Trusted Principal-Hosted Certificate Revocation
نویسندگان
چکیده
Public Key Infrastructure is a key infrastructure for secure and trusted communication on the Internet. This paper revisits the problem of providing timely certificate revocation focusing on the needs of mobile devices. We survey existing schemes then present a new approach where the principal’s server functions as the directory for its own revocation information. We evaluate the properties and trust requirements in this approach, and propose two new schemes, CREV-I and CREV-II, which meet the security requirements and performance goals. Evaluation of CREV shows it is more lightweight on the verifier and more scalable at the CA and the principals while providing near real-time revocation.
منابع مشابه
Simple and Flexible Private Revocation Checking
Digital certificates signed by trusted certification authorities (CAs) are used for multiple purposes, most commonly for secure binding of public keys to names and other attributes of their owners. Although a certificate usually includes an expiration time, it is not uncommon that a certificate needs to be revoked prematurely. For this reason, whenever a client (user or program) needs to assert...
متن کاملSimple and Flexible Privacy-Preserving Revocation Checking
Digital certificates signed by trusted certification authorities (CAs) are used for multiple purposes, most commonly for secure binding of public keys to names and other attributes of their owners. Although a certificate usually includes an expiration time, it is not uncommon that a certificate needs to be revoked prematurely. For this reason, whenever a client (user or program) needs to assert...
متن کاملSimple and Flexible Revocation Checking with Privacy
Digital certificates signed by trusted certification authorities (CAs) are used for multiple purposes, most commonly for secure binding of public keys to names and other attributes of their owners. Although a certificate usually includes an expiration time, it is not uncommon that a certificate needs to be revoked prematurely. For this reason, whenever a client (user or program) needs to assert...
متن کاملA localized certificate revocation scheme for mobile ad hoc networks
The issue of certificate revocation in mobile ad hoc networks (MANETs) where there are no on-line access to trusted authorities, is a challenging problem. In wired network environments, when certificates are to be revoked, certificate authorities (CAs) add the information regarding the certificates in question to certificate revocation lists (CRLs) and post the CRLs on accessible repositories o...
متن کاملStudy and Analysis on Certificate Revocation in MANETS
In Mobile Ad hoc Networks (MANETs), certification systems play an important role to achieve network security. Handling the issue of certificate revocation in wired network is somewhat easy compared to the MANETs. In wired network when the certificate of a malicious node get revoked then the certificate authorities add the information about the revoked node in to certificate revocation lists (CR...
متن کامل