Skip to main content
SpringerLink
Log in
Book cover

International Conference on Computational Science and Its Applications

ICCSA 2006: Computational Science and Its Applications - ICCSA 2006 pp 1098–1106Cite as

Revocation Scheme for PMI Based Upon the Tracing of Certificates Chains

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 3983))

Abstract

Public Key Infrastructure (PKI) and Privilege Management Infrastructure (PMI) can respectively be used to support authentication and authorization in distributed scenarios. The validation of certificate chains is a critical issue in both infrastructures, because it requires several costly processes, such as certificate path discovery, validation of each certificate, and so on. The problem becomes even worst in devices with limited resources (battery, memory, computational capacity, etc.) as mobile devices. In this paper we present an architecture that reduces the communication and computational overhead of certificate status checking in a complete certificate chain. The proposed tracing of the certificates chains is based on a cascade certificate revocation policy.

This work has been supported by the Spanish Research Council under the project ARPA (TIC2003-08184-C02-02) and the European Union funded project UBISEC. We also thank both the Departament d’Universitats, Recerca i Societat de la Informació and European Social Funds that support M. Francisca Hinarejos’s PhD work.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   139.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. ITU-T Recommendation X.509, Information technology – Open Systems Interconnection – The Directory: Public Key and Attribute Certificate Frameworks (2000)

    Google Scholar 

  2. Farrell, S., Housley, R.: An Internet Attribute Certificate Profile for Authorization. IETF RFC 3281 (April 2002)

    Google Scholar 

  3. Hagstrom, A., Jajodia, S., Parisi-Presicce, F., Wijesekera, D.: Revocations –a classification. In: Proceedings of 14th IEEE Computer Security Foundations Workshop, 2001 June 11-13, pp. 44–58 (2001)

    Google Scholar 

  4. Sadighi Firozabadi, B., Sergot, M.: Revocation in the Privilege Calculus. In: Proceedings of the 1st International Workshop on Formal Aspects in Security and Trust (FAST 2003), September 2003, pp. 39–51 (2003)

    Google Scholar 

  5. Popescu, B.C., Crispo, B., Tanenbaum, A.S.: A certificate revocation scheme for a large-scale highly replicated distributed system. In: Proceedings of Eighth IEEE International Symposium on Computers and Communication (ISCC 2003), pp. 225–231 (2003)

    Google Scholar 

  6. Khurana, H., Gligor, V.D.: Review and revocation of access privileges distributed with PKI certificates. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2000. LNCS, vol. 2133, pp. 100–124. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  7. Adams, C., Farell, S.: Adams, Entrust Technologies. RFC 2510. SSE, Internet X.509 Public Key Infrastructure Certificate Management Protocols (March 1999)

    Google Scholar 

  8. Kortesniemi, Y.: SPKI Performance and Certificate Chain Reduction. In: Informatik 2002. Workshop Credential-basierte Zugriffskontrolle in offenen, interoperablen IT-Systemen, Dortmund, September 30- March10 (2002)

    Google Scholar 

  9. Pinkas, D. Bull, Housley, R.: RSA Laboratorios, Delegated Path Validation and Delegated Path Discovery Protocol Requirements. RFC 3379 (September 2002)

    Google Scholar 

  10. Lloyd, S.: PKI Forum, Understanding Certification Path Construction. White Paper (September 2002)

    Google Scholar 

  11. Elley, Y., Anderson, A., Hanna, S., Mullen, S., Perlman, R., Proctor, S.: Building Certification Paths: Forward vs. Reverse. In: Network and Distributed System Security Symposium Catamaran Resort Hotel San Diego, California, February 8-9 (2001)

    Google Scholar 

  12. Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: X.509 Internet Public Key Infrastructure – Online Certificate Status Protocol – OCSP. RFC 2560 (June 1999)

    Google Scholar 

  13. Kocher, P.C.: On certificate revocation and validation. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 172–177. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  14. Russell, S., Dawson, E., Okamoto, E., Lopez, J.: Virtual certificates and synthetic certificates: new paradigms for improving public key validation. Computer Communications 26(16,15), 1826–1838

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Telematics Engineering (ENTEL), Technical University of Catalonia (UPC), 1-3 Jordi Girona, C3 Campus Nord, Barcelona, 08034, Spain

    M. Francisca Hinarejos & Jordi Forné

Authors
  1. M. Francisca Hinarejos
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jordi Forné
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of Calgary, 2500 University Drive N.W., T2N 1N4, Calgary, AB, Canada

    Marina L. Gavrilova

  2. Department of Mathematics and Computer Science, University of Perugia, via Vanvitelli, 1, I-06123, Perugia, Italy

    Osvaldo Gervasi

  3. William Norris Professor, Head of the Computer Science and Engineering Department, University of Minnesota, USA

    Vipin Kumar

  4. OptimaNumerics Ltd.,, Cathedral House 23-31 Waring Street, BT1 2DX, Belfast, UK

    C. J. Kenneth Tan

  5. Clayton School of IT, Monash University, 3800, Clayton, Australia

    David Taniar

  6. Department of Chemistry, University of Perugia, Via Elce di Sotto, 8, I-06123, Perugia, Italy

    Antonio Laganá

  7. School of Computing, Soongsil University, Seoul, Korea

    Youngsong Mun

  8. School of Information and Communication Engineering, Sungkyunkwan University, Korea

    Hyunseung Choo

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Hinarejos, M.F., Forné, J. (2006). Revocation Scheme for PMI Based Upon the Tracing of Certificates Chains. In: Gavrilova, M.L., et al. Computational Science and Its Applications - ICCSA 2006. ICCSA 2006. Lecture Notes in Computer Science, vol 3983. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11751632_118

Download citation

  • DOI: https://doi.org/10.1007/11751632_118

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-34077-5

  • Online ISBN: 978-3-540-34078-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation