Abstract
Efficient and timely distribution of certificate revocation information is a major challenge currently facing the providers of Public-key Infrastructure (PKI). All of the current schemes, including the Certificate Revocation List (CRL) and its variants, place a considerable processing, communication, and storage overhead on the infrastructure elements (e.g., Certification Authorities (CAs) and its repositories) as well as the relying parties. In this paper, we describe schemes to improve the current situation using recertification concept. Here, a certificate needs to be recertified frequently after its initial issuance. As a consequence, the size of the CRLs get much shorter and subsequently it is possible to publish them more frequently. In addition, it provides opportunities to offer different types of services (with different QoS requirements) to a relying party. For example, it is possible for a relying party to completely place the burden of proof of a certificate non-revocation on the certificate-holder itself. Alternately, for high-valued transactions, it may verify itself as is done in current systems. In addition to the basic protocol, we describe an implementation scheme and the performance gains due to the recertification process. The proposed protocols work within the current PKI standards (e.g., X.509).
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35697-6_26
Chapter PDF
Similar content being viewed by others
Keywords
References
Adams, C. and S. Farell, IETF RFC 2510 Internet X.509 public key infrastructure certificate management protocols, www.ietf.org/rfc/rfc2510.txt 1999.
Adams, C., S. Lloyd and S. Kent, Understanding Public-Key Infrastructure: Concepts, Standards and Deployment Considerations. Macmillan Technical Publishing, 1999.
Chadwick, D.W., An X.509 Role-based privilege management infrastructure, Business Briefing: Global Infosecurity 2002, www.technologybriefing.com/businessbriefing/ pdf/Infosec2002/, 2002.
Denker, G., J. Millen and Y. Miyake, PKI and revocation survey, SRI Technical Report, SRI-CSL-2000–01, 2000.
Kocher, P.C., On certificate revocation and validation, Proceedings of the Second International Conference on Financial Cryptography (FC’98), Anguilla, British West Indies, Lecture Notes in Computer Science (LNCS 1465), Springer-Verlag, pp. 172–177, 1998.
Mukkamala, R. and S. Jajodia, A novel approach to certificate revocation management, Proceedings of the IFIP WG 11.3 Working Conference on Database and Applications Security, Niagara-on-the-lake, Ontario, pp. 223–238, 2001.
Mukkamala, R., S.K. Das and M. Halappanavar, Recertification: A technique to improve services in public-key infrastructure, Proceedings of the IFIP WG 11.3 Working Conference on Database and Applications Security, King’s College, Cambridge, England, pp. 277–294, 2002.
Myers, M., Revocation: Options and challenges, Proceedings of the Second International Conference on Financial Cryptography (FC’98), Anguilla, British West Indies, Lecture Notes in Computer Science (LNCS 1465), Springer-Verlag, pp. 165–171, 1998.
Nash, A., W. Duane, C. Joseph and D. Brink, PKI: Implementing and Managing Security, Osborne/Mc-Graw Hill, 2001.
Naur, M. and K. Nissim, Certificate revocation and certificate update, IEEE Journal on Selected Areas in Communications, 18 (4), pp. 561–570, 2000.
Rivest, R.L., Can we eliminate certificate revocation lists? Proceedings of the Second International Conference on Financial Cryptography (FC’98), Anguilla, British West Indies, Lecture Notes in Computer Science (LNCS 1465), Springer-Verlag, pp. 178–183, 1998.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Mukkamala, R., Das, S., Halappanavar, M. (2003). Recertification: A Technique to Improve Services in PKI. In: Gudes, E., Shenoi, S. (eds) Research Directions in Data and Applications Security. IFIP — The International Federation for Information Processing, vol 128. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35697-6_20
Download citation
DOI: https://doi.org/10.1007/978-0-387-35697-6_20
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-6413-0
Online ISBN: 978-0-387-35697-6
eBook Packages: Springer Book Archive