Abstract
The use of certificates for secure transactions in smart cards requires the existence of a secure and efficient revocation protocol. There are a number of existing protocols for online certificate revocation and validation, among which OCSP and SCVP are the most widely used. However there are not any real applications testing the efficiency of these protocols when run in a smart card, even though the advantages of such an implementation are promising. In this paper we examine the details of the implementation of these protocols, emphasising on the issues arisen from the limitations of the smart cards. We also discuss the performance results from the implementation of OCSP and SCVP in a multi-application smart card environment. Results from two different Java Card platforms are presented and analyzed.
Chapter PDF
Similar content being viewed by others
References
ANSI. X9.68 — 2001: Digital Certificates for Mobile/Wireless and High Transaction Volume Financial Systems: Part 2: Domain Certificate Syntax. 2001
A. Arnes. Public Key Certificate Revocation Schemes. PhD thesis. Norwegian University of Science and Technology, 2000
A. Deacon and R. Hurst. Lightweight OCSP Profile for High Volume Environments, IETF, 2004
N. Feyt and M. Joye. A Better Use of Smart Cards in PKls. Gemplus Developer Conference, Singapore. Springer Verlag, 2002
P. Hoffman. RFC 2634 — Enhanced Security Services for S/MIME. IETF, 1999
R. Housley. RFC 2630 — Cryptographic Message Syntax. IETF, 1999.
R. Housley, W. Polk, W. Ford and D. Solo. RFC 3280 — Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. IETF, 2002
ISO. ISO/IEC 7816-4, Information technology — Identification cards — Integrated Circuit(s) cards with contacts — Interindustry Commands for Interchange. ISO, 1995
ITU-T Recommendation X.509. Information Technology — Open Systems Interconnection — The Directory: Public-key and attribute certificate frameworks. 1997
ITU-T Recommendation X.681. Information technology — Abstract Syntax Notation One (ASN. 1): Information object specification. 1997
ITU-T Recommendation X.690. Information Technology — ASN. 1 Encoding Rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER). 2002
A. Malpani, R. Housley and T. Freeman. Simple Certificate Validation Protocol (SCVP). IETF, 2003
Microsoft. CAPICOM Reference. http://msdn.microsoft.com/library/en-us/security/ Security/capicom\_reference.asp
M. Montgomery and K. Krishn. Secure Object Sharing in Java Card. USENIX, 1999
M. Myers, R. Ankney, A. Malpani, S. Galperin, C. Adams. RFC 2560 — X.509 Internet Public Key Infrastructure Online Certificate Status Protocol — OCSP. IETF, 1999
M. Myers, A. Malpani, D. Pinkas. X.509 Internet Public Key Infrastructure Online Certificate Status Protocol version 2. IETF, 2002
M. Nyström and J. Brainard. An X.509-Compatible Syntax for Compact Certificates. In Proc. Int. Exhibition and Congress on Secure Networking’ 99, Springer-Verlag, 1999
Open Mobile Alliance. OCSP Protocol Mobile Profile Candidate V1.0, 2004
PC/SC Workgroup. Interoperability Specification for ICCs and Personal Computer Systems. http://www.pcscworkgroup.com/, 1997
J-J. Quisquater and M. De Soete. Speeding up smart card RSA computations with insecure coprocessors. in Smart Card 2000. Amsterdam, 1991
RSA Labs. PKCS #15 v1.1: Cryptographic Token Information Syntax Standard, 2000
Sun Microsystems. Java Card 2.1.1 Application Programming Interface, Rev. 1.0. 2000
WAP Forum. WAP Certificate and CRL Profiles Specification, 2001
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 International Federation for Information Processing
About this paper
Cite this paper
Papapanagiotou, K., Markantonakis, K., Zhang, Q., Sirett, W.G., Mayes, K. (2005). On the Performance of Certificate Revocation Protocols Based on a Java Card Certificate Client Implementation. In: Sasaki, R., Qing, S., Okamoto, E., Yoshiura, H. (eds) Security and Privacy in the Age of Ubiquitous Computing. SEC 2005. IFIP Advances in Information and Communication Technology, vol 181. Springer, Boston, MA. https://doi.org/10.1007/0-387-25660-1_36
Download citation
DOI: https://doi.org/10.1007/0-387-25660-1_36
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-25658-0
Online ISBN: 978-0-387-25660-3
eBook Packages: Computer ScienceComputer Science (R0)