Extension Mechanism of Overlay Network Protocol to Support Digital Authenticates
Kazushige Matama, Ren Goto, Chihiro Nishiwaki, Katsuhiro Naito
Authors Information |
Citation |
Full Text |
Kazushige Matama
Graduate School of Business Administration and Computer Science, Aichi Institute of Technology, Yakusa, Toyota, Aichi, Japan
Ren Goto
Graduate School of Business Administration and Computer Science, Aichi Institute of Technology, Yakusa, Toyota, Aichi, Japan
Chihiro Nishiwaki
Graduate School of Business Administration and Computer Science, Aichi Institute of Technology, Yakusa, Toyota, Aichi, Japan
Katsuhiro Naito
Faculty of Information Science, Aichi Institute of Technology, Yakusa, Toyota, Aichi, Japan
Cite this paper as:Matama, K., Goto, R., Nishiwaki, C., Naito, K. (2023). Extension Mechanism of Overlay Network Protocol to Support Digital Authenticates.
Journal of Systemics, Cybernetics and Informatics, 21(1), 18-25. https://doi.org/10.54808/JSCI.21.01.18
Online ISSN (Journal): 1690-4524
Abstract
Zero-trust security is a new security model that has recently received much attention. Since the model protects all resources, continuous authentication and authorization of resources are mandatory. Many enterprises currently use cloud systems to manage their resources and provide service. On the other hand, IoT systems typically require cooperation service among IoT devices. As a solution for redundant routes and load on the cloud, a peer-to-peer type system is a good candidate. On the contrary, it requires zero-trust security because each device should guarantee security. Since the authors have proposed and developed CYber PHysical Overlay Network over Internet Communication (CYPHONIC) as a fundamental technology to realize zero-trust security, this paper introduces Public Key Infrastructure (PKI) into CYPHONIC. It proposes an extended device authentication scheme and a key exchange mechanism using digital certificates. According to the PKI mechanism, a certification authority authenticates the system and its authenticity of system, allowing communication with the correct communication partners. The proposed extension performs mutual authentication with digital certificates at the start of communication and secure encryption key exchange for communication between endpoints. We develop the proof of concept of the proposed scheme to confirm the adequacy of the extended mechanisms.