TwinPeaks: A new approach for certificateless public key distribution

Abstract

The current PKI has problems like certificate revocations and fraudulent certificates. To address such issues, we propose TwinPeaks, which is a new infrastructure to distribute public keys of named entities online. TwinPeaks leverages certificateless public key cryptography (CL-PKC), which we extend to make the public key of an entity depend on any combination of its networking parameters; thus TwinPeaks can mitigate spoofing attacks systematically. TwinPeaks needs public key servers, which constitute a DNS-like hierarchical tree. For each parent-child link in the tree, the parent and the child interact in such a way that every named entity has its own public/secret key pair. TwinPeaks removes certificates and hence has no revocation overhead. Instead, each named entity should keep/update its IP address and public key up-to-date in its DNS server and key server, respectively. TwinPeaks also achieves scalable distribution of public keys since public keys can be cached long term without elevating security risks.