Skip to main content
SpringerLink
Log in

CERVANTES – A Certificate Validation Test-Bed

  • Conference paper
Public Key Infrastructure (EuroPKI 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3093))

Included in the following conference series:

Abstract

Certificate validation is one of the toughest scalability problems of the PKI. The goal of this paper is to introduce a Java platform for certificate revocation called CERVANTES. CERVANTES pretends to be an easy to extend tool that allows researchers to develop and test their own “real” revocation systems. As CERVANTES is an open source project it can also be included as part of any open PKI project. The platform is very flexible and due to its modular design it allows for example, to fit a new kind of status checking protocol without having to recompile the source code. CERVANTES includes our implementations of the main standards (CRLs and OCSP) as well as an implementation of a system based on the Merkle Hash Tree (one of the most popular systems among the non-standard ones). Finally, we use CERVANTES to obtain performance results about each developped system. These results guarantee that CERVANTES runs as expected.

This work has been supported by the Spanish Research Council under the project ARPA (TIC2003-08184-C02-02) and the European Research Council under the project UBISEC (IST-FP6 506926).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. SNACC for JAVA, http://www.alphaworks.ibm.com/tech/snaccforjava

  2. Adams, C., Farrell, S.: Internet X.509 Public Key Infrastructure Certificate Management Protocols (1999) RFC 2510

    Google Scholar 

  3. Arnes, A., Just, M., Knapskog, S.J., Lloyd, S., Meijer, H.: Selecting revocation solutions for PKI. In: NORDSEC 1995 (1995)

    Google Scholar 

  4. Cooper, D.A.: A model of certificate revocation. In: Fifteenth Annual Computer Security Applications Conference, pp. 256–264 (1999)

    Google Scholar 

  5. Housley, R., Ford, W., Polk, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and CRL Profile (1999) RFC 2459

    Google Scholar 

  6. ITU/ISO Recommendation. X.509 Information Technology Open Systems Interconnection - The Directory: Autentication Frameworks, Technical Corrigendum (2000)

    Google Scholar 

  7. Kocher, P.C.: On certificate revocation and validation. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 172–177. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  8. Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 234–246. Springer, Heidelberg (1989)

    Google Scholar 

  9. Muñoz, J.L., Forné, J.: Design of a Certificate Revocation Platform. In: International Conference on Information Technology: Research and Education (ITRE 2003). IEEE Communications Society, Los Alamitos (2003)

    Google Scholar 

  10. Muñoz, J.L., Forné, J.: Evaluation of Certificate Revocation Policies: OCSP vs. Overissued CRL. In: DEXA Workshops 2002, Workshop on Trust and Privacy in Digital Business (TrustBus 2002), September 2002, pp. 511–515. IEEE Computer Society, Los Alamitos (2002)

    Google Scholar 

  11. Muñoz, J.L., Forné, J., Esparza, O., Soriano, M., Jodra, D.: Evaluation of Certificate Revocation Systems with a JAVA Test-Bed. In: DEXA Workshops 2003, Workshop on Trust and Privacy in Digital Business (TrustBus 2003). IEEE Computer Society, Los Alamitos (2003)

    Google Scholar 

  12. Muñoz, J.L., Forné, J., Esparza, O., Soriano, M.: A Certificate Status Checking Protocol for the Authenticated Dictionary. In: Gorodetsky, V., Popyack, L.J., Skormin, V.A. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 255–266. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  13. Muñoz, J.L., Forné, J., Esparza, O., Soriano, M.: A Certificate Revocation System Implementation Based on the Merkle Hash Tree. International Journal of Information Security (IJIS) 2(2), 110–124 (2004)

    Article  Google Scholar 

  14. Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP (1999) RFC 2560

    Google Scholar 

  15. Naor, M., Nissim, K.: Certificate Revocation and Certificate Update. IEEE Journal on Selected Areas in Communications 18(4), 560–561 (2000)

    Article  Google Scholar 

  16. Polk, W., Ford, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile (2002) RFC 3280

    Google Scholar 

  17. ITU-T Recommendation X.690. ASN.1 Encoding Rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER) (1995)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. (Telematics Engineering Department), Technical University of Catalonia, 1-3 Jordi Girona, C3 08034, Barcelona, Spain

    Jose L. Muñoz, Jordi Forné, Oscar Esparza & Miguel Soriano

Authors
  1. Jose L. Muñoz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jordi Forné
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Oscar Esparza
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Miguel Soriano
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dept. of Technology Education and Digital Systems, University of Piraeus, 150 Androutsou St., GR-18532, Pireaus, Greece

    Sokratis K. Katsikas

  2. Department of Information and Communication Systems Engineering, University of the Aegean, Karlovassi, Samos, Greece

    Stefanos Gritzalis

  3. Department of Information and Communication Technologies, University of A Coruña, Spain

    Javier López

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Muñoz, J.L., Forné, J., Esparza, O., Soriano, M. (2004). CERVANTES – A Certificate Validation Test-Bed. In: Katsikas, S.K., Gritzalis, S., López, J. (eds) Public Key Infrastructure. EuroPKI 2004. Lecture Notes in Computer Science, vol 3093. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-25980-0_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-25980-0_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-22216-3

  • Online ISBN: 978-3-540-25980-0

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation