{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T04:36:21Z","timestamp":1760243781213,"version":"build-2065373602"},"reference-count":25,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2011,2,1]],"date-time":"2011-02-01T00:00:00Z","timestamp":1296518400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/3.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"<jats:p>In this article, a security extension for the HiiMap Next Generation Internet Architecture is presented. We regard a public key infrastructure which is integrated into the mapping infrastructure of the locator\/identifier-split addressing scheme. The security approach is based on Threshold Cryptography which enables a sharing of keys among the mapping servers. Hence, a more trustworthy and fair approach for a Next Generation Internet Architecture as compared to the state of the art approach is fostered. Additionally, we give an evaluation based on IETF AAA recommendations for security-related systems.<\/jats:p>","DOI":"10.3390\/fi3010014","type":"journal-article","created":{"date-parts":[[2011,2,1]],"date-time":"2011-02-01T11:24:19Z","timestamp":1296559459000},"page":"14-30","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["A Distributed Public Key Infrastructure Based on Threshold Cryptography for the HiiMap Next Generation Internet Architecture"],"prefix":"10.3390","volume":"3","author":[{"given":"Oliver","family":"Hanka","sequence":"first","affiliation":[{"name":"Institute for Communication Networks, Technische Universit\u00e4t M\u00fcnchen, 80333 Munich, Germany"}]},{"given":"Michael","family":"Eichhorn","sequence":"additional","affiliation":[{"name":"Institute for Media Technology, Technische Universit\u00e4t M\u00fcnchen, 80333 Munich, Germany"}]},{"given":"Martin","family":"Pfannenstein","sequence":"additional","affiliation":[{"name":"Institute for Media Technology, Technische Universit\u00e4t M\u00fcnchen, 80333 Munich, Germany"}]},{"given":"J\u00f6rg","family":"Ebersp\u00e4cher","sequence":"additional","affiliation":[{"name":"Institute for Communication Networks, Technische Universit\u00e4t M\u00fcnchen, 80333 Munich, Germany"}]},{"given":"Eckehard","family":"Steinbach","sequence":"additional","affiliation":[{"name":"Institute for Media Technology, Technische Universit\u00e4t M\u00fcnchen, 80333 Munich, Germany"}]}],"member":"1968","published-online":{"date-parts":[[2011,2,1]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Hanka, O., Kunzmann, G., Splei\u00df, C., Ebersp\u00e4cher, J., and Bauer, A. (2009, January 14\u201317). HiiMap: Hierarchical Internet Mapping Architecture. Beijing, China.","DOI":"10.1109\/ICFIN.2009.5339608"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Meyer, D., Zhang, L., and Fall, K. (2007). Report from the IAB Workshop on Routing and Addressing. IETF, RFC 4984.","DOI":"10.17487\/rfc4984"},{"key":"ref_3","unstructured":"Calhoun, P., Hiller, T., and McCann, P. (2000). Criteria for Evaluating AAA protocols for Network Access. IETF, RFC 3127."},{"key":"ref_4","unstructured":"Union. I.T. Telecommunication Standardization Sector (ITU-T). Available online: http:\/\/www.itu.int\/ITU-T\/ (accessed on 29 January 2011)."},{"key":"ref_5","unstructured":"ITU-T ITU-T Recommendation X.805\u2014Security architecture for systems providing end-to-end communications. Available online: http:\/\/www.itu.int\/itudoc\/itu-t\/aap\/sg17aap\/history\/x805\/index.html\/ (accessed on 29 January 2011)."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Housley, R., Ford, W., Polk, W., and Solo, D. (1999). Internet X.509 Public Key Infrastructure Certificate and CRL Profile. IETF, RFC 2459.","DOI":"10.17487\/rfc2459"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Housley, R., Polk, W., Ford, W., and Solo, D. (2002). Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. IETF, RFC 3280.","DOI":"10.17487\/rfc3280"},{"key":"ref_8","first-page":"1","article-title":"Ten Risks of PKI: What You're Not Being Told About Public Key Infrastructure","volume":"16","author":"Ellsion","year":"2000","journal-title":"Comput. Secur. J."},{"key":"ref_9","unstructured":"Moskowitz, R., and Nikander, P. (2006). Host Identity Protocol. IETF, RFC 4423."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Andersen, D.G., Balakrishnan, H., Feamster, N., Koponen, T., Moon, D., and Shenker, S. (2008, January 17\u201322). Accountable internet protocol (AIP). Seattle, WA, USA.","DOI":"10.1145\/1402958.1402997"},{"key":"ref_11","unstructured":"Aura, T. (2003). Information Security, Lecture Notes in Computer Science, Springer."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"612","DOI":"10.1145\/359168.359176","article-title":"How to share a secret","volume":"22","author":"Shamir","year":"1979","journal-title":"Commun. ACM"},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Arends, R., Austein, R., Larson, M., Massey, D., and Rose, S. (2005). DNS security introduction and requirements. IETF, RFC 4033.","DOI":"10.17487\/rfc4033"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Arends, R., Austein, R., Larson, M., Massey, D., and Rose, S. (2005). Resource records for the DNS security extensions. IETF, RFC 4034.","DOI":"10.17487\/rfc4034"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Arends, R., Austein, R., Larson, M., Massey, D., and Rose, S. (2005). Protocol modifications for the DNS security extensions. IETF, RFC 4035.","DOI":"10.17487\/rfc4035"},{"key":"ref_16","unstructured":"Bernstein, D., and DNSCurve Available online: http:\/\/www.dnscurve.org\/ (accessed on 29 January 2011)."},{"key":"ref_17","unstructured":"VeriSign VeriSign Root Zone Signing Proposal. Available online: http:\/\/www.ntia.doc.gov\/DNS\/VeriSignDNSSECProposal.pdf\/ (accessed on 29 January 2011)."},{"key":"ref_18","unstructured":"Cachin, C., and Samar, A. (July, January 28). Secure Distributed DNS. Florence, Italy."},{"key":"ref_19","unstructured":"Okubo, T., Ljunggren, F., Lamb, R., and Schlyter, J. DNSSEC Practice Statement for the Root Zone ZSK Operator. Available online: https:\/\/www.verisign.com\/repository\/dnssec-practice-statement-root-zone-zsk-operator.pdf\/ (accessed on 29 January 2011)."},{"key":"ref_20","unstructured":"Root Server Technical Operations Association Available online: http:\/\/www.root-servers.org\/ (accessed on 29 January 2011)."},{"key":"ref_21","unstructured":"Kong, J.S., Bridgewater, J.S.A., and Roychowdhury, V.P. A General Framework for Scalability and Performance Analysis of DHT Routing Systems."},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Monnerat, L.R., and Amorim, C.L. (2006, January 25\u201329). D1HT: A Distributed One Hop Hash Table. Rhodes Island, Greece.","DOI":"10.1109\/IPDPS.2006.1639278"},{"key":"ref_23","unstructured":"Fritz, W., and Hanka, O. Smart Card Based Security in Locator\/Identifier-Split Architectures."},{"key":"ref_24","unstructured":"G-Lab Available online: http:\/\/www.german-lab.de\/ (accessed on 29 January 2011)."},{"key":"ref_25","unstructured":"EENOVA SEIS (Security in Embedded IP-based Systems). Available online: http:\/\/www.strategiekreis-elektromobilitaet.de\/projekte\/seis\/ (accessed on 29 January 2011)."}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/3\/1\/14\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T21:55:09Z","timestamp":1760219709000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/3\/1\/14"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011,2,1]]},"references-count":25,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2011,3]]}},"alternative-id":["fi3010014"],"URL":"https:\/\/doi.org\/10.3390\/fi3010014","relation":{},"ISSN":["1999-5903"],"issn-type":[{"type":"electronic","value":"1999-5903"}],"subject":[],"published":{"date-parts":[[2011,2,1]]}}}