Abstract
Public Key Infrastructure is a key infrastructure for secure and trusted communication on the Internet. This paper revisits the problem of providing timely certificate revocation focusing on the needs of mobile devices. We survey existing schemes then present a new approach where the principal’s server functions as the directory for its own revocation information. We evaluate the properties and trust requirements in this approach, and propose two new schemes, CREV-I and CREV-II, which meet the security requirements and performance goals. Evaluation of CREV shows it is more lightweight on the verifier and more scalable at the CA and the principals while providing near real-time revocation.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Lopez, J., Oppliger, R., Pernul, G.: Why Have Public Key Infrastructures Failed so Far? Internet Research 15(5), 544–556 (2005)
Gutmann, P.: PKI: It’s Not Dead, Just Resting. Computer 35(8), 41–49 (2002)
ITU-T Recommendation X.509: Information Technology - Open Systems Interconnection - The Directory: Public-key and Attribute Certificate Frameworks (2000)
Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., Polk, W.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280 (2008)
Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP. RFC 2560 (1999)
VeriSign, Inc., VeriSign Certification Practice Statement Version 3.8.1 (2009)
Iliadis, J., Gritzalis, S., Spinellis, D., de Cock, D., Preneel, B., Gritzalis, D.: Towards a Framework for Evaluating Certificate Status Information Mechanisms. Computer Communications 26(16), 1839–1850 (2003)
Micali, S.: Efficient Certificate Revocation. Technical report, MIT-LCS-TM-542b, Massachusetts Institute of Technology (1996)
Micali, S.: NOVOMODO: Scalable Certificate Validation and Simplified PKI Management. In: PKI Research Workshop (2002)
Muñoz, J.L., Forné, J., Esparza, O., Soriano, B.M.: Using OCSP to secure certificate-using transactions in M-commerce. In: Zhou, J., Yung, M., Han, Y. (eds.) ACNS 2003. LNCS, vol. 2846, pp. 280–292. Springer, Heidelberg (2003)
Berbecaru, D.: MBS-OCSP: An OCSP based Certificate Revocation System for Wireless Environments. In: Signal Processing and Information Technology (2004)
Aiello, W., Lodha, S., Ostrovsky, R.: Fast digital identity revocation. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, p. 137. Springer, Heidelberg (1998)
Kocher, P. C.: On Certificate Revocation and Validation. In: Financial Cryptography (1998)
Naor, M., Nissim, K.: Certificate Revocation and Certificate Update. In: USENIX Security (1998)
Goyal, V.: Certificate Revocation Using Fine Grained Certificate Space Partitioning. In: Financial Cryptography and Data Security (2007)
Solworth, J. A.: Instant Revocation. In: European PKI workshop on Public Key Infrastructure: Theory and Practice (2008)
Solworth, J. A.: Beacon Certificate Push Revocation. In: Computer Security Architecture Workshop (2008)
Scheibelhofer, K.: PKI without Revocation Checking. In: PKI R&D Workshop (2005)
Lioy, A., Marian, M., Moltchanova, N., Pala, M.: PKI Past, Present and Future. International Journal of Information Security 5, 18–29 (2006)
Lim, T.-L., Lakshminarayanan, A.: On the Performance of Certificate Validation Schemes Based on Pre-Computed Responses. In: GLOBECOM (2007)
Zheng, P.: Tradeoffs in Certificate Revocation Schemes. ACM Computer Communication Review 33(2), 103–112 (2003)
Perlines Hormann, T., Wrona, K., Holtmanns, S.: Evaluation of Certificate Validation Mechanisms. Computer Communications 29(3), 291–305 (2006)
Jakobsson, M.: Fractal Hash Sequence Representation and Traversal. IEEE International Symposium on Information Theory, 437–444 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 International Federation for Information Processing
About this paper
Cite this paper
Sufatrio, Yap, R.H.C. (2011). Trusted Principal-Hosted Certificate Revocation. In: Wakeman, I., Gudes, E., Jensen, C.D., Crampton, J. (eds) Trust Management V. IFIPTM 2011. IFIP Advances in Information and Communication Technology, vol 358. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22200-9_15
Download citation
DOI: https://doi.org/10.1007/978-3-642-22200-9_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22199-6
Online ISBN: 978-3-642-22200-9
eBook Packages: Computer ScienceComputer Science (R0)