Internet Privacy Enhanced Mail
Communications of the ACM - Special issue on internetworking
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Understanding Public-Key Infrastructure: Concepts, Standards, and Deployment Considerations
Understanding Public-Key Infrastructure: Concepts, Standards, and Deployment Considerations
Elliptic Curve Public Key Cryptosystems
Elliptic Curve Public Key Cryptosystems
Cryptography and Network Security: Principles and Practice
Cryptography and Network Security: Principles and Practice
Can We Eliminate Certificate Revocations Lists?
FC '98 Proceedings of the Second International Conference on Financial Cryptography
On Certificate Revocation and Validation
FC '98 Proceedings of the Second International Conference on Financial Cryptography
Revocation: Options and Challenges
FC '98 Proceedings of the Second International Conference on Financial Cryptography
Efficient and Fresh Cerification
PKC '00 Proceedings of the Third International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
Efficient Certificate Revocation
Efficient Certificate Revocation
Certificate revocation and certificate update
IEEE Journal on Selected Areas in Communications
Merging and extending the PGP and PEM trust models-the ICE-TEL trust model
IEEE Network: The Magazine of Global Internetworking
Optimized Certificates --- A New Proposal for Efficient Electronic Document Signature Validation
EuroPKI '08 Proceedings of the 5th European PKI workshop on Public Key Infrastructure: Theory and Practice
A hybrid public key infrastructure solution (HPKI) for HIPAA privacy/security regulations
Computer Standards & Interfaces
| Hi-index | 0.00 |
Certification is a common mechanism for authentic public key distribution. In order to obtain a public key, verifiers need to extract a certificate path from a network of certificates, which is called public key infrastructure (PKI), and verify the certificates on this path recursively. This is classical methodology. Nested certification is a novel methodology for efficient certificate path verification. Basic idea is to issue special certificates (called nested certificates) for other certificates. Nested certificates can be used together with classical certificates in PKIs. Such a PKI, which is called nested certificate-based PKI (NPKI), is proposed in this paper as an alternative to classical PKI. The concept of "certificates for other certificates" results in nested certificate paths in which the first certificate is verified cryptographically while others are verified by just fast hash computations. Thus, we can employ efficiently verifiable nested certificate paths instead of classical certificate paths. NPKI is a dynamic system and involves several authorities in order to add a new user to the system. This uses the authorities' idle time to the benefit of the verifiers. We formulate the trade-off between the nested certification overhead and the time improvement on certificate path verification. This trade-off is numerically analyzed for a 4-level 20-ary balanced tree-shaped PKI and it has been shown that the extra cost of nested certification is in acceptable limits in order to generate quickly verifiable certificate paths for certain applications. Moreover, PKI-to-NPKI transition preserves the existing hierarchy and trust relationships in the PKI, so that it can be used for PKIs with fixed topology. Although there are many certificates in NPKI, certificate revocation is no more of a problem than with classical PKIs. NPKI even has an advantage on the number of certificate revocation controls: at most two certificate revocation controls are sufficient independent of the path length. Nested certificates can be easily adopted into X.509 standard certificate structure. Both verification efficiency and revocation advantage of NPKI and nested certificates make them suitable for hierarchical PKIs of wireless applications where wireless end users have limited processing power.