~~NOTOC~~ ====== Keyword: Security ====== If you have published anything not in the list, please add the bibliography entry to the list. Instructions can be found in the [[https://gitlab.fi.muni.cz/labak/wiki-publications|GitLab repository]] Note down also the information on rejections and authorship percentages. We keep track of our lab efforts and author shares are useful for dissertation proposal/dissertation/habilitation/... There is a [[:internal:crocs:submissions|dedicated page where to write them]]. ==== 2024==== * **The Power of Many: Securing Organisational Identity Through Distributed Key Management**\\ [[:publications:authors:mariia-bakhtina|Mariia Bakhtina]], [[:publications:authors:jan-kvapil|Jan Kvapil]], [[:publications:authors:petr-svenda|Petr Svenda]] and [[:publications:authors:matulevicius-raimundas|Matulevicius Raimundas]],\\ //Advanced Information Systems Engineering//, Springer Nature Switzerland, 2024, 475--491.\\ Keywords: [[:publications:keywords:distributed-control|distributed control]], [[:publications:keywords:key-management|key management]], [[:publications:keywords:organisational-digital-identity|organisational digital identity]], [[:publications:keywords:security|security]], [[:publications:keywords:threshold-signatures|threshold signatures]], [[:publications:keywords:zero-trust|zero trust]], {{:publications:pdf:2024-caise-bakhtina.pdf|pre-print PDF}}, [[http://dx.doi.org/10.1007/978-3-031-61057-8_28|DOI website]], ++ BibTeX |@InProceedings{2024-caise-bakhtina, title = {The Power of Many: Securing Organisational Identity Through Distributed Key Management}, author = {Mariia Bakhtina and Jan Kvapil and Petr Svenda and Matulevicius Raimundas}, booktitle = {Advanced Information Systems Engineering}, pages = {475--491}, publisher = {Springer Nature Switzerland}, location = {Cham}, isbn = {978-3-031-61057-8}, doi = {10.1007/978-3-031-61057-8_28}, keywords = {distributed control, key management, organisational digital identity, security, threshold signatures, zero trust}, shorttitle = {The Power of Many}, abstract = {Organisational Digital Identity ({ODI}) often relies on the credentials and keys being controlled by a single person-representative. Moreover, some Information Systems ({IS}) outsource the key management to a third-party controller. Both the centralisation and outsourcing of the keys threaten data integrity within the {IS}, allegedly provided by a trusted organisation. Also, outsourcing the control prevents an organisation from cryptographically enforcing custom policies, e.g. time-based, regarding the data originating from it. To address this, we propose a Distributed Key Management System ({DKMS}) that eliminates the risks associated with centralised control over an organisation’s identity and allows organisation-enforceable policies. The {DKMS} employs threshold signatures to directly involve multiple organisation’s representatives (e.g. employees, {IS} components, and external custodians) in data signing on its behalf. The threshold signature creation and, therefore, the custom signing policy inclusion, is fully backwards compatible with commonly used signing schemes, such as {RSA} or {ECDSA}. The feasibility of the proposed system is shown in an example data exchange system, X-Road. The implementation confirms the ability of the design to achieve distributed control over the {ODI} during the operational key phase. Excluding a network delay, the implementation introduces less than 200 ms overhead compared to the built-in signing solution.}, editor = {Guizzardi, Giancarlo and Santoro, Flavia and Mouratidis, Haralambos and Soffer, Pnina}, date = {2024}, langid = {english}, } ++