A Certificate Revocation Scheme for a Large-Scale Highly Replicated Distributed System
نویسندگان
چکیده
A common way to protect objects in distributed systems is to issue authorization certificates to users, which they present to gain access. In some situations a way is needed to revoke existing certificates. Current methods, such as having a master revocation list, have been designed to work efficiently with identity certificates, and do not take into account the delegation of certificate-issuing rights required when implementing complex administrative hierarchies for large distributed applications. In this paper we present a novel mechanism for revoking authorization certificates based on clustering users and servers, and present arguments showing that it is more efficient than other methods. We also discuss a way for probabilistically auditing the use of the revocation mechanism proposed to reduce the chances of any component behaving maliciously.
منابع مشابه
An Efficient Certificate Revocation and Verification Scheme from Multi-Hashing
Even though Public Key Infrastructure (PKI) and X.509 certificate has been a prominent security model for a variety of e-commerce applications and large scale distributed computing, it has not been sufficiently investigated in the certificate revocation and verification mechanism. In this paper, we discuss the need and importance of certificate revocation and verification, and analyze the limit...
متن کاملA Node Revocation Scheme Using Public-Key Cryptography in Wireless Sensor Networks
Generally deployed in an unattended environment, a sensor network can be easily assaulted or compromised by adversaries. Network security becomes a major problem. A distributed node revocation scheme is effective in reducing the damages a compromised node may cause to a sensor network, but its operation tends to consume large-scale memory space of the hardware-constrained sensor nodes. To reduc...
متن کاملA distributed ocsp framework for ad-hoc networks
Many solutions for establishing trust in mobile ad hoc networks (MANETs) involve public key cryptography. Most of these solutions, including proposals for routing protocols, suggest the deployment of public key certificates. An efficient mechanism for certificate revocation and validation is essential in every system that uses certificates. Consequently, such a scheme is required for MANETs, to...
متن کاملBroadcasting Message Authentication Protocol for Vehicular Ad Hoc Networks Using Cluster Technique
It is well recognized that security plays a vital for the trustworthy operation of vehicular ad hoc networks (VANETs). One of the critical sanctuary issues is the revocation of misbehaving vehicles, which is essential for the prevention of malicious vehicles from other vehicles. Vehicular ad hoc networks (VANETs) adopt the Public Key infrastructure (PKI) and Certificate Revocation Lists (CRLs) ...
متن کاملCluster Based Certificate Revocation Scheme in Mobile Ad Hoc Networks
Mobile ad hoc networks (MANETs) have attracted more attention due to their mobility and simplicity of arrangement. However, the wireless and dynamic nature renders them more suspicious to various types of security attacks than the wired networks. To meet these challenges, certificate revocation is an important component for secure network communications. Certificate revocation is used to segreg...
متن کامل