Certificate Revocation Using Fine Grained Certificate Space Partitioning
نویسنده
چکیده
A new certificate revocation system is presented. The basic idea is to divide the certificate space into several partitions, the number of partitions being dependent on the PKI environment. Each partition contains the status of a set of certificates. A partition may either expire or be renewed at the end of a time slot. This is done efficiently using hash chains. We evaluate the performance of our scheme following the framework and numbers used in previous papers. We show that for many practical values of the system parameters, our scheme is more efficient than the three well known certificate revocation techniques: CRL, CRS and CRT. Our scheme aims to strike the right balance between CA to directory communication costs and query costs by carefully selecting the number of partitions.
منابع مشابه
Intrusion prevention and Message Authentication Protocol (IMAP) using Region Based Certificate Revocation List Method in Vehicular Ad hoc Networks
Vehicular Ad-hoc network uses some advanced Public Key Infrastructure and digital signature method for security. But, intrusion detection and avoidance is an inevitable challenge in networks. Authentication is performed in any PKI (Public Key Infrastructure) system by checking if the certificate of the sender is included in the CRL (Certificate Revocation List) and verifying the authenticity an...
متن کاملIdentity-Based Mediated RSA
Identity-based encryption (IBE) [5] and digital signatures are important tools in modern secure communication. In general, identity-based cryptographic methods facilitate easy introduction of public key cryptography by allowing an entity’s public key to be derived from some arbitrary identification value such as an email address or a phone number. Identity-based cryptography greatly reduces the...
متن کاملA Model to Evaluate Certificate Revocation
This paper presents a model to evaluate certificate revocation using certificate revocation lists (CRL's) of the X.509 standard. The model shows the relationship between the number of users managed by a Certificate Authorities (CA) and the size of the revocation lists, the computation power of the CA and the necessary bandwidth to access the revoked certificates.
متن کاملUsing CRL Push Delivery for Efficient Certificate Revocation Information Distribution in Grids
Checking revocation information is necessary to prevent from using digital certificates whose contents become invalid. In current system either periodical retrieval of Certificate Revocation Lists (CRLs) or the Online Certificate Status Protocol (OCSP) are the most common mechanisms to access revocation information issued by the certification authorities. As both these approaches pose problems ...
متن کاملReducing Certificate Revocating Cost using NPKI
Problems with certificate revocation status control limit the deployment of Public Key Infrastructure (PKI). Classical certificate paths require revocation control of all certificates on the path. In this paper, we show how the recently proposed NPKI (Nested certificate based PKI) system reduces the number of revocation status controls to at most two. Our analysis also shows that NPKI is not as...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2007