Professional Documents
Culture Documents
3. IMPLEMENTATION OF PKI
In this paper we implement PKI based on transport layer
security. The implementation of this is done with a Figure 6 Illustrates certification path [26]
Volume 6, Issue 5, September October 2017 Page 85
International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)
Web Site: www.ijettcs.org Email: editor@ijettcs.org
Volume 6, Issue 5, September- October 2017 ISSN 2278-6856
<Connector port="9090"
maxThreads=" 150" minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true" Figure 9 Sample code for certification validation
acceptCount=" 1 00" debug="O" scheme="https" secure="true"
clientAuth= "true" sslProtoco 1= "TLS" As part of the PKI, we have implemented a prototype
keystoreFile=" conf/tomcat.jks" keystorePass=" 4321"
application that has provisions to end user to communicate
keystoreType=" JKS"
truststoreFile=" conf/truststore .jks" with server using TSL that provide complete security in
truststorePass="4321" truststoreType="JKS"/> communications. The results revealed that our application
Listing 1 Illustrates the configuration of TLS in is effective and the API used using Java programming
server.xml language is able to support TSL which ensure fool proof
security in PKI.
The certification path generation code is used to generate
certification path which makes use of the standard 4. A STANDALONE PKI PROTOTYPE
java.security.cert.X509Certificate. The sample code is as
In this section we provide our standalone PKI prototype
shown in listing Figure 7. which has been built with graphical user interface. The
application demonstrates PKI infrastructure that facilitates
key generation, digital signature generation, and
verification and so on. The key pairs are generated using
DSA algorithm. The DSA algorithm also supports
generation of digital signatures and verifying them later.
All these operations are supported by the prototype which
is part of public key infrastructure. KeyPairGenerator class
of java.security package is used to build public key
infrastructure. The KeyPairGenerator class is capable of
Figure 7 Code for certification path generation supporting algorithms presented in Table 2.
Afterwards, fetching certificate chain from a key store Table 2 Algorithms supported by KeyPairGenerator
needs to be done. This is done using CertificateFactory ALGORITHM PURPOSE
class in Java. The sample code is presented in Figure 8. DiffieHellman Generates key pairs for algorithm
named DiffieHellman.
DSA Generates key pairs for the algorithm
named Digital Signature Algorithm
(DSA).
RSA Generates key pairs for the algorithm
named RSA.
EC Generates key pairs for the algorithm
named Elliptic Curve.
5. CONCLUSION
We studied cryptography which is in the form of
symmetric cryptography and asymmetric cryptography.
Then we also studied PKI systems in the world and their
real time usage. The PKI is capable of using digital
certificates that guarantee authentication of users who
involve in transactions of real world applications. We built
a framework for PKI and implemented it using Java
programming language. The PKI API provided by Java is
used in order to achieve the secure communication. We
used Tomcat server to configure TSL for PKI
authentication and other security mechanisms. We built a
prototype application that demonstrates the proof of
concept. We also built a standalone prototype that is user-
Figure 10 Key and digital signature generation friendly and simple to shows the efficiency of the public
key infrastructure. The empirical results revealed that the
application is useful to have secure communications
As can be seen in Figure 10, it is evident that two keys are
without the need for sharing security keys explicitly.
generated namely private key and public key. The sender
as shown creates digital signature after giving some
identity information to the system. Figure 11 shows the
References
successful verification of digital signatures.
[1] Vic Patel and Tom McParland. (2001). PUBLIC
KEY INFRASTRUCTURE FOR AIR TRAFFIC
MANAGEMENT SYSTEMS. IEEE. p1-7.
[2] JohnpelQuingua. (2013). Public Key Infrastructure.
Available:http://www.johnpelquingua.com/introducti
on-public-key-infrastructure/ Last accessed 5th Mar
2013.
[3] Diffie, W. and Hellman, M. E.,(1976) New Directions
in Cryptography. IEEE Transactions on
Information Theory,22 , pp. 644-654.
[4] Rivest, R., Shamir, A. and Adleman, L.,(1978) A
Method for Obtaining Digital Signatures and Public
Key Cryptosystems. Communications of the ACM,
21, pp. 120-126.
Figure 11 Illustrates digital signature verification
[5] Housley, R., Ford, W., Polk, W., and Solo, D., (1999)
succeeded as digital signature is genuine
RFC 2459 "Internet X.509 Public Key
Infrastructure Certificate and CRL Profile"
[6] Adams, C., Farrell, S., (1999) RFC 2510, Internet
X.509Public Key Infrastructure Certificate
Management Protocols".
[7] Myers, M., Adams, C., Solo, D., and Kemp,
D.,(1999) RFC 2511, "Internet X.509 Certificate
Request Message Format".
[8] Housley, R., and Hoffman, P.,(1998) RFC 2585,
"Internet X.509 Public Key Infrastructure Operational
Protocols: FTP and HTTP".
[9] Indrasenareddy,Bhat and Rajiv,(2011). Establishment
of Public key Infrastructure for Digital
Figure 12 Illustrates key verification failed as the Signatures, Vol.2,No.6,pp 33-43.
signature is invalid [10] David J. Malan, Matt Welsh, Michael D. Smith.
(2004). A Public-Key Infrastructure for Key
The standalone prototype has demonstrated the public key Distribution in TinyOS Based on Elliptic Curve
infrastructure with a simple user-friendly simple Java Cryptography. IEEE. p71-80.
application. This infrastructure can be used in enterprise [11] N.P. Smart and Henk L. Muller. (2000). A wearable
public key infrastructure (WPKI). IEEE. p127-133.