Reducing certificate revocation cost using NPKI
Sec '01 Proceedings of the 16th international conference on Information security: Trusted information: the new decade challenge
Eliminating counterevidence with applications to accountable certificate management
Journal of Computer Security
On the Complexity of Public-Key Certificate Validation
ISC '01 Proceedings of the 4th International Conference on Information Security
Fine-grained control of security capabilities
ACM Transactions on Internet Technology (TOIT)
Certificate validation service using XKMS for computational grid
Proceedings of the 2003 ACM workshop on XML security
Use of nested certificates for efficient, dynamic, and trust preserving public key infrastructure
ACM Transactions on Information and System Security (TISSEC)
Trust but verify: accountability for network services
Proceedings of the 11th workshop on ACM SIGOPS European workshop
Strong accountability for network storage
ACM Transactions on Storage (TOS)
Optimized Certificates --- A New Proposal for Efficient Electronic Document Signature Validation
EuroPKI '08 Proceedings of the 5th European PKI workshop on Public Key Infrastructure: Theory and Practice
H-OCSP: A protocol to reduce the processing burden in online certificate status validation
Electronic Commerce Research
Efficient user revocation for privacy-aware PKI
Proceedings of the 5th International ICST Conference on Heterogeneous Networking for Quality, Reliability, Security and Robustness
Certificate revocation release policies
Journal of Computer Security
A practical security framework for a VANET-based entertainment service
Proceedings of the 4th ACM workshop on Performance monitoring and measurement of heterogeneous wireless and wired networks
Evaluation of certificate validation mechanisms
Computer Communications
FastAD: an authenticated directory for billions of objects
ACM SIGOPS Operating Systems Review
Integrity and consistency for untrusted services
SOFSEM'11 Proceedings of the 37th international conference on Current trends in theory and practice of computer science
APR-Quad: an update efficient authenticated dictionary for spatial data
Proceedings of the 4th ACM SIGSPATIAL International Workshop on Security and Privacy in GIS and LBS
Security frameworks for open LBS based on web services security mechanism
ISPA'05 Proceedings of the 2005 international conference on Parallel and Distributed Processing and Applications
Open location-based service using secure middleware infrastructure in web services
ICCSA'05 Proceedings of the 2005 international conference on Computational Science and Its Applications - Volume Part II
XML-signcryption based LBS security protocol acceleration methods in mobile distributed computing
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part V
Efficient certificate revocation system implementation: Huffman Merkle Hash Tree (HuffMHT)
TrustBus'05 Proceedings of the Second international conference on Trust, Privacy, and Security in Digital Business
Verified query results from hybrid authentication trees
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
XKMS-Based key management for open LBS in web services environment
AWIC'05 Proceedings of the Third international conference on Advances in Web Intelligence
Modeling public key infrastructures in the real world
EuroPKI'05 Proceedings of the Second European conference on Public Key Infrastructure
Using automated banking certificates to detect unauthorised financial transactions
FC'06 Proceedings of the 10th international conference on Financial Cryptography and Data Security
Simple and flexible revocation checking with privacy
PET'06 Proceedings of the 6th international conference on Privacy Enhancing Technologies
Toward revocation data handling efficiency in VANETs
Nets4Cars/Nets4Trains'12 Proceedings of the 4th international conference on Communication Technologies for Vehicles
Revocable identity-based encryption from lattices
ACISP'12 Proceedings of the 17th Australasian conference on Information Security and Privacy
Proceedings of the 2012 ACM conference on Computer and communications security
Privacy-preserving revocation checking with modified CRLs
EuroPKI'07 Proceedings of the 4th European conference on Public Key Infrastructure: theory and practice
On the self-similarity nature of the revocation data
ISC'12 Proceedings of the 15th international conference on Information Security
Authenticated data structures, generically
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
| Hi-index | 0.07 |
We present a solution for the problem of certificate revocation. This solution represents certificate revocation lists by authenticated dictionaries that support: (1) efficient verification whether a certificate is in the list or not and (2) efficient updates (adding/removing certificates from the list). The suggested solution gains in scalability, communication costs, robustness to parameter changes, and update rate. Comparisons to the following solutions (and variants) are included: “traditional” certificate revocation lists (CRLs), Micali's (see Tech. Memo MIT/LCS/TM-542b, 1996) certificate revocation system (CRS), and Kocher's (see Financial Cryptography-FC'98 Lecture Notes in Computer Science. Berlin: Springer-Verlag, 1998, vol.1465, p.172-7) certificate revocation trees (CRT). We also consider a scenario in which certificates are not revoked, but frequently issued for short-term periods. Based on the authenticated dictionary scheme, a certificate update scheme is presented in which all certificates are updated by a common message. The suggested solutions for certificate revocation and certificate update problems are better than current solutions with respect to communication costs, update rate, and robustness to changes in parameters, and are compatible, e.g., with X.500 certificates