H-OCSP: A protocol to reduce the processing burden in online certificate status validation

Authors:
Jose L. Muñoz;Oscar Esparza;Jordi Forné;Esteve Pallares
Affiliations:
Technical University of Catalonia, Barcelona, Spain 08034;Technical University of Catalonia, Barcelona, Spain 08034;Technical University of Catalonia, Barcelona, Spain 08034;Technical University of Catalonia, Barcelona, Spain 08034
Venue:
Electronic Commerce Research
Year:
2008

Citing 10
Cited 1

Data Structures and Algorithms

Data Structures and Algorithms
On Certificate Revocation and Validation

FC '98 Proceedings of the Second International Conference on Financial Cryptography
A Model of Certificate Revocation

ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants

Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Efficient Certificate Revocation

Efficient Certificate Revocation
Certificate revocation system implementation based on the Merkle hash tree

International Journal of Information Security
Minimizing TTP's involvement in signature validation

International Journal of Information Security
Evaluation of certificate validation mechanisms

Computer Communications
Towards a framework for evaluating certificate status information mechanisms

Computer Communications
Certificate revocation and certificate update

IEEE Journal on Selected Areas in Communications

Digital certificate management for document workflows in E-government services

EGOV'10 Proceedings of the 9th IFIP WG 8.5 international conference on Electronic government

Quantified Score

Hi-index	0.00

Visualization

Abstract

Public-key cryptography is widely used as the underlying mechanism for securing many protocols and applications in the Internet. A Public Key Infrastructure (PKI) is required to securely deliver public-keys to widely-distributed users or systems. The public key is usually made public by means of a digital document called certificate. Certificates are valid during a certain period of time; however, there are circumstances under which the validity of a certificate must be terminated sooner than assigned and thus, the certificate needs to be revoked. The Online Certificate Status Protocol (OCSP) is one of the most used protocols for retrieving certificate status information from the PKI. However, the OCSP protocol requires online signatures, which is a costly operation. In this article, we present an improvement over OCSP based on hash chains that reduces the processing burden in the server which in turn provides an additional protection against attacks based on flooding of queries.