Abstract
Interoperability issues between different implementations in large-scale systems is one of the major reasons for increased effort during system test. This paper addresses this problem in the context of the Online Certificate Status Protocol (OCSP) in a Public Key Infrastructure (PKI), which is part of the certificate verification process of many components. The high interconnection of OCSP clients and server increases the complexity of system tests to ensure interoperation. This paper provides a component based testing method for clients and servers using OCSP exemplified by testing PKI components of a nationwide IT infrastructure. The method ensures high interoperability requirements of large-scale infrastructures during component tests and reduces efforts for test execution.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Bickenbach, H.-J., Brauckmann, J., Giessler, A., Horváth, T., Knobloch, H.-J.: Common PKI specifications for interoperable applications (2009)
Binder, R.V.: Testing object-oriented software: a survey. Software Testing, Verification and Reliability 6(3-4), 125–252 (1996)
Brauckmann, J., Alfred, G., Horváth, T., Knobloch, H.-J.: Common PKI specifications for interoperable applications - test specification (2004)
European Telecommunications Standards Institute. ETSI technical specification TS 102 231 - provision of harmonized trust service provider TSP status information (2006)
Freeman, T., Housley, R., Malpani, A., Cooper, D., Polk, W.: Server-Based Certificate Validation Protocol (SCVP) (2007)
gematik - Gesellschaft für Telematikanwendungen der Gesundheitskarte mbH. Einführung der Gesundheitskarte – Verzeichnisdienstkonzept der gematik-Bridge-CA (2008)
Housley, R., Polk, W., Ford, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile (2002)
Iliadis, J., Spinellis, D., Gritzalis, D., Preneel, B., Katsikas, S.: Evaluating certificate status information mechanisms. In: CCS 2000: Proceedings of the 7th ACM Conference on Computer and Communications Security, pp. 1–8. ACM, New York (2000)
ISO/IEC 9646-1:1994. Part 1: General concepts: Information technology – Open Systems Interconnection – Conformance testing methodology and framework. International Organization for Standardization, Geneva, Switzerland
Janssen, M., Scholl, H.J.J.: Interoperability for electronic governance. In: ICEGOV 2007: Proceedings of the 1st International Conference on Theory and Practice of Electronic Governance, pp. 45–48. ACM, New York (2007)
Japan Network Security Association. Challenge PKI project - the multidomain PKI interoperability framework
Kang, S.: Relating interoperability testing with conformance testing. In: The Bridge to Global Integration Global Telecommunications Conference, 1998. GLOBECOM 1998, vol. 6, pp. 3768–3773. IEEE, Los Alamitos (1998)
Kocher, P.C.: On Certificate Revocation and Validation. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 172–177. Springer, Heidelberg (1998)
Lioy, A., Marian, M., Moltchanova, N., Pala, M.: The EuroPKI experience. In: Katsikas, S.K., Gritzalis, S., López, J. (eds.) EuroPKI 2004. LNCS, vol. 3093, pp. 14–27. Springer, Heidelberg (2004)
Moseley, S., Randall, S., Wiles, A.: In pursuit of interoperability. International Journal IT Standards and Standardization Research 2(2), 34–48 (2004)
Munoz, J.L., Forne, J., Castro, J.C.: Evaluation of certificate revocation policies: OCSP vs. Overissued-CRL. In: Proceedings of 13th International Workshop on Database and Expert Systems Applications, pp. 511–515 (2002)
Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP (1999)
Radatz, J.: IEEE standard glossary of software engineering terminology. Technical report (1990)
Sengupta, B., Chandra, S., Sinha, V.: A research agenda for distributed software development. In: ICSE 2006: Proceedings of the 28th International Conference on Software Engineering, pp. 731–740. ACM, New York (2006)
Seol, S., Kim, M., Chanson, S., Kang, S.: Interoperability test generation and minimization for communication protocols based on the multiple stimuli principle. IEEE Journal on Selected Areas in Communications 22(10), 2062–2074 (2004)
Slagell, A.J., Bonilla, R.: PKI scalability issues. CoRR, cs.CR/0409018 (2004)
Stevens, M., Lenstra, A., Weger, B.: Chosen-prefix collisions for md5 and colliding x.509 certificates for different identities. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 1–22. Springer, Heidelberg (2007)
Wohlmacher, P.: Digital certificates: a survey of revocation methods. In: MULTIMEDIA 2000: Proceedings of the 2000 ACM Workshops on Multimedia, pp. 111–114. ACM, New York (2000)
Zhong, N., He, Z.-w., Kuang, J.-m.: A generic formal framework for protocol interoperability test and test cases minimization. In: AST 2008: Proceedings of the 3rd International Workshop on Automation of Software Test, pp. 57–61. ACM, New York (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Schanes, C., Mauczka, A., Kirchengast, U., Grechenig, T., Marx, S. (2010). Nationwide PKI Testing – Ensuring Interoperability of OCSP Server and Client Implementations Early during Component Tests. In: Martinelli, F., Preneel, B. (eds) Public Key Infrastructures, Services and Applications. EuroPKI 2009. Lecture Notes in Computer Science, vol 6391. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16441-5_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-16441-5_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16440-8
Online ISBN: 978-3-642-16441-5
eBook Packages: Computer ScienceComputer Science (R0)