* **The Power of Many: Securing Organisational Identity Through Distributed Key Management**\\ [[:publications:authors:mariia-bakhtina|Mariia Bakhtina]], [[:publications:authors:jan-kvapil|Jan Kvapil]], [[:publications:authors:petr-svenda|Petr Svenda]] and [[:publications:authors:matulevicius-raimundas|Matulevicius Raimundas]],\\ //Advanced Information Systems Engineering//, Springer Nature Switzerland, 2024, 475--491.\\ Keywords: [[:publications:keywords:distributed-control|distributed control]], [[:publications:keywords:key-management|key management]], [[:publications:keywords:organisational-digital-identity|organisational digital identity]], [[:publications:keywords:security|security]], [[:publications:keywords:threshold-signatures|threshold signatures]], [[:publications:keywords:zero-trust|zero trust]], {{:publications:pdf:2024-caise-bakhtina.pdf|pre-print PDF}}, [[http://dx.doi.org/10.1007/978-3-031-61057-8_28|DOI website]], ++ BibTeX |@InProceedings{2024-caise-bakhtina,
title = {The Power of Many: Securing Organisational Identity Through Distributed Key Management},
author = {Mariia Bakhtina and Jan Kvapil and Petr Svenda and Matulevicius Raimundas},
booktitle = {Advanced Information Systems Engineering},
pages = {475--491},
publisher = {Springer Nature Switzerland},
location = {Cham},
isbn = {978-3-031-61057-8},
doi = {10.1007/978-3-031-61057-8_28},
keywords = {distributed control, key management, organisational digital identity, security, threshold signatures, zero trust},
shorttitle = {The Power of Many},
abstract = {Organisational Digital Identity ({ODI}) often relies on the credentials and keys being controlled by a single person-representative. Moreover, some Information Systems ({IS}) outsource the key management to a third-party controller. Both the centralisation and outsourcing of the keys threaten data integrity within the {IS}, allegedly provided by a trusted organisation. Also, outsourcing the control prevents an organisation from cryptographically enforcing custom policies, e.g. time-based, regarding the data originating from it. To address this, we propose a Distributed Key Management System ({DKMS}) that eliminates the risks associated with centralised control over an organisation’s identity and allows organisation-enforceable policies. The {DKMS} employs threshold signatures to directly involve multiple organisation’s representatives (e.g. employees, {IS} components, and external custodians) in data signing on its behalf. The threshold signature creation and,
therefore, the custom signing policy inclusion, is fully backwards compatible with commonly used signing schemes, such as {RSA} or {ECDSA}. The feasibility of the proposed system is shown in an example data exchange system, X-Road. The implementation confirms the ability of the design to achieve distributed control over the {ODI} during the operational key phase. Excluding a network delay, the implementation introduces less than 200 ms overhead compared to the built-in signing solution.},
editor = {Guizzardi, Giancarlo and Santoro, Flavia and Mouratidis, Haralambos and Soffer, Pnina},
date = {2024},
langid = {english},
}
++