establishes a trusted key-ring network that decouples the authentication process from CAs in order to enhance secure certificate issuance and accelerate the revocation process. Furthermore, as a proof of concept, we present the implementation of our proposed system in the Ethereum blockchain, confirming that the proposed framework meets the five identified requirements. Our experimental results demonstrate the effectiveness of our proposed system in practice, albeit with additional overhead compared to conventional PKIs.

Published

2024

5. RSA Keys Quality in a Real-world Organizational Certificate Dataset: a Practical Outlook

Author

Konrad Kamiński and Wojciech Mazurczyk

Subjects

certificates, x.509, rsa keys, pki, vulnerabilities, rsa factorization, Electrical engineering. Electronics. Nuclear engineering, TK1-9971, Telecommunication, TK5101-6720

Abstract

This research investigates the intricacies of X.509 certificates within a comprehensive corporate infrastructure. Spanning over two decades, the examined enterprise has heavily depended on its internal certificate authority and Public Key Infrastructure (PKI) to uphold its data and systems security. With the broad application of these certificates, from personal identification on smart cards to device and workstation authentication via Trusted Platform Modules (TPM), our study seeks to address a pertinent question on how prevalent are weak RSA keys within such a vast internal certificate repository. Previous research focused primarily on key sets publicly accessible from TLS and SSH servers or PGP key repositories. On the contrary, our investigation provides insights into the private domain of an enterprise, introducing new dimensions to this problem. Among our considerations are the trustworthiness of hardware and software solutions in generating keys and the consequential implications of identified vulnerabilities on organizational risk management. The obtained results can contribute to enhancing security strategies in enterprises.

Published

2023

6. Verifying X.509 Certificate Extensions

Author

Welu, Cody, Ham, Michael, Cronin, Kyle, Kacprzyk, Janusz, Series Editor, Pal, Nikhil R., Advisory Editor, Bello Perez, Rafael, Advisory Editor, Corchado, Emilio S., Advisory Editor, Hagras, Hani, Advisory Editor, Kóczy, László T., Advisory Editor, Kreinovich, Vladik, Advisory Editor, Lin, Chin-Teng, Advisory Editor, Lu, Jie, Advisory Editor, Melin, Patricia, Advisory Editor, Nedjah, Nadia, Advisory Editor, Nguyen, Ngoc Thanh, Advisory Editor, Wang, Jun, Advisory Editor, and Latifi, Shahram, editor

Published

2023

7. SSL/TLS

Author

Easttom, Chuck and Easttom, William

Published

2022

8. Developing a Webpage Phishing Attack Detection Tool

Author

Almutairi, Abdulrahman, Alshoshan, Abdullah I., Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, and Arai, Kohei, editor

Published

2022

9. Offline Access to a Vehicle via PKI-Based Authentication

Author

Arm, Jakub, Fiedler, Petr, Bastan, Ondrej, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Habli, Ibrahim, editor, Sujan, Mark, editor, Gerasimou, Simos, editor, Schoitsch, Erwin, editor, and Bitsch, Friedemann, editor

Published

2021

10. Cross-Domain Authentication and Interoperability Scheme for Federated Cloud

Author

Gogna, Monika, Rama Krishna, C., Howlett, Robert J., Series Editor, Jain, Lakhmi C., Series Editor, Somani, Arun K., editor, Shekhawat, Rajveer Singh, editor, Mundra, Ankit, editor, Srivastava, Sumit, editor, and Verma, Vivek Kumar, editor

Published

2020

11. Revisiting the Feasibility of Public Key Cryptography in Light of IIoT Communications.

Author

Astorga, Jasone, Barcelo, Marc, Urbieta, Aitor, and Jacob, Eduardo

Subjects

*OPTICAL communications, *PUBLIC key cryptography, *BUSINESS communication, *DIGITAL certificates, *INDUSTRIAL management, *COMMUNICATION models

Abstract

Digital certificates are regarded as the most secure and scalable way of implementing authentication services in the Internet today. They are used by most popular security protocols, including Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). The lifecycle management of digital certificates relies on centralized Certification Authority (CA)-based Public Key Infrastructures (PKIs). However, the implementation of PKIs and certificate lifecycle management procedures in Industrial Internet of Things (IIoT) environments presents some challenges, mainly due to the high resource consumption that they imply and the lack of trust in the centralized CAs. This paper identifies and describes the main challenges to implement certificate-based public key cryptography in IIoT environments and it surveys the alternative approaches proposed so far in the literature to address these challenges. Most proposals rely on the introduction of a Trusted Third Party to aid the IIoT devices in tasks that exceed their capacity. The proposed alternatives are complementary and their application depends on the specific challenge to solve, the application scenario, and the capacities of the involved IIoT devices. This paper revisits all these alternatives in light of industrial communication models, identifying their strengths and weaknesses, and providing an in-depth comparative analysis. [ABSTRACT FROM AUTHOR]

Published

2022

12. How to Survive Identity Management in the Industry 4.0 Era

Author

Jasone Astorga, Marc Barcelo, Aitor Urbieta, and Eduardo Jacob

Subjects

Automatic enrolment, IIoT, Industry 4.0, SCEP, X.509, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Industry 4.0 heavily builds on massive deployment of Industrial Internet of Things (IIoT) devices to monitor every aspect of the manufacturing processes. Since the data gathered by these devices impact the output of critical processes, identity management and communications security are critical aspects, which commonly rely on the deployment of X.509 certificates. Nevertheless, the provisioning and management of individual certificates for a high number of IIoT devices involves important challenges. In this paper, we present a solution to improve the management of digital certificates in IIoT environments, which relies on partially delegating the certificate enrolment process to an edge server. However, in order to preserve end-to-end security, private keys are never delegated. Additionally, for the protection of the communications between the edge server and the IIoT devices, an approach based on Identity Based Cryptography is deployed. The proposed solution considers also the issuance of very short-lived certificates, which reduces the risk of using expired or compromised certificates, and avoids the necessity of implementing performance expensive protocols such as Online Certificate Status Protocol (OCSP). The proposed solution has been successfully tested as an efficient identity management solution for IIoT environments in a real industrial environment.

Published

2021

13. A Novel Regular Format for X.509 Digital Certificates

Author

Barenghi, Alessandro, Mainardi, Nicholas, Pelosi, Gerardo, Kacprzyk, Janusz, Series editor, Pal, Nikhil R., Advisory editor, Bello Perez, Rafael, Advisory editor, Corchado, Emilio S., Advisory editor, Hagras, Hani, Advisory editor, Kóczy, László T., Series editor, Kreinovich, Vladik, Advisory editor, Lin, Chin-Teng, Advisory editor, Lu, Jie, Advisory editor, Melin, Patricia, Advisory editor, Nedjah, Nadia, Advisory editor, Nguyen, Ngoc Thanh, Advisory editor, Wang, Jun, Advisory editor, and Latifi, Shahram, editor

Published

2018

14. Revisiting the Feasibility of Public Key Cryptography in Light of IIoT Communications

Author

Jasone Astorga, Marc Barcelo, Aitor Urbieta, and Eduardo Jacob

Subjects

ABE, blockchain, DTLS, IIoT, PKI, X.509, Chemical technology, TP1-1185

Abstract

Digital certificates are regarded as the most secure and scalable way of implementing authentication services in the Internet today. They are used by most popular security protocols, including Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). The lifecycle management of digital certificates relies on centralized Certification Authority (CA)-based Public Key Infrastructures (PKIs). However, the implementation of PKIs and certificate lifecycle management procedures in Industrial Internet of Things (IIoT) environments presents some challenges, mainly due to the high resource consumption that they imply and the lack of trust in the centralized CAs. This paper identifies and describes the main challenges to implement certificate-based public key cryptography in IIoT environments and it surveys the alternative approaches proposed so far in the literature to address these challenges. Most proposals rely on the introduction of a Trusted Third Party to aid the IIoT devices in tasks that exceed their capacity. The proposed alternatives are complementary and their application depends on the specific challenge to solve, the application scenario, and the capacities of the involved IIoT devices. This paper revisits all these alternatives in light of industrial communication models, identifying their strengths and weaknesses, and providing an in-depth comparative analysis.

Published

2022

15. Lightweight certificate revocation for low-power IoT with end-to-end security

Author

Höglund, Joel, Furuhed, Martin, Raza, Shahid, Höglund, Joel, Furuhed, Martin, and Raza, Shahid

Abstract

Public key infrastructure (PKI) provides the basis of authentication and access control in most networked systems. In the Internet of Things (IoT), however, security has predominantly been based on pre-shared keys (PSK), which cannot be revoked and do not provide strong authentication. The prevalence of PSK in the IoT is due primarily to a lack of lightweight protocols for accessing PKI services. Principal among these services are digital certificate enrollment and revocation, the former of which is addressed in recent research and is being pushed for standardization in IETF. However, no protocol yet exists for retrieving certificate status information on constrained devices, and revocation is not possible unless such a service is available. In this work, we start with implementing the Online Certificate Status Protocol (OCSP), the de facto standard for certificate validation on the Web, on state-of-the-art constrained hardware. In doing so, we demonstrate that the resource overhead of this protocol is unacceptable for highly constrained environments. We design, implement and evaluate a lightweight alternative to OCSP, TinyOCSP, which leverages recently standardized IoT protocols, such as CoAP and CBOR. In our experiments, validating eight certificates with TinyOCSP required 41% less energy than validating just one with OCSP on an ARM Cortex-M3 SoC. Moreover, validation transactions encoded with TinyOCSP are at least 73% smaller than the OCSP equivalent. We design a protocol for compressed certificate revocation lists (CCRL) using Bloom filters which together with TinyOCSP can further reduce validation overhead. We derive a set of equations for computing the optimal filter pa

Published

2023

16. An Implementation Suite for a Hybrid Public Key Infrastructure

Author

Jason Chia, Swee-Huay Heng, Ji-Jian Chin, Syh-Yuan Tan, and Wei-Chuen Yau

Subjects

digital certificates, identity-based cryptography, public key infrastructure, X.509, Mathematics, QA1-939

Abstract

Public key infrastructure (PKI) plays a fundamental role in securing the infrastructure of the Internet through the certification of public keys used in asymmetric encryption. It is an industry standard used by both public and private entities that costs a lot of resources to maintain and secure. On the other hand, identity-based cryptography removes the need for certificates, which in turn lowers the cost. In this work, we present a practical implementation of a hybrid PKI that can issue new identity-based cryptographic keys for authentication purposes while bootstrapping trust with existing certificate authorities. We provide a set of utilities to generate and use such keys within the context of an identity-based environment as well as an external environment (i.e., without root trust to the private key generator). Key revocation is solved through our custom naming design which currently supports a few scenarios (e.g., expire by date, expire by year and valid for year). Our implementation offers a high degree of interoperability by incorporating X.509 standards into identity-based cryptography (IBC) compared to existing works on hybrid PKI–IBC systems. The utilities provided are minimalist and can be integrated with existing tools such as the Enterprise Java Bean Certified Authority (EJBCA).

Published

2021

17. Analysis of theoretical security level of PDF Encryption mechanism based on X.509 certificates

Author

Joanna Dmitruk and Michał Glet

Subjects

DRM, cryptography, security level, PDF Encryption, Adobe, X.509, Technology

Abstract

PDF Encryption is a content security mechanism developed and used by Adobe in their products. In this paper, we have checked a theoretical security level of a variant that uses public key infrastructure and X.509 certificates. We have described a basis of this mechanism and we have performed a simple security analysis. Then, we have showed possible tweaks and security improvements. At the end, we have given some recommendations that can improve security of a content secured with PDF Encryption based on X.509 certificates. Keywords: DRM, cryptography, security level, PDF Encryption, Adobe, X.509

Published

2017

18. Recent Advances of the Cloud Platform Delivered in the Infrastructure as a Service Model for the PL-Grid Scientific Communities

Author

Meizner, Jan, Nabożny, Maciej, Radecki, Marcin, Szepieniec, Tomasz, Zdybał, Miłosz, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Kobsa, Alfred, Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Bubak, Marian, editor, Kitowski, Jacek, editor, and Wiatr, Kazimierz, editor

Published

2014

19. OVERVIEW OF TLS CERTIFICATE REVOCATION MECHANISMS.

Author

Rajakumar, Jayanth and Subrahmanya K. N.

Subjects

WEB browsers, WORLD Wide Web, PUBLIC key cryptography, REVOCATION, JAVASCRIPT programming language, WEBSITES

Abstract

TLS Certificates are the backbone of the World Wide Web's Public Key Infrastructure. In case of a compromise of private cryptographic keys, it is vital to have the ability to revoke certificates before their validity period expires. This paper describes and contrasts the two major mechanisms for certificate revocation - Certificate Revocation Lists (CRLs) and Online Certificate Status Protocol (OCSP). It is found that modern web clients and browsers such as Google Chrome do not perform stringent checking of certificate revocation status, leaving users open to attackers who use revoked certificates to spoof web sites and services. A browser extension is proposed and implemented for Google Chrome that checks CRL and OCSP status and notifies the user. It can also automatically navigate away from the page if the certificate is found to be revoked. The extension is created using JavaScript and uses a background process written in Python to handle the revocation checking. It is found to be able to complete CRL and OCSP requests for common websites in under a second, and under 200 milliseconds for locally cached responses. [ABSTRACT FROM AUTHOR]

Published

2019

20. PKI Interoperability: Still an Issue? A Solution in the X.509 Realm

Author

Wazan, Ahmad Samer, Laborde, Romain, Barrere, François, Benzekri, Abdelmalek, Chadwick, David W., Dodge, Ronald C., Jr., editor, and Futcher, Lynn, editor

Published

2013

21. Research on ECC Digital Certificate in ATN

Author

Zhijun, Wu, Jihai, Lang, Jun, Huang, He, Xingui, editor, Hua, Ertian, editor, Lin, Yun, editor, and Liu, Xiaozhu, editor

Published

2012

22. X.509 Forensics: Detecting and Localising the SSL/TLS Men-in-the-Middle

Author

Holz, Ralph, Riedmaier, Thomas, Kammenhuber, Nils, Carle, Georg, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Foresti, Sara, editor, Yung, Moti, editor, and Martinelli, Fabio, editor

Published

2012

23. Improvements of pan-European IDM Architecture to Enable Identity Delegation Based on X.509 Proxy Certificates and SAML

Author

Sánchez García, Sergio, Gómez Oliva, Ana, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Samarati, Pierangela, editor, Tunstall, Michael, editor, Posegga, Joachim, editor, Markantonakis, Konstantinos, editor, and Sauveron, Damien, editor

Published

2010

24. Systematic parsing of X.509: Eradicating security issues with a parse tree.

Author

Barenghi, Alessandro, Mainardi, Nicholas, and Pelosi, Gerardo

Subjects

*PARSING (Computer grammar), *COMPUTER network security, *COMPUTER security vulnerabilities, *SECURE Sockets Layer (Computer network protocol)

Abstract

X.509 certificate parsing and validation is a critical task which has shown consistent lack of effectiveness, with practical attacks being reported with a steady rate during the last 10 years. In this work we analyze the X.509 standard and provide a grammar description of it amenable to the automated generation of a parser with strong termination guarantees, providing unambiguous input parsing. We report the results of analyzing a 11M X.509 certificate dump of the HTTPS servers running on the entire IPv4 space, showing that 21.5% of the certificates in use are syntactically invalid. We compare the results of our parsing against 7 widely used TLS libraries showing that 631k to 1,156k syntactically incorrect certificates are deemed valid by them (5.7%–10.5%), including instances with security critical mis-parsings. We prove the criticality of such mis-parsing exploiting one of the syntactic flaws found in existing certificates to perform an impersonation attack. [ABSTRACT FROM AUTHOR]

Published

2018

25. Extending UNICORE 5 Authentication Model by Supporting Proxy Certificate Profile Extensions

Author

Stamou, Katerina, Hedman, Fredrik, Iliopoulos, Anthony, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Bougé, Luc, editor, Forsell, Martti, editor, Träff, Jesper Larsson, editor, Streit, Achim, editor, Ziegler, Wolfgang, editor, Alexander, Michael, editor, and Childs, Stephen, editor

Published

2008

26. Revisiting the Feasibility of Public Key Cryptography in Light of IIoT Communications

Author

Ingeniería de comunicaciones, Komunikazioen ingeniaritza, Astorga Burgo, Jasone, Barceló, Marc, Urbieta Aizpurua, Aitor, Jacob Taquet, Eduardo Juan, Ingeniería de comunicaciones, Komunikazioen ingeniaritza, Astorga Burgo, Jasone, Barceló, Marc, Urbieta Aizpurua, Aitor, and Jacob Taquet, Eduardo Juan

Abstract

Digital certificates are regarded as the most secure and scalable way of implementing authentication services in the Internet today. They are used by most popular security protocols, including Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). The lifecycle management of digital certificates relies on centralized Certification Authority (CA)-based Public Key Infrastructures (PKIs). However, the implementation of PKIs and certificate lifecycle management procedures in Industrial Internet of Things (IIoT) environments presents some challenges, mainly due to the high resource consumption that they imply and the lack of trust in the centralized CAs. This paper identifies and describes the main challenges to implement certificate-based public key cryptography in IIoT environments and it surveys the alternative approaches proposed so far in the literature to address these challenges. Most proposals rely on the introduction of a Trusted Third Party to aid the IIoT devices in tasks that exceed their capacity. The proposed alternatives are complementary and their application depends on the specific challenge to solve, the application scenario, and the capacities of the involved IIoT devices. This paper revisits all these alternatives in light of industrial communication models, identifying their strengths and weaknesses, and providing an in-depth comparative analysis.

Published

2022

27. Towards Trustworthy and Secure Internet of Things Devices : Using hardware-assisted Trusted Execution and Automated Certification

Author

Khurshid, Anum and Khurshid, Anum

Abstract

The advent of Trusted Execution Environments (TEEs) for IoT aligns with the reinforcement of IoT security through recent laws and regulations. A major part of IoT systems comprises of resource-constrained devices, with less margin in memory and computation capabilities to embed sophisticated security solutions. Hence, hardware-based TEEs provide resource-efficient remedies to known attack vectors with reduced software attack surface. In this dissertation, we identified challenges cropping up from the heterogeneity of the IoT infrastructure, that hindered the adoption of TEEs in resource-constrained IoT. We ultimately approach the security of IoT devices through automated certification with hardware-rooted assurance guarantees. The contributions of this dissertation are made through six research papers addressing these challenges. TEEs provide hardware-supported mechanisms to create secure areas to store sensitive data and execute critical software. However, the secure areas lack a secure way to communicate with the rest of the system. Moreover, once a software is placed in the secure areas, it becomes extremely difficult to detect and trace misbehaviour. To this end, we contribute frameworks that strengthen the functionality of TrustZone-M, which is ARM’s TEE designed for resource-constrained IoT. The addition of a secure communication channel in TrustZone-M enabled IoT devices guarantees confidentiality and integrity of shared data between the system applications and the secure areas even in case of a compromised OS. In addition, our contribution to the TrustZone-M secure areas to enable monitoring and blocking of malicious behaviour by applications, adds protection in the presence of untrusted third-party critical software. Secondly, we propose an automated digital certification of IoT devices by combining the Public Key Infrastructure standard authentication mechanisms with attributes of software assurance. The resultant process and the certificate is compliant

Published

2022

28. Hierarchical Secret Sharing in Ad Hoc Networks through Birkhoff Interpolation

Author

Ballico1, E., Boato, G., Fontanari, C., Granelli, F., Elleithy, Khaled, editor, Sobh, Tarek, editor, Mahmood, Ausif, editor, Iskander, Magued, editor, and Karim, Mohammad, editor

Published

2006

29. Secure Role Based Messaging

Author

Chadwick, David, Lunt, Graeme, Zhao, Gansen, Chadwick, David, editor, and Preneel, Bart, editor

Published

2005

30. Towards a Next-Generation Trust Management Infrastructure for Open Computing Systems

Author

Karabulut, Yücel, Robinson, Philip, editor, Vogt, Harald, editor, and Wagealla, Waleed, editor

Published

2005

31. Modifying LDAP to Support PKI

Author

Chadwick, D. W., Ball, E., Sahalayev, M. V., De Capitani di Vimercati, Sabrina, editor, Ray, Indrakshi, editor, and Ray, Indrajit, editor

Published

2004

32. Recursive Certificate Structures for X.509 Systems

Author

Russell, Selwyn, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Dough, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Katsikas, Sokratis K., editor, Gritzalis, Stefanos, editor, and López, Javier, editor

Published

2004

33. Rbac Policies in XML for X.509 Based Privilege Management

Author

Chadwick, D. W., Otenko, A., Ghonaimy, M. Adeeb, editor, El-Hadidi, Mahmoud T., editor, and Aslan, Heba K., editor

Published

2002

34. Public Key Authentication and Key Agreement in IoT Devices With Minimal Airtime Consumption.

Author

Sciancalepore, Savio, Piro, Giuseppe, Boggia, Gennaro, and Bianchi, Giuseppe

Abstract

Computational complexity of public key cryptography over sensor nodes is not anymore a blocking concern in modern devices which natively (and efficiently) support elliptic curve cryptography. The problem has rather shifted toward the significant airtime consumption required to exchange multiple messages and certificates so as to perform authentication and key agreement. This letter addresses such problem by exploiting implicit certificates (elliptic curve Qu-Vanstone). We specifically propose a novel key management protocol (KMP) which suitably integrates implicit certificates with a standard elliptic curve Diffie-Hellman exchange, and performs authentication and key derivation. As confirmed by a proof-of-concept implementation and relevant experimental results, the proposed KMP guarantees maximal airtime savings (up to 86.7%) with respect to conventional approaches, robust key negotiation, fast rekeying, and efficient protection against replay attacks. [ABSTRACT FROM PUBLISHER]

Published

2017

35. Cecoin: A decentralized PKI mitigating MitM attacks

Author

Wenchang Shi, Bin Liang, Qin Wang, Xizhao Luo, Jikun Huang, and Bo Qin

Subjects

Public key certificate, Blockchain, Computer Networks and Communications, Computer science, 02 engineering and technology, Man-in-the-middle attack, Self-signed certificate, Computer security, computer.software_genre, Public-key cryptography, X.509, Certificate authority, 0202 electrical engineering, electronic engineering, information engineering, business.industry, 020206 networking & telecommunications, Public key infrastructure, Trusted third party, Possession (law), Certificate, Root certificate, Hardware and Architecture, 020201 artificial intelligence & image processing, business, computer, Implicit certificate, Software

Abstract

For numerous applications, it is essential to reliably link a public key with its owner. The current solution is to employ the well-known Public Key Infrastructure (PKI), represented by a trusted certificate authority (CA), to fulfill this assignment by signing the certificate for the public key after validating its owner. However, due to the centralized architecture, it raises the single-point failure problem with unpredictable threats. In this paper, we present a distributed certificate scheme, referred to as Cecoin which is inspired by the well-known Bitcoin by employing its irreversible unforgeability and public verifiability. In Cecoin, the certificates can be treated as currencies and recorded on block chain, which removes the single point failure problem. The miners can verify the validity of certificates following a set of rules to ensure ownership consistency, and allow an identity to bind multiple public-key certificates. For efficient retrieval and verification of certificates, and quick operations, we incorporate the modified Merkle Patricia tree and employ it to implement a distributed Certificate Library. To allow the owner to transfer the possession of identity, we design an online fair exchange protocol without a trusted third party. Security and efficiency analyses show that our Cecoin provides strong security with desirable efficiency.

Published

2020

36. A WWW based Certification Infrastructure for Secure Open Network Transactions

Author

Gustaysson, Tomas and Horster, Patrick, editor

Published

1996

37. Reducing e-commerce risks using digital certificates

Author

Piščević Miloš and Simić Dejan

Subjects

Cryptography, digital certificates, X.509, e-commerce, Management information systems, T58.6-58.62

Abstract

E-commerce means buying and selling goods and services across the Internet. Secured communication in e-commerce, across unsecured medium, such as the Internet, represents one of the major components in a domain of providing necessary security- critical demands, so the flow of information could go in a secure way. The Internet, as a global computer network must provide five major security services: confidentiality, data integrity, authentication, availability, and non-repudiation of information. Without guaranteeing aformentioned security goals, risks may be very high in e-commerce systems. A possible way to reduce these risks is to use digital certificates. Digital certificates provide a means of proving identity in electronic transactions, and from the point of view of computer communication they are irreplacable, but nevertheless they provide a good mechanism for implementing the major part of this security goal, and therefore, their usage in e-commerce is the major topic of this paper.

Published

2009

38. On Re-engineering the X.509 PKI with Executable Specification for Better Implementation Guarantees

Author

Sze Yiu Chau, Joyanta Debnath, and Omar Chowdhury

Subjects

Authentication, Programming language, Computer science, Attribute grammar, Interoperability, Public key infrastructure, computer.file_format, computer.software_genre, Certificate, X.509, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Executable, computer, Implementation

Abstract

The X.509 Public-Key Infrastructure (PKI) standard is widely used as a scalable and flexible authentication mechanism. Flaws in X.509 implementations can make relying applications susceptible to impersonation attacks or interoperability issues. In practice, many libraries implementing X.509 have been shown to suffer from flaws that are due to noncompliance with the standard. Developing a compliant implementation is especially hindered by the design complexity, ambiguities, or under-specifications in the standard written in natural languages. In this paper, we set out to alleviate this unsatisfactory state of affairs by re-engineering and formalizing a widely used fragment of the X.509 standard specification, and then using it to develop a high-assurance implementation. Our X.509 specification re-engineering effort is guided by the principle of decoupling the syntactic requirements from the semantic requirements. For formalizing the syntactic requirements of X.509 standard, we observe that a restricted fragment of attribute grammar is sufficient. In contrast, for precisely capturing the semantic requirements imposed on the most-widely used X.509 features, we use quantifier-free first-order logic (QFFOL). Interestingly, using QFFOL results in an executable specification that can be efficiently enforced by an SMT solver. We use these and other insights to develop a high-assurance X.509 implementation named CERES. A comparison of CERES with 3 mainstream libraries (i.e., mbedTLS, OpenSSL, and GnuTLS) based on 2 million real certificate chains and 2 million synthetic certificate chains shows that CERES rightfully rejects malformed and invalid certificates.

Published

2021

39. All your Credentials are Belong to Us: On Insecure WPA2-Enterprise Configurations

Author

Kin Man Leung, Endadul Hoque, Mohsen Minaei, Omar Chowdhury, Man Hong Hue, Joyanta Debnath, Kailiang Xian, Sze Yiu Chau, M. Hammad Mazhar, and Li Li

Subjects

Authentication, Transport Layer Security, business.industry, Network security, Computer science, Public key infrastructure, Computer security, computer.software_genre, Credential, Public-key cryptography, X.509, Server, business, computer

Abstract

In this paper, we perform the first multifaceted measurement study to investigate the widespread insecure practices employed by tertiary education institutes (TEIs) around the globe when offering WPA2-Enterprise Wi-Fi services. The security of such services critically hinges on two aspects: (1) the connection configuration on the client-side; and (2) the TLS setup on the authentication servers. Weaknesses in either can leave users susceptible to credential theft. Typically, TEIs prescribe to their users either manual instructions or pre-configured profiles (e.g., eduroam CAT). For studying the security of configurations, we present a framework in which each configuration is mapped to an abstract security label drawn from a strict partially ordered set. We first used this framework to evaluate the configurations supported by the user interfaces (UIs) of mainstream operating systems (OSs), and discovered many design weaknesses. We then considered 7045 TEIs in 54 countries/regions, and collected 7275 configuration instructions from 2061 TEIs. Our analysis showed that majority of these instructions lead to insecure configurations, and nearly 86% of those TEIs can suffer from credential thefts on at least one OS. We also analyzed a large corpus of pre-configured eduroam CAT profiles and discovered several misconfiguration issues that can negatively impact security. Finally, we evaluated the TLS parameters used by authentication servers of thousands of TEIs and discovered perilous practices, such as the use of expired certificates, deprecated versions of TLS, weak signature algorithms, and suspected cases of private key reuse among TEIs. Our long list of findings have been responsibly disclosed to the relevant stakeholders, many of which have already been positively acknowledged.

Published

2021

40. How to Survive Identity Management in the Industry 4.0 Era

Author

Ingeniería de comunicaciones, Komunikazioen ingeniaritza, Astorga Burgo, Jasone, Barceló, Marc, Urbieta Aizpurua, Aitor, Jacob Taquet, Eduardo Juan, Ingeniería de comunicaciones, Komunikazioen ingeniaritza, Astorga Burgo, Jasone, Barceló, Marc, Urbieta Aizpurua, Aitor, and Jacob Taquet, Eduardo Juan

Abstract

Industry 4.0 heavily builds on massive deployment of Industrial Internet of Things (IIoT) devices to monitor every aspect of the manufacturing processes. Since the data gathered by these devices impact the output of critical processes, identity management and communications security are critical aspects, which commonly rely on the deployment of X.509 certificates. Nevertheless, the provisioning and management of individual certificates for a high number of IIoT devices involves important challenges. In this paper, we present a solution to improve the management of digital certificates in IIoT environments, which relies on partially delegating the certificate enrolment process to an edge server. However, in order to preserve end-to-end security, private keys are never delegated. Additionally, for the protection of the communications between the edge server and the IIoT devices, an approach based on Identity Based Cryptography is deployed. The proposed solution considers also the issuance of very short-lived certificates, which reduces the risk of using expired or compromised certificates, and avoids the necessity of implementing performance expensive protocols such as Online Certificate Status Protocol (OCSP). The proposed solution has been successfully tested as an efficient identity management solution for IIoT environments in a real industrial environment.

Published

2021

41. Longitudinal analysis of the certificate chains of big tech company domains

Author

Klasson, Sebastian, Lindström, Nina, Klasson, Sebastian, and Lindström, Nina

Abstract

The internet is one of the most widely used mediums for communication in modern society and it has become an everyday necessity for many. It is therefore of utmost importance that it remains as secure as possible. SSL and TLS are the backbones of internet security and an integral part of these technologies are the certificates used. Certificate authorities (CAs) can issue certificates that validate that domains are who they claim to be. If a user trusts a CA they can in turn also trust domains that have been validated by them. CAs can in turn trust other CAs and this, in turn, creates a chain of trust called a certificate chain. In this thesis, the structure of these certificate chains is analysed and a longitudinal dataset is created. The analysis looks at how the certificate chains have changed over time and puts extra focus on the domains of big tech companies. The dataset created can also be used for further analysis in the future and will be a useful tool in the examination of historical certificate chains. Our findings show that the certificate chains of the domains studied do change over time; both their structure and the lengths of them vary noticeably. Most of the observed domains show a decrease in average chain length between the years of 2013 and 2020 and the structure of the chains vary significantly over the years.

Published

2021

42. Longitudinal characterization of X.509 revocation statuses : A framework for monitoring newly issued certificates from the most popular Certificate Transparency logs

Author

Halim, Adam, Danielsson, Max, Halim, Adam, and Danielsson, Max

Abstract

The X.509 landscape is one of the cornerstones of the internet today. It is used to establish trust between entities online. Revocations of X.509 certificates are a vital part of the infrastructure to ensure that communicating parties can, in fact, be trusted. Today, these revocations are handled by Certificate Authorities who provide either an OCSP response or a CRL with the revocation status for their certificates. A framework was developed, written in Go, to enable longitudinal characterization of X.509 revocation statuses. We show that using the framework, it is possible to conduct a large scale analysis of X.509 certificates during an extended time. Using the data collected, we present preliminary analysis results and discuss the implications of the findings. We conclude that CAs, in general, behave similarly, with a few exceptions. Furthermore, we believe that large scale longitudinal analysis of revocation statuses provides a basis to hold CAs accountable and increase transparency in the X.509 landscape.

Published

2021

43. An Implementation Suite for a Hybrid Public Key Infrastructure

Author

Ji-Jian Chin, Jason Chia, Syh-Yuan Tan, Wei-Chuen Yau, and Swee-Huay Heng

Subjects

public key infrastructure, Authentication, Public key certificate, Physics and Astronomy (miscellaneous), Computer science, business.industry, X.509, General Mathematics, Interoperability, digital certificates, Public key infrastructure, Cryptography, Computer security, computer.software_genre, Public-key cryptography, Chemistry (miscellaneous), Certificate authority, Computer Science (miscellaneous), identity-based cryptography, QA1-939, The Internet, business, computer, Mathematics

Abstract

Public key infrastructure (PKI) plays a fundamental role in securing the infrastructure of the Internet through the certification of public keys used in asymmetric encryption. It is an industry standard used by both public and private entities that costs a lot of resources to maintain and secure. On the other hand, identity-based cryptography removes the need for certificates, which in turn lowers the cost. In this work, we present a practical implementation of a hybrid PKI that can issue new identity-based cryptographic keys for authentication purposes while bootstrapping trust with existing certificate authorities. We provide a set of utilities to generate and use such keys within the context of an identity-based environment as well as an external environment (i.e., without root trust to the private key generator). Key revocation is solved through our custom naming design which currently supports a few scenarios (e.g., expire by date, expire by year and valid for year). Our implementation offers a high degree of interoperability by incorporating X.509 standards into identity-based cryptography (IBC) compared to existing works on hybrid PKI–IBC systems. The utilities provided are minimalist and can be integrated with existing tools such as the Enterprise Java Bean Certified Authority (EJBCA).

Published

2021

44. The Prediction of Serial Number in OpenSSL’s X.509 Certificate

Author

Jizhi Wang

Subjects

Article Subject, Computer Networks and Communications, Computer science, Hash function, 020206 networking & telecommunications, 02 engineering and technology, Certificate, Collision, X.509, MD5, lcsh:Technology (General), 0202 electrical engineering, electronic engineering, information engineering, lcsh:T1-995, 020201 artificial intelligence & image processing, Limit (mathematics), Arithmetic, lcsh:Science (General), Randomness, lcsh:Q1-390, Information Systems, Vulnerability (computing)

Abstract

In 2007, a real faked X.509 certificate based on the chosen-prefix collision of MD5 was presented by Marc Stevens. In the method, attackers needed to predict the serial number of X.509 certificates generated by CAs besides constructing the collision pairs of MD5. After that, the randomness of the serial number is required. Then, in this case, how do we predict the random serial number? Thus, the way of generating serial number in OpenSSL was reviewed. The vulnerability was found that the value of the field “not before” of X.509 certificates generated by OpenSSL leaked the generating time of the certificates. Since the time is the seed of generating serial number in OpenSSL, we can limit the seed in a narrow range and get a series of candidate serial numbers and use these candidate serial numbers to construct faked X.509 certificates through Stevens’s method. Although MD5 algorithm has been replaced by CAs, the kind of attack will be feasible if the chosen-prefix collision of current hash functions is found in the future. Furthermore, we investigate the way of generating serial numbers of certificates in other open source libraries, such as EJBCA, CFSSL, NSS, Botan, and Fortify.

Published

2019

45. Relay Racing with X.509 Mayflies : An Analysis of Certificate Replacements and Validity Periods in HTTPS Certificate Logs

Author

Bruhner, Carl Magnus, Linnarsson, Oscar, Bruhner, Carl Magnus, and Linnarsson, Oscar

Abstract

Certificates are the foundation of secure communication over the internet as of today. While certificates can be issued with long validity periods, there is always a risk of having them compromised during their lifetime. A good practice is therefore to use shorter validity periods. However, this limits the certificate lifetime and gives less flexibility in the timing of certificate replacements. In this thesis, we use publicly available network logs from Rapid7's Project Sonar to provide an overview of the current state of certificate usage behavior. Specifically, we look at the Let's Encrypt mass revocation event in March 2020, where millions of certificates were revoked with just five days notice. In general, we show how this kind of datasets can be used, and as a deeper exploration we analyze certificate validity, lifetime and use of certificates with overlapping validity periods, as well as discuss how our findings relate to industry standard and current security trends. Specifically, we isolate automated certificate services such as Let's Encrypt and cPanel to see how their certificates differ in characteristics from other certificates in general. Based on our findings, we propose a set of rules to help improve the trust in certificate usage and strengthen security online, introducing an Always secure policy aligning certificate validity with revocation time limits in order to replace revocation requirements and overcoming the fact that mobile devices today ignore this very important security feature. To round things off, we provide some ideas for further research based on our findings and what we see possible with datasets such as the one researched in this thesis.

Published

2020

46. Let’s Attest! Multi-modal Certificate Exchange for the Web of Trust

Author

Tobias Mueller

Subjects

Computer science, business.industry, 0211 other engineering and technologies, 02 engineering and technology, Certification, Encryption, Computer security, computer.software_genre, Certificate, Express trust, Metadata, X.509, Public-key cryptography, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), 020201 artificial intelligence & image processing, The Internet, business, computer, 021101 geological & geomatics engineering

Abstract

On the Internet, trust is difficult to obtain. With the rise of the possibility of obtaining gratis x509 certificates in an automated fashion, the use of TLS for establishing secure connections has significantly increased. However, other use cases, such as end-to-end encrypted messaging, do not yet have an easy method of managing trust in the public keys. This is particularly true for personal communication where two people want to securely exchange messages. While centralised solutions, such as Signal, exist, decentralised and federated protocols lack a way of conveniently and securely exchanging personal certificates.This paper presents a protocol and an implementation for certifying OpenPGP certificates. By offering multiple means of data transport protocols, it achieves robust and resilient certificate exchange between an attestee, the party whose key certificate is to be certified, and an attestor, the party who will express trust in the certificate once seen. The data can be transferred either via the Internet or via proximity-based technologies, i.e. Bluetooth or link-local networking. The former presents a challenge when the parties interested in exchanging certificates are not physically close, because an attacker may tamper with the connection. Our evaluation shows that a passive attacker learns nothing except the publicly visible metadata, e.g. the timings of the transfer while an active attacker can either have success with a very low probability or be detected by the user.

Published

2021

47. Longitudinell analys av certifikatkedjor till domäner tillhörande stora teknikföretag

Author

Klasson, Sebastian and Lindström, Nina

Subjects

PKI, CA, X.509, Computer Sciences, SSL, certificate validation, Datavetenskap (datalogi), internet security, certificate chains, Project Sonar, TLS, network security, certificate authorities, certificates

Abstract

The internet is one of the most widely used mediums for communication in modern society and it has become an everyday necessity for many. It is therefore of utmost importance that it remains as secure as possible. SSL and TLS are the backbones of internet security and an integral part of these technologies are the certificates used. Certificate authorities (CAs) can issue certificates that validate that domains are who they claim to be. If a user trusts a CA they can in turn also trust domains that have been validated by them. CAs can in turn trust other CAs and this, in turn, creates a chain of trust called a certificate chain. In this thesis, the structure of these certificate chains is analysed and a longitudinal dataset is created. The analysis looks at how the certificate chains have changed over time and puts extra focus on the domains of big tech companies. The dataset created can also be used for further analysis in the future and will be a useful tool in the examination of historical certificate chains. Our findings show that the certificate chains of the domains studied do change over time; both their structure and the lengths of them vary noticeably. Most of the observed domains show a decrease in average chain length between the years of 2013 and 2020 and the structure of the chains vary significantly over the years.

Published

2021

48. PLANNING FOR PKI WITHIN THE EDUCATIONAL ENVIRONMENT.

Author

Marian, Marius

Subjects

*SCHOOL environment, *COMPUTER security, *DIGITAL certificates, *CONFIDENTIAL communications, *ELECTRONIC system security measures

Abstract

This paper is presenting our current effort in building a public-key infrastructure to support security services within our university. Digital certificates will provide authentication and confidentiality for entities (systems, persons) engaging in electronic transactions and a better access control management for administrators of IT services. [ABSTRACT FROM AUTHOR]

Published

2011

49. Issuance of Proxy Certificate Residing In Web Portal By Browser Based Digital Certificate Through HyperText Transfer Protocol.

Author

Sea Chong Seak, Ng Kang Siong, Tan Fui Bee, and Haron, Galoh Rashidah

Subjects

DIGITAL certificates, WEB portals, WEB browsers, HTTP (Computer network protocol), INTERNET servers

Abstract

Proxy certificate has been used in many web portal services, especially if the remote services require the services to act on user behalf to connect to other servers that require certificate based authentication. This paper describes the method of enabling direct creation of proxy certificate via web browser to web portal using user's private key that resides in client computer. This method can be used for proxy certificate issuance on any web based applications. For example, proxy certificate can use by web services portal for job delegation and single sign-on to multiple computing nodes. [ABSTRACT FROM AUTHOR]

Published

2009

50. ACCESS CONTROL BASED ON ATTRIBUTE CERTIFICATES.

Author

Kleinhuis, Geert, Gelbord, Boaz, Hut, Hiddo, and Kwast, Erik

Subjects

ACCESS control, FILTERING software, COMPUTER security, SECURITY systems, COMPUTER access control

Abstract

In this paper we discuss a n access control security architecture based on Attribute Certificates for encapsulating authorisation information as well as an implementation of this architecture. The suggested architecture allows a more rapid, transparent and standardised deployment of future access control services on the Internet. We focus on the access decision function in this architecture and the authorisation information it depends upon. This work reflects our experiences within the HARP (Harmonization For The Security Of Web Technologies And Applications); IST-Project project partly funded by the European Union. [ABSTRACT FROM AUTHOR]

Published

2002