Distributing security-mediated PKI

The security-mediated approach to PKI offers several advantages, such as instant revocation and compatibility with standard RSA tools. In this paper, we present a design and prototype that addresses its trust and scalability problems. We use trusted computing platforms linked with peer-to-peer networks to create a network of trustworthy mediators and improve availability. We use threshold cryptography to build a back-up and migration technique which allows recovery from a mediator crashing while also avoiding having all mediators share all secrets. We then use strong forward secrecy with this migration, to mitigate the damage should a crashed mediator actually be compromised. Gabriel Vanrenen is currently a software engineer at Wily Technology, Inc. in Brisbane, CA where he works on J2EE application performance management software. He received a B.A. in Computer Science (Summa Cum Laude) from Dartmouth College. At Dartmouth, he researched trusted third parties and PKI with his Senior Honors Thesis advisor Sean Smith Sean Smith is on the faculty of the Department of Computer Science at Dartmouth College. His current research and teaching focus on how to build trustworthy systems in the real world. He previously worked as a scientist at IBM T.J. Watson Research Center, doing secure coprocessor design, implementation and validation; and at Los Alamos National Laboratory, doing security designs and analyses for a wide range of public-sector clients. Dr. Smith was educated at Princeton (B.A., Math, but only Magna Cum Laude) and Carnegie Mellon (M.S., Ph.D., Computer Science). John Marchesiniis currently a Ph.D. candidate in the Computer Science Department at Dartmouth College. His advisor is Sean Smith, and his research interests are security, distributed systems, and PKI. Before going to Dartmouth, he worked as a software developer for the BindView Corporation and earned a B.S. in Computer Science from the University of Houston (Summa Cum Laude).