Skip to main content
SpringerLink
Log in

CPTIAS: a new fast PKI authentication scheme based on certificate path trust index

  • Original Research
  • Published:
Journal of Ambient Intelligence and Humanized Computing Aims and scope Submit manuscript

Abstract

A key bottleneck in electronic business is the need to fetch and validate the server certificate before a secure connection can be established. Most current studies assume that the certificate has the same level of risk and less consideration different users have different security requirements, and even the same users has different security requirements in different scenarios. So we propose a new and flexible PKI authentication scheme based on certificate path trust index (CPTI). Analysis and experimental results show that users can give a trade off between security and efficiency, and the scheme has a higher efficiency and no bottleneck when authenticating with the higher level CAs.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  • Balfanz D et al (2004) In search of usable security: five lessons from the field. Secur Priv, IEEE 2(5):19–24

    Article  Google Scholar 

  • Branchaud M (1999) Caching the Online Certicate Status Protocol. IETF Internet Draft. https://tools.ietf.org/html/draft-ietf-pkix-ocsp-caching-00. Accessed Dec 2014

  • Coarfa C, Druschel P, Wallach DS (2002) Performance analysis of TLS Web Servers. In: Proceedings of NDSS’02, pp 553–558

  • Dabek F et al (2004) Vivaldi: a decentralized network coordinate system. In: The Proceedings of the SIGCOMM’04, Portland, Oregon, pp 15–26

  • Deaconm A, Hurst R (2007) The lightweight online certificate status protocol (OCSP) profile for high-volume environments. IETF Internet Draft. https://tools.ietf.org/html/rfc5019. Accessed Dec 2014

  • Drew M, Streib K (2004) Keyanalyze—analysis of a large OpenPGP ring. http://dtype.org/keyanalyze/. Accessed May 2010

  • Emily S, et al. (2012) The case for perfecting and prevalidating TLS server certificates. In: proceedings of the 19th Annual Network and Distributed System Security Conference

  • Golbeck J, Hendler J (2006) Inferring erust relationships in web-based social networks. ACM Trans Internet Technol 6(4):497–529

    Article  Google Scholar 

  • Hovav S, Boneh D, Eric R (2004) Client side caching for TLS. ACM Trans. Info Sys Secur 7(4):553–575

    Article  Google Scholar 

  • Huang LS, et al (2014) An experimental study of TLS forward secrecy deployments. IEEE Internet ComputingWeb 2.0 Security and Privacy (W2SP)

  • Huang J, Nicol D (2009) A calculus of trust and its application to pki and identity management. In: Proceedings of the 8th Symposium on Identity and Trust on the Internet, IDtrust’09, pp 23–37

  • Langley A, Modadugu N, Moeller B (2010) Transport layer security (TLS) false start. Working Draft, IETF Internet Draft. https://tools.ietf.org/html/draft-bmoeller-tls-falsestart-00. Accessed Dec 2014

  • Li J, Kim K (2010) Hidden attribute-based signatures without anonymity revocation. Inf Sci 180(9):1681–1689

    Article  MATH  MathSciNet  Google Scholar 

  • Li J, Zhang F, Wang Y (2006) A new hierarchical ID-based cryptosystem and CCA-secure PKE. In: Emerging directions in embedded and ubiquitous computing, vol 4097. Springer, Berlin, Heidelberg, pp 362–371

  • Li J et al (2014a) Securely outsourcing attribute-based encryption with checkability. IEEE Trans Parallel Distrib Syst 25(8):2201–2210

    Article  Google Scholar 

  • Li J et al (2014b) Secure deduplication with efficient and reliable convergent key management. IEEE Trans Parallel Distrib Syst 25(6):1615–1625

    Article  Google Scholar 

  • Shacham H, Boneh D (2002) Fast-track session establishment for TLS. In: Proceedings of the network and distributed system security symposium (NDSS’02), pp 195–202

  • Souders S (2010) WPO-web performance optimization. http://www.stevesouders.com/blog/2010/05/07/wpo-web-performance-optimization/. Accessed Nov 2014

  • Sunshine J, Egelman S, Almuhimedi H (2009) Crying wolf: an empirical study of ssl warning effectiveness. In Proceedings of the 18th USENIX security symposium, USENIX Security’09, pp 399–416

  • Zhao MY, Sean SW (2006) Modeling and evaluation of certification path discovery in the emerging global PKI. Europe PKI 2006, Turin, pp 16–30

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Shijiazhuang TieDao University Shjiazhuang, 17 Northeast, Second Inner Ring, Shijiazhuang, 050043, Hebei, People’s Republic of China

    Gao Zhiwei, Hu Yingxin & Lu Kai

Authors
  1. Gao Zhiwei
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hu Yingxin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Lu Kai
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gao Zhiwei.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zhiwei, G., Yingxin, H. & Kai, L. CPTIAS: a new fast PKI authentication scheme based on certificate path trust index. J Ambient Intell Human Comput 6, 721–731 (2015). https://doi.org/10.1007/s12652-015-0273-z

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12652-015-0273-z

Keywords

Search

Navigation