Skip to main content
SpringerLink
Log in

E-MHT. An Efficient Protocol for Certificate Status Checking

  • Conference paper
Information Security Applications (WISA 2003)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2908))

Included in the following conference series:

  • 344 Accesses

Abstract

Public-key cryptography is widely used as the underlying mechanism for securing many protocols and applications in the Internet. A Public Key Infrastructure (PKI) is required to securely deliver public-keys to widely-distributed users or systems. The public key is usually made public by way of a digital document called a certificate. Certificates are valid during a certain period of time, however, there are circumstances under which the validity of a certificate must be terminated sooner than assigned and thus, the certificate needs to be revoked. The revocation of certificates implies one of the major costs of the whole PKI. The goal of this paper is to present an efficient offline revocation system based on the Merkle Hash Tree (MHT) named Enhanced-MHT (E-MHT). The authors propose several mechanisms that allow the E-MHT to provide a response size that is close to (or even better than) online systems. These mechanisms include the optimization of the MHT \(\mathcal {P}\)aths for non-revoked certificates, the division of the status data among multiple MHTs and a low cost mechanism for re-utilization of MHT digests and E-MHT responses. Furthermore, an ASN.1 protocol for the E-MHT is introduced and discussed. Finally, a performance evaluation of the E-MHT using this protocol is presented.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Adams, C., Farrell, S.: Internet X.509 Public Key Infrastructure Certificate Management Protocols, RFC 2510 (1999)

    Google Scholar 

  2. Buldas, A., Laud, P., Lipmaa, H.: Eliminating counterevidence with applications to accountable certificate management. Journal of Computer Security 10(3), 273–296 (2002)

    Google Scholar 

  3. Even, S., Goldreich, O., Micali, S.: Online/offline signatures. Journal of Criptology 9, 35–67 (1996)

    Article  MATH  MathSciNet  Google Scholar 

  4. Fox, B., LaMacchia, B.: Certificate Revocation: Mechanics and Meaning. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 158–164. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  5. Housley, R., Ford, W., Polk, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and CRL Profile, RFC 2459 (1999)

    Google Scholar 

  6. ITU/ISO Recommendation. X.509 Information Technology Open Systems Interconnection - The Directory: Autentication Frameworks, Technical Corrigendum (2000)

    Google Scholar 

  7. Kocher, P.C.: On certificate revocation and validation. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 172–177. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  8. Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 234–246. Springer, Heidelberg (1989)

    Google Scholar 

  9. Micali, S.: Efficient certificate revocation. Technical Report TM-542b, MIT Laboratory for Computer Science (1996)

    Google Scholar 

  10. Muñoz, J.L., Forné, J., Esparza, O., Soriano, M.: A Certificate Status Checking Protocol for the Authenticated Dictionary. In: Gorodetsky, V., Popyack, L.J., Skormin, V.A. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 255–266. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  11. Muñoz, J.L., Forné, J., Esparza, O., Soriano, M.: Implementation of an Efficient Authenticated Dictionary for Certificate Revocation. In: The Eighth IEEE Symposium on Computers and Communications (ISCC 2003), June 2003, vol. 1, pp. 238–243. IEEE Computer Society, Los Alamitos (2003)

    Chapter  Google Scholar 

  12. Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP, RFC 2560 (1999)

    Google Scholar 

  13. Naor, M., Nissim, K.: Certificate Revocation and Certificate Update. IEEE Journal on Selected Areas in Communications 18(4), 560–561 (2000)

    Article  Google Scholar 

  14. CCITT Recommendation X.500. The directory overview of concepts, models and services (1988)

    Google Scholar 

  15. ITU-T Recommendation X.680. Abstract syntax notation one (asn.1): Specification of basic notation (1995)

    Google Scholar 

  16. ITU-T Recommendation X.690. ASN.1 Encoding Rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER) (1995)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Technical University of Catalonia (Telematics Engineering Department), 1-3 Jordi Girona, C3 08034, Barcelona, Spain

    Jose L. Muñoz, Jordi Forné, Oscar Esparza & Miguel Soriano

Authors
  1. Jose L. Muñoz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jordi Forné
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Oscar Esparza
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Miguel Soriano
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dept. of Computer Science and Engineering, Ewha Womans University, Korea

    Ki-Joon Chae

  2. Computer Science Department, Google Inc. and Columbia University, 1214 Amsterdam Avenue, NY 10027, New York, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Muñoz, J.L., Forné, J., Esparza, O., Soriano, M. (2004). E-MHT. An Efficient Protocol for Certificate Status Checking. In: Chae, KJ., Yung, M. (eds) Information Security Applications. WISA 2003. Lecture Notes in Computer Science, vol 2908. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24591-9_31

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-24591-9_31

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-20827-3

  • Online ISBN: 978-3-540-24591-9

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation