Abstract
Certificate validation is one of the toughest scalability problems of the PKI. The goal of this paper is to introduce a Java platform for certificate revocation called CERVANTES. CERVANTES pretends to be an easy to extend tool that allows researchers to develop and test their own “real” revocation systems. As CERVANTES is an open source project it can also be included as part of any open PKI project. The platform is very flexible and due to its modular design it allows for example, to fit a new kind of status checking protocol without having to recompile the source code. CERVANTES includes our implementations of the main standards (CRLs and OCSP) as well as an implementation of a system based on the Merkle Hash Tree (one of the most popular systems among the non-standard ones). Finally, we use CERVANTES to obtain performance results about each developped system. These results guarantee that CERVANTES runs as expected.
This work has been supported by the Spanish Research Council under the project ARPA (TIC2003-08184-C02-02) and the European Research Council under the project UBISEC (IST-FP6 506926).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
SNACC for JAVA, http://www.alphaworks.ibm.com/tech/snaccforjava
Adams, C., Farrell, S.: Internet X.509 Public Key Infrastructure Certificate Management Protocols (1999) RFC 2510
Arnes, A., Just, M., Knapskog, S.J., Lloyd, S., Meijer, H.: Selecting revocation solutions for PKI. In: NORDSEC 1995 (1995)
Cooper, D.A.: A model of certificate revocation. In: Fifteenth Annual Computer Security Applications Conference, pp. 256–264 (1999)
Housley, R., Ford, W., Polk, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and CRL Profile (1999) RFC 2459
ITU/ISO Recommendation. X.509 Information Technology Open Systems Interconnection - The Directory: Autentication Frameworks, Technical Corrigendum (2000)
Kocher, P.C.: On certificate revocation and validation. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 172–177. Springer, Heidelberg (1998)
Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 234–246. Springer, Heidelberg (1989)
Muñoz, J.L., Forné, J.: Design of a Certificate Revocation Platform. In: International Conference on Information Technology: Research and Education (ITRE 2003). IEEE Communications Society, Los Alamitos (2003)
Muñoz, J.L., Forné, J.: Evaluation of Certificate Revocation Policies: OCSP vs. Overissued CRL. In: DEXA Workshops 2002, Workshop on Trust and Privacy in Digital Business (TrustBus 2002), September 2002, pp. 511–515. IEEE Computer Society, Los Alamitos (2002)
Muñoz, J.L., Forné, J., Esparza, O., Soriano, M., Jodra, D.: Evaluation of Certificate Revocation Systems with a JAVA Test-Bed. In: DEXA Workshops 2003, Workshop on Trust and Privacy in Digital Business (TrustBus 2003). IEEE Computer Society, Los Alamitos (2003)
Muñoz, J.L., Forné, J., Esparza, O., Soriano, M.: A Certificate Status Checking Protocol for the Authenticated Dictionary. In: Gorodetsky, V., Popyack, L.J., Skormin, V.A. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 255–266. Springer, Heidelberg (2003)
Muñoz, J.L., Forné, J., Esparza, O., Soriano, M.: A Certificate Revocation System Implementation Based on the Merkle Hash Tree. International Journal of Information Security (IJIS) 2(2), 110–124 (2004)
Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP (1999) RFC 2560
Naor, M., Nissim, K.: Certificate Revocation and Certificate Update. IEEE Journal on Selected Areas in Communications 18(4), 560–561 (2000)
Polk, W., Ford, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile (2002) RFC 3280
ITU-T Recommendation X.690. ASN.1 Encoding Rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER) (1995)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Muñoz, J.L., Forné, J., Esparza, O., Soriano, M. (2004). CERVANTES – A Certificate Validation Test-Bed. In: Katsikas, S.K., Gritzalis, S., López, J. (eds) Public Key Infrastructure. EuroPKI 2004. Lecture Notes in Computer Science, vol 3093. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-25980-0_3
Download citation
DOI: https://doi.org/10.1007/978-3-540-25980-0_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22216-3
Online ISBN: 978-3-540-25980-0
eBook Packages: Springer Book Archive