Tradeoffs in certificate revocation schemes
ACM SIGCOMM Computer Communication Review
Certificate validation service using XKMS for computational grid
Proceedings of the 2003 ACM workshop on XML security
Configurable Security Protocols for Multi-party Data Analysis with Malicious Participants
ICDE '05 Proceedings of the 21st International Conference on Data Engineering
Security frameworks for open LBS based on web services security mechanism
ISPA'05 Proceedings of the 2005 international conference on Parallel and Distributed Processing and Applications
XML-Based digital signature accelerator in open mobile grid computing
GCC'05 Proceedings of the 4th international conference on Grid and Cooperative Computing
XML-based security acceleration methods supporting fast mobile grid
EC-Web'05 Proceedings of the 6th international conference on E-Commerce and Web Technologies
A security acceleration using XML signcryption scheme in mobile grid web services
ICWE'05 Proceedings of the 5th international conference on Web Engineering
XKMS-Based key management for open LBS in web services environment
AWIC'05 Proceedings of the Third international conference on Advances in Web Intelligence
| Hi-index | 0.00 |
The widespread use of public networks, such as the Internet, for the exchange of sensitive data, like legally valid documents and business transactions, poses severe security constraints. The approach relying on public-key certificates certainly represents a valuable solution from the viewpoint of data integrity and authentication. The effectiveness of the approach, however, may be arguable, especially when a trivial strategy is adopted within a public key infrastructure (PKI) to deal with the problem of revoked certificates. This paper presents a novel certificate status handling scheme, based on a purposely-conceived extension of the one-way accumulator (OWA) cryptographic primitive. The distinguishing characteristic of the devised Owa-based Revocation Scheme (ORS) is that it exploits a single directory-signed proof to collectively authenticate the status of all the certificates handled by a certification authority (CA) within a PKI. A thorough investigation on the performance attainable shows that ORS exhibits the same features of the well-known Online Certificate Status Protocol (OCSP) as regards security, scalability and certificate status-updating timeliness, at the same time drastically reducing the directory computational load that, in a high-traffic context, could be nearly unbearable when OCSP is applied.