Abstract
A key bottleneck in electronic business is the need to fetch and validate the server certificate before a secure connection can be established. Most current studies assume that the certificate has the same level of risk and less consideration different users have different security requirements, and even the same users has different security requirements in different scenarios. So we propose a new and flexible PKI authentication scheme based on certificate path trust index (CPTI). Analysis and experimental results show that users can give a trade off between security and efficiency, and the scheme has a higher efficiency and no bottleneck when authenticating with the higher level CAs.
Similar content being viewed by others
References
Balfanz D et al (2004) In search of usable security: five lessons from the field. Secur Priv, IEEE 2(5):19–24
Branchaud M (1999) Caching the Online Certicate Status Protocol. IETF Internet Draft. https://tools.ietf.org/html/draft-ietf-pkix-ocsp-caching-00. Accessed Dec 2014
Coarfa C, Druschel P, Wallach DS (2002) Performance analysis of TLS Web Servers. In: Proceedings of NDSS’02, pp 553–558
Dabek F et al (2004) Vivaldi: a decentralized network coordinate system. In: The Proceedings of the SIGCOMM’04, Portland, Oregon, pp 15–26
Deaconm A, Hurst R (2007) The lightweight online certificate status protocol (OCSP) profile for high-volume environments. IETF Internet Draft. https://tools.ietf.org/html/rfc5019. Accessed Dec 2014
Drew M, Streib K (2004) Keyanalyze—analysis of a large OpenPGP ring. http://dtype.org/keyanalyze/. Accessed May 2010
Emily S, et al. (2012) The case for perfecting and prevalidating TLS server certificates. In: proceedings of the 19th Annual Network and Distributed System Security Conference
Golbeck J, Hendler J (2006) Inferring erust relationships in web-based social networks. ACM Trans Internet Technol 6(4):497–529
Hovav S, Boneh D, Eric R (2004) Client side caching for TLS. ACM Trans. Info Sys Secur 7(4):553–575
Huang LS, et al (2014) An experimental study of TLS forward secrecy deployments. IEEE Internet ComputingWeb 2.0 Security and Privacy (W2SP)
Huang J, Nicol D (2009) A calculus of trust and its application to pki and identity management. In: Proceedings of the 8th Symposium on Identity and Trust on the Internet, IDtrust’09, pp 23–37
Langley A, Modadugu N, Moeller B (2010) Transport layer security (TLS) false start. Working Draft, IETF Internet Draft. https://tools.ietf.org/html/draft-bmoeller-tls-falsestart-00. Accessed Dec 2014
Li J, Kim K (2010) Hidden attribute-based signatures without anonymity revocation. Inf Sci 180(9):1681–1689
Li J, Zhang F, Wang Y (2006) A new hierarchical ID-based cryptosystem and CCA-secure PKE. In: Emerging directions in embedded and ubiquitous computing, vol 4097. Springer, Berlin, Heidelberg, pp 362–371
Li J et al (2014a) Securely outsourcing attribute-based encryption with checkability. IEEE Trans Parallel Distrib Syst 25(8):2201–2210
Li J et al (2014b) Secure deduplication with efficient and reliable convergent key management. IEEE Trans Parallel Distrib Syst 25(6):1615–1625
Shacham H, Boneh D (2002) Fast-track session establishment for TLS. In: Proceedings of the network and distributed system security symposium (NDSS’02), pp 195–202
Souders S (2010) WPO-web performance optimization. http://www.stevesouders.com/blog/2010/05/07/wpo-web-performance-optimization/. Accessed Nov 2014
Sunshine J, Egelman S, Almuhimedi H (2009) Crying wolf: an empirical study of ssl warning effectiveness. In Proceedings of the 18th USENIX security symposium, USENIX Security’09, pp 399–416
Zhao MY, Sean SW (2006) Modeling and evaluation of certification path discovery in the emerging global PKI. Europe PKI 2006, Turin, pp 16–30
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Zhiwei, G., Yingxin, H. & Kai, L. CPTIAS: a new fast PKI authentication scheme based on certificate path trust index. J Ambient Intell Human Comput 6, 721–731 (2015). https://doi.org/10.1007/s12652-015-0273-z
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-015-0273-z