PKI (Cryptography) Research Papers - Academia.edu (original) (raw)

2025

The design and delivery of interoperable e-services has proven essential for the modernization of e-governance. In this context, the establishment of a common framework which sets the basis for implementing e-government services is fundamental. In this paper we present an outline of the Greek e-Government Interoperability Framework and the lessons learned so far in the context of implementing it for the purposes of the Greek portal of the public administration, called Hermes.

2025, International journal of simulation: systems, science and technology

Each Automata model has various applications such as Finite automata which are used in compilers and text processing; Context-free grammar (CFGs) which was originally used in the study of human language, programming language and artificial intelligence; and lastly the Cellular automata used in the field of biology. The study of plants is under the umbrella of biology which in this study focuses on the Vascular plants. The study applied cellular automata model in finding or predicting the family where a particular plant belongs. Using the evolutionary algorithm particularly the Wolfram Classification Scheme, in particular the Moore model has helped the researchers predict what particular key the plant may belong from the 8 key plant classification of angiosperm plants. The study was able to identify that each plant can have one or more key plant classifications. Further, we also used finite automata to determine the plants under each key plant classifications.

2025, International journal of simulation: systems, science & technology

2025

This paper presents and compares several trust models currently being considered and applied for use with public-key certificate infrastructures based on the X.509 specification, including subordinated hierarchies, cross-certified meshes, hybrids, bridge CAs, and trust lists. Approaches and issues concerning constraints on path validity are also considered, as are aspects of path construction.

2025

del Govtech. II. Ámbitos o materias concretas reguladas programática y legalmente el año 2019 para el PAE en Chile y en la modificada Ley N°19.880. III. Las notificaciones administrativas electrónicas, único ámbito no postergado... more

2025, Journal of Research and Development

The project explores the use of digital documents as a response to the problems presented by physical documents, since they are at risk of partial or total loss.The solution is the digitalization that plays a very important role in society and the contemporary world. This helps sustainability and the preservation of natural resources.The security of the archives is a necessity that requires as solution to use the technology of public key infrastructure (PKI) to generate a digital document, besides registering the public and private keys of the personnel that has the legal power to sign them. These documents are stored on an official server and distributed among the registered hosts of the network. This certificatewill help to detect changes in an unauthorized way, when comparing the document with the original. In this phase of distributed verification, the Blockchain technology will be used.Then the proposal is to build a tool to generate digital documents, in addition to managing p...

2025

The European Commission identified the need for electronic signature as a key issue for electronic commerce and issued Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures. According to the Directive "Member States shall bring into force the laws, regulations and administrative provisions necessary to comply with this Directive before 19 July 2001." During the preparation of Slovak e-signature law some key problems determining the philosophy of the law were identified. The other problems appeared when the public key infrastructure (PKI) was discussed. The paper addresses some of these problems and proposes possible solutions.

2025, HAL (Le Centre pour la Communication Scientifique Directe)

2025

Cryptography is one of the most important and widely utilized applications in our daily lives, particularly in the protection of user data and information numerous organizations such as banks, government institutions, and communication companies require the use of a cryptosystem to safeguard their data during Internet transmissions and ensure secure transfer from the sender to the receiver. Cognitive cities are regularly automating the day-to-day urban processes and constantly expanding the objective-driven communities' collection to share the personal data that must be stored securely. The cloud provides a desirable platform for cognitive smart cities to access user data, enabling them to adapt their current actions and learn from past experiences. Various algorithms are used in cryptosystems to secure user data and information by encryption and decryption in all elds. Symmetric and asymmetric are the two types of cryptographic algorithms, which are used to secure user communication. Cryptography assists users in achieving data condentiality, integrity, availability, authentication, and non-repudiation. In this paper, various methodologies like the ElGamal algorithm, RSA algorithm, Ring algorithm, and Hermitian curve algorithm are used for geometric shape cryptosystems to secure the data effectively. Cryptosystem algorithms enable high-security performance,

2024

The exponential growth of Big Data has revolutionized numerous industries by enabling the extraction of valuable insights from vast and diverse datasets. However, this advancement is accompanied by significant privacy and security challenges that impede the full potential of data analytics. Privacy-Preserving Data Mining (PPDM) emerges as a critical approach to mitigate these challenges, ensuring individual privacy while maintaining data utility. This paper presents a comprehensive survey of state-of-the-art PPDM methodologies within Big Data environments, encompassing privacy models, data transformation techniques, privacy-preserving machine learning algorithms, and privacy economics. Through an extensive literature review and analysis of real-world applications in healthcare and finance, we identify key challenges and gaps in current practices. Additionally, we propose a cohesive privacy framework aimed at guiding researchers and practitioners in implementing robust privacypreserving mechanisms. The study also explores emerging trends such as advanced cryptographic techniques, privacy-preserving query processing, and the integration of privacy in machine learning. By addressing the balance between data utility and privacy, this research contributes to the advancement of ethical and secure Big Data analytics, paving the way for future innovations and interdisciplinary collaborations in the field.

2024, International Research Journal of Advanced Engineering and Science

This article explores the role of educational initiatives in enhancing privacy standards within Cardano's blockchain ecosystem, emphasizing the importance of user and developer education in maintaining data security and compliance. Cardano, launched in 2017, distinguishes itself from other blockchains with a unique twolayer architecture and a proof-of-stake consensus model that prioritize scalability, security, and user empowerment. As Cardano's ecosystem grows, the integration of privacy features like Zero-Knowledge Proofs (ZKPs), the Extended UTXO model, and decentralized identity solutions highlights the need for robust privacy education to help users navigate blockchain complexities. Through a comprehensive analysis of academic collaborations, case studies, and educational strategies, this paper demonstrates how Cardano fosters a community of informed users and developers who advocate for privacy standards and responsible data management. Additionally, it discusses the challenges in blockchain privacy education, such as technical
complexity and misinformation, and suggests strategies to address
these issues. By investing in continuous, accessible education,
Cardano aims to build a secure, transparent, and privacy-conscious
blockchain ecosystem that empowers individuals and sets a benchmark
for privacy standards across the blockchain industry.

2024

Hubungan antara Sukarno dan PKI mencerminkan ketegangan dalam konteks politik yang luas. Di satu sisi, PKI berfungsi sebagai kekuatan progresif yang mendukung perjuangan kemerdekaan dan pergerakan sosial. Di sisi lain, hubungan ini juga... more

2024, SMPIT ALMULTAZAM

Pembrontakan pki

2024, DergiPark (Istanbul University)

This article is licensed with Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0

2024, ACM journal on autonomous transportation systems

The automotive industry has been enhancing autonomous driving systems utilizing the computation and communication networks embedded in vehicles (e.g., cellular networks and sensors) and roadside units (e.g., radar and cameras). Robust security and privacy requirements are essential in Intelligent Transportation Systems (ITSs). To satisfy these requirements, most developed autonomous driving systems (e.g., Waymo and Tesla) use machine learning. Machine learning models trained on sensitive raw data promise improvements in performance; however, they cannot provide privacy for sensitive raw data and users. Federated learning advances privacy-preserving distributed machine learning by aggregating the model parameter updates from individual devices in a secure manner. Security Credential Management System (SCMS) for Vehicle to Everything (V2X) communication provides a guarantee for authentication in a privacy-preserving manner and punishes misbehaving vehicles through misbehavior reporting. In this article, we design a secure aggregation protocol for privacy-preserving federated learning for vehicular networks. Our protocol allows a server to verify vehicles in a secure manner and is used to aggregate each vehicle-provided global model update for federated learning. We prove our protocol for security in the honest but curious framework and detect active adversary attacks, as well as show that it provides trust in different domains (e.g., SCMS and outside the domain of SCMS) and in a privacy-preserving manner for vehicles using SCMS. We analyze the process of federated learning in each vehicle and server while communicating during driving on several types of roads (e.g., local, urban, and rural) using cellular networks (LTE and 5G).

2024, HAL (Le Centre pour la Communication Scientifique Directe)

La cryptographie est un domaine propice pourétudier les interactions entre mathématiques et informatique. Nous présentons la conception d'une situation didactique basée sur un système cryptographique asymétrique. Cette situation aété... more

2024, eGOV INTEROP'05, 1st …

Abstract: In this paper we have identified all possible hurdles and obstacles in finding a Pan European interoperable electronic identity management solution. We have also given a brief overview of the existing electronic identity... more

2024, International Journal of Computer Science and Information Security (IJCSIS), Vol. 22, No. 3, June 2024

IoT, or the Internet of Things, describes a network of networked objects that are equipped with software, sensors, and other technologies to gather and share data. However, blockchain is a distributed ledger technology that makes it possible to record transactions over a network of computers in a safe, transparent, and unchangeable. The way that blockchain and IoT can enhance each other's advantages is how they are connected: Blockchain technology, with its decentralized and impenetrable ledger, offers safe and effective storage and transfer of the massive volumes of data generated by Internet of Things devices. Organizations may guarantee the security and integrity of IoT data by incorporating blockchain technology into IoT systems. This will allow for reliable and open communications and transactions between users and devices. Here, we summarize the current body of research and draw attention to the main cybersecurity issues facing blockchain-based Internet of Things platforms. These problems are divided into three primary categories: (i) security of IoT devices; (ii) security of blockchains; and (iii) integration of IoT devices with blockchain (network security). To further address a little about these issues and improve the cybersecurity of blockchain-based IoT systems, we also analysis future research directions.

2024

Security technologies for XML, the XML Encryption and the XML Signature developed by the World Wide Web Consortium, will play a vital role in security on the Internet. A binary X.509 certificate encoded in ASN.1 is included in the XML Signature. We propose to extend the XML Signature to fully represent X.509 certificate information in XML. We developed the specifications for extensions. We implemented a converter that transforms between the ASN.1 representation and XML representation of an X.509 certificate that was aimed to verify the validity of our proposal. World Wide Web security is an important issue on the Internet and trusted information is critical. We experimented with Web page signing, applying the extended XML Signature. We propose the scheme for signed Web pages based on the XML Signature. We conducted a test implementation of the scheme with the extended XML Signature. We verified that the proposed scheme could easily be implemented and incorporated into the current Web environment as well as the effectiveness of the extended XML Signature. The paper concludes by identifying necessary areas for future standardization.

2024, Proceedings of the International Conference on Security and Cryptography

2024, IAI ACADEMIC CONFERENCE PROCEEDINGS

Today, a higher level of safety in communications over electronic networks is needed. Public Key Infrastructure (PKI) represents a way to enable a high level of safety in the means of pairing keys between users. It represents the basis on which other applications, systems and components of network security are built. PKI represents a broad approach that is constantly evolving to meet the growing needs of the business world. As e-mail represents the most common form of communication in the business world, the use of a PKI system will increase the level of safety of e-mail communication between users. This paper describes the basic concepts related to PKI systems methods of implementation of these systems, certificates, design and implementation of PKI systems in electronic mail.

2024, ACM JATS

The automotive industry has been enhancing autonomous driving systems utilizing the computation and communication networks embedded in vehicles (e.g., cellular networks and sensors) and roadside units (e.g., radar and cameras). Robust security and privacy requirements are essential in Intelligent Transportation Systems (ITS). To satisfy these requirements, most developed autonomous driving systems (e.g., Waymo and Tesla) use machine learning. Machine learning models trained on sensitive raw data promise improvements in performance; however, they cannot provide privacy for sensitive raw data and users. Federated learning advances privacy-preserving distributed machine learning by aggregating the model parameter updates from individual devices in a secure manner. Security Credential Management System (SCMS) for Vehicle to Everything (V2X) communication provides a guarantee for authentication in a privacy-preserving manner and punishes misbehaving vehicles through misbehavior reporting. In this paper, we design a secure aggregation protocol for privacy-preserving federated learning for vehicular networks. Our protocol allows a server to verify vehicles in a secure manner and is used to aggregate each vehicle-provided global model update for federated learning. We prove our protocol for security in the honest-but-curious framework and detect active adversary attacks, as well as show that it provides trust in diferent domains (e.g., SCMS and outside the domain of SCMS) and in a privacy-preserving manner for vehicles using SCMS. We analyze the process of federated learning in each vehicle and server while communicating during driving on several types of roads (e.g., local, urban, and rural) using cellular networks (LTE and 5G).

2024, Information Security Technical Report

In this paper we describe the Royal Holloway key escrow scheme, which provides a solution to the problem of managing cryptographic keys for endto-end encryption in a way that meets legal requirements for warranted interception.

2024, International journal of simulation: systems, science & technology

Fog computing enables processing at the edge, while still offering the possibility to interact with the cloud. The massive amounts of data produced from connected applications, as well as the latency-critical issue have motivated researchers to adopt fog computing technology. Development of an effective and reliable traffic system has always been a worldwide concern especially in cities characterized by heavy traffic and high traffic congestion index. Fog computing can help in road traffic congestion mitigation. This paper introduces fog computing and its relevance to both cloud computing and the internet of things (IoT) along with a model for mitigation of traffic congestion. Fog nodes are proposed to be assigned tasks of acquiring, analyzing, and processing local traffic data at traffic junctions. The obtained results show that more reliable traffic is achieved, where congestion could be reduced through homogeneous traffic distribution by regarding the average rate of traffic flow among the fog nodes.

2024, Lecture Notes in Computer Science

This paper presents a proper solution for a medium enterprise or public institution that enables easier management of the digital documents library and eases the common document workflows. The main problem addressed by the proposed project is the complexity of document workflows in public administration. Documents that need to be filled out and signed are always around us and often can cause problems and delays when poorly managed. With its characteristics, our solution eliminates all the inconvenient of the document workflows helped by the document library and workflows, while keeping the security part, now represented by hand signatures with the implementation of the digital signatures. The main benefit it brings to the client is that it automates the signing and approval process to any kind of document it uses inside or outside the company. The signature system allows signing on multiple levels (counter-signatures) and multiple signatures per level (cosignatures) for perfectly mimicking a plain document.

2024, Journal of Science & Technology

Public Key Infrastructure (PKI) serves as a foundational element in the realm of securing Vehicle-to-Everything (V2X) communication networks. Its primary objective is to uphold the authenticity, confidentiality, and integrity of data... more

2024

Key Escrow INFOSEC Devices. Cryptography, including confidentiality protection and digital signatures, will be used to protect those communications. The Programming Device will also support automatic logging and high volume chip production. Key Component Storage and Release Key Component Storage-Each Escrow Agent stores its disks of key escrow data in two sets of double locked safes. Each safe contains two complete sets of Encrypted Key Components, so there are four sets total. The safes are double locked,-The KES will use configuration management to protect against unauthorized modiJications of software. Changes to sojCltware will require approval by a Configuration Management Board.

2024, International Journal of Simulation: Systems, Science & Technology

This paper presents the investigation into the performance of Lyapunov pole placement (LPP), linear quadratic regulator (LQR) and proportional-integral-derivative (PID) control schemes for payload sway control and trolley position tracking of a gantry crane system. A 2D gantry crane system is considered. The nonlinear model of the system is derived using the Lagrangian energy equation and then linearized using Taylor's series expansion. To investigate the performances of the designed controllers, a unit step input as a reference perturbation is applied to the controllers. MATLAB simulation results of the responses are analysed in time domain. The response time specifications of the trolley position, level of payload sway reduction, and robustness to parameter variation and uncertainties are used to assess the performances of the controllers.

2024, Proceedings of the 20th conference of the computer-human interaction special interest group (CHISIG) of Australia on Computer-human interaction: design: activities, artefacts and environments - OZCHI '06

Federated identity management is often viewed by corporations as a solution to support secure online commerce by synthesising complex and fragmented user information into a single entity. However previous research (Satchell et al 2006) has revealed a new set of end user needs for the design of identity management systems. This paper explores these needs from an identity management provider perspective, finds both alignment and divergence in needs and identifies a generational shift as a major cause of the differing needs. Whilst X and Y generations do not react strongly to concerns about digital identity theft or misappropriation of information, they seek to create and control their digital representations to be streamlined, portable across domains and revealing elements of their real life identity. There is still a considerable challenge for providers who must look beyond 'security' and 'authentication' to include 'user control', 'synthesis', 'portability' and 'personalisation' in the design of their systems.

2024, 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)

In past, several Certificate Authority (CA) compromise and subsequent mis-issue of certificate raise the importance of certificate transparency and dynamic trust management for certificates. Certificate Transparency (CT) provides transparency for issued certificates, thus enabling corrective measure for a misissued certificate by a CA. However, CT and existing mechanisms cannot convey the dynamic trust state for a certificate. To address this weakness, we propose Smart Contract-assisted PKI (SCP)a smart contract based PKI extension-to manage dynamic trust network for PKI. SCP enables distributed trust in PKI, provides a protocol for managing dynamic trust, assures trust state of a certificate, and provides a better trust experience for end-users.

2024, International Journal of Science and Research Archive

In recent years, the use of electronic identification has become increasingly popular, with more and more countries implementing this technology. E-IDs are used for a variety of purposes, including accessing government services, voting, and conducting financial transactions. The electronic chip embedded in the card stores a wealth of personal information, including biometric data, residency information, and personal photographs. While e-IDs have many benefits, they also pose significant risks, particularly when it comes to the security of personal information.The aim of this research paper is to explore the risks associated with e-IDs and to identify the factors that contribute to these risks. We will examine the potential consequences of these risks, including identity theft, financial fraud, and other forms of cybercrime. In addition, we will provide recommendations on how to mitigate these risks and ensure that e-IDs are used safely and securely.

2024, International journal of health sciences

All certificates, including those for secondary school graduation, high school diplomas, and college degrees, have been converted to digital form and made accessible to students at higher education institutions. It's essential for learners to keep track of their diplomas. It is a complex and time-consuming process for the institution or organization to verify or authenticate a certificate's validity. This application would aid in the safekeeping of the certificates on the block chain. Digital certificates are created by first digitising the original paper certificates. The certificate's hash code value is generated using the chaotic technique. It is then added to the block chain. The mobile application is used to verify these certifications. We can make digital certificate verification more reliable and safe by implementing block chains.

2024, Anuario da Facultade de Dereito da Universidade da Coruña

Las tecnologías de la comunicación y de la información de algún modo están modificando la manera tradicional de relacionarse entre las personas y entre las organizaciones, estas transformaciones sociales exigen la intervención del derecho. La doctrina discute sobre el alcance que debe tener esta intervención del derecho, pero nadie duda sobre la gran aceleración del mundo y la intensa velocidad de estos cambios, como tampoco de que, nunca antes en la historia del Derecho, habíamos vivido un momento en el que los cambios se sucedieran con tanta velocidad. Palabras clave: TIC y derecho-transformaciones jurídicas-nuevo tiempo jurídico.

2023

(ITL) at the National Institute of Standards and Technology (NIST) pronnotes the U.S. economy and public welfare by providing technical leadership for the Nation's measurement and standards infrastructure for information technology. ITL develops tests, test methods, reference data, proof of concept implementations and technical analyses to advance the development and productive use of information technology. ITL's responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in federal computer systems. This Special Publication 800 series reports on ITL's research, guidance, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations.

2023

2023, Indian journal of science and technology

Objectives: To build a bridge to provide a solution by developing a lightweight ECDSA method that is not only lower in computational aspect but also is more secure than the Zhong's ECDSA. Methods: The proposed research work performs cryptanalysis of Zhong's ECDSA and demonstrates that the method fails to withstand MITM attacks. The proposed ECDSA uses only 1 elliptic curve point multiplication ECPM operation, 1 Modular multiplication operation and zero Modular Inverse operations making it lightweight in terms of computational time. Zero inverse operations save computational time as the process involves scalar mathematics which is time-consuming. Findings: Zhong's ECDSA is not secure. Additionally, the technique takes 13.28% less time to sign data than the suggested ECDSA method. Through proofs, it is shown by comparison of the proposed ECDSA and Zhong's ECDSA and cryptanalysis that the proposed ECDSA is more applicable in real time. Although Zhong's Method for Signature verification at the Receiver end takes 8.2% more time, the recommended technique stands out in comparison to Zhong's ECDSA w.r.t security. Novelty: The work is a detailed expression of the provablysecure attack-resistant lightweight digital signature based on elliptical curve for resource constrained applications. Advancing, the novelty of the work lies in the comparison of the two techniques w.r.t their performance parameters like number of keys generated, time taken to generate keys, number of keys verified, time taken for key verification, time taken for Signature generation and time taken for Signature verification.

2023, International Journal of Blockchains and Cryptocurrencies

Transport layer security protocols ensure secure and encrypted communications on the internet. The security of TLS protocols relies on properly validating digital certificates containing the public keys of domains during the handshake authentication. These certificates are issued by certificate authorities (CAs). However, mis-issued certificates have been used to attack users. To monitor CA behaviour, certificate transparency (CT) and a decentralised system, instant karma public key infrastructure (IKP) were proposed, however, they do not tackle domain misbehaviour. Based on CT and IKP, a decentralised system is proposed using the Ethereum framework to handle the misbehaviour of domains and enhance the security of TLS. The proposed system utilises CT logs to detect and respond to domain misbehaviour.

2023, Documentación administrativa

En 1998 tuve el honor de exponer algunas ideas sobre la problemática de la informática y el Derecho, con especial referencia a los actos administrativos, en las Jornadas organizadas por la Universidad Austral, gracias a mi Profesor y amigo Julio Rodolfo COMADIRA. Hoy nuevamente, gracias a la generosidad del Profesor Comadira y la actual convocatoria efectuada por el Profesor Luciano PAREJO ALFONSO, tengo la distinción de poder transmitirles los avances en la materia, como se verá a continuación. Pues bien, en seis años, en Argentina se han dado una serie de avances en la materia que es menester destacar, tales como la digitalización de la información pública en sitios tales como mecon.gov.ar, 1

2023, Security and Communication Networks

In recent years, the attention of online cross-university courses has been increasing, and students in universities want to increase their knowledge and professional skills by taking online courses from different universities, which raises the issue of course credit verification. In the past, the credits obtained by students in online courses lack endorsement from the education department, and the students’ learning process could not be verified. Therefore, the credits of online courses in one university could not be recognized by other universities. The education departments of some countries and regions implement credit conversion rules to convert the credits obtained by students in online courses into university credits or certificates endorsed by the education department. However, these schemes rely too much on the authority of the education department, and the process of students obtaining credits cannot be verified. In addition, the centralized storage method makes the data of...

2023

Agricultura 4.0: uma abordagem a partir dos princípios FAIR e tecnologia blockchain para gestão de dados de levantamentos pedológicos. CAI.

2023

El Gobierno de la Provincia de Buenos Aires se encuentra comprometido en la modernización del Estado, incorporando la digitalización de los procesos internos a efectos de facilitar la gestión, acceso y perdurabilidad de la información y la reducción de plazos y costos administrativos. La Firma Digital contribuye a incrementar los niveles de eficiencia de la función pública, agilizando la tramitación de las actuaciones administrativas a través de la incorporación de documentos digitales, que aseguren la autenticidad e integridad de su contenido. En el mes de enero de 2015 se implementó el Sistema de Recibos de Sueldo Firmados Digitalmente aprobado por Resolución del Secretario General de la Gobernación N° 75 de septiembre del 2014. El sistema permite la gestión de recibos de sueldo digitales firmados digitalmente de acuerdo a la normativa vigente, la cual establece la igualdad jurídica entre un documento en papel con firma hológrafa y un documento firmado digitalmente.

2023

While there is wide agreement on the immense potential of Internet, its growth and performance are adversely affected by security issues. Despite its impressive size, scope and reach, the Internet has not yet become a common vehicle for many of these new possibilities. Progress in fields as electronic commerce and government-citizen relationships have been limited by the open design of the network itself. Today, Public-Key Infrastructures are the basis of the protocols and tools needed to guarantee the security demanded in those fields. Trust management and user identification are also important issues that remain unresolved. This paper introduces a key management and user identification system, named Cert'eM, that is based on the electronic mail service. Cert'eM provides important advantages over existing Public-Key Infrastructures and user identification proposals.

2023, Journal of Information Security

Public Key Infrastructure (PKI) is a comprehensive information security framework for providing secure information and communication over the internet. Its need and use has grown over the years and continually grows. This research work examines the current PKI framework's validation process as operated by vendors and subscribers to identify the drawbacks and propose enhanced approaches to its validation mechanism. Using an approach of reviewing secondary data, critical weaknesses of integrity, proof of trust and single point-of-failure were identified with the current PKI framework. This study therefore advances proposed solutions to address the identified weaknesses by specifically introducing multiple Certificate Authorities, storage, visibility and searchability of subscriber information in public repository. A comprehensive detail of its implementation is proposed to address the identified weaknesses of uncertain integrity, trust for certificate authorities and prevent a single point of failure. Furthermore, the proposed enhancements are validated with the protection motivation theory and a framework for empirically testing the enhancements is suggested. Further research would be required to factor in multi-factor authentication without compromising performance.

2023, DergiPark (Istanbul University)

eID cards and electronic authentication known as E-authentication are becoming more and more popular at Government and Business institutions for recent years and both concepts will continue to remain important for the next decade. Especially in Europe, almost all of the countries have an eID project and the level of the progress varies based on the countries. The citizens have gained great benefits from those e-Government Applications in terms of easy use of the services, and rapid return of the results. But there is a big issue from the service provider point of view. Since the resource which is shared by the service requester is very big and the eligibility of the requester is not easy to identify in electronic environments. The main necessity of the entire e-Government and e-Business system is to provide a common electronic authentication system that guaranties the eligibility of the service requester (citizen) of a service in an electronic environment is the right person. After stating the principles of Authentication, we introduce Turkish eID card and Electronic Authentication, System (EAS) respectively. We share the experiences that we have obtained during the pilot application of the projects. We discuss the abilities of reducing the bureaucracy in business services via the support of eID card and EAS. As a future work, we identify the requirements for a Turkish eID Integration Center for eID integration with e-Government and e-Business applications.

2023

2023, DergiPark (Istanbul University)

Günümüzde akıllı kartlar sıklıkla bilgi teknolojileri alanında kullanılmaya başladığından güvenlik önemli bir konu haline gelmiştir. Bu yazıda özellikle akıllı kartların güvenliğine yönelik saldırılar anlatılmıştır. Akıllı kart geliştirilmesi ile ilgili çalışmalar sırasında dikkat edilmesi gereken güvenlik konuları üzerinde durulmuştur. Bu makale güvenli akıllı kart işletim sistemi gereklerini ve akıllı kart donanım ve işletim sisteminin sağlaması gereken ortak ölçüt güvence seviyesini belirtir. Ayrıca bu makalede "dinamik güvenlik işlevi" olarak adlandırılan yeni güvenlik yaklaşımı ve kullanımı da anlatılmıştır.