CRIS Current Research Information System
IRIS è la soluzione IT che facilita la raccolta e la gestione dei dati relativi alle attività e ai prodotti della ricerca. Fornisce a ricercatori, amministratori e valutatori gli strumenti per monitorare i risultati della ricerca, aumentarne la visibilità e allocare in modo efficace le risorse disponibili.
EnglishThe paper presents a new on-line method for efficient authentication and verification of certificate status within Public-Key Infrastructures (PKIs). The method, based on a purposely conceived extension of the One-Way Accumulator (OWA) cryptographic primitive, permits to provide an explicit, concise, authenticated and not forgeable proof about the revocation status of each certificate. A thorough investigation on the performance attainable under different operating conditions shows that the devised method exhibits the same positive features of the well-known On-line Certificate Status Protocol (OCSP) as regards scalability, security and timeliness. Moreover, its peculiar characteristic of authenticating certificates status via a collective directory-signed proof leads to a significant reduction of the directory computational load, which turns out to be upper limited to a bound independent from the rate PKI’s users perform certificate status verification operations. This feature is particularly remarkable in a high-traffic scenario, where performance bottlenecks could be exploited to induce a denial-of-service over the directory, as it may happen when OCSP is applied.
| Titolo: | Efficient authentication and verification of certificate status within public-key infrastructures |
| Autore/i: | FALDELLA, EUGENIO; PRANDINI, MARCO |
| Autore/i Unibo: | |
| Anno: | 2004 |
| Titolo del libro: | Proceedings of the Third IASTED International Conference on Communications, Internet and Information Technology |
| Pagina iniziale: | 182 |
| Pagina finale: | 188 |
| Abstract: | The paper presents a new on-line method for efficient authentication and verification of certificate status within Public-Key Infrastructures (PKIs). The method, based on a purposely conceived extension of the One-Way Accumulator (OWA) cryptographic primitive, permits to provide an explicit, concise, authenticated and not forgeable proof about the revocation status of each certificate. A thorough investigation on the performance attainable under different operating conditions shows that the devised method exhibits the same positive features of the well-known On-line Certificate Status Protocol (OCSP) as regards scalability, security and timeliness. Moreover, its peculiar characteristic of authenticating certificates status via a collective directory-signed proof leads to a significant reduction of the directory computational load, which turns out to be upper limited to a bound independent from the rate PKI’s users perform certificate status verification operations. This feature is particularly remarkable in a high-traffic scenario, where performance bottlenecks could be exploited to induce a denial-of-service over the directory, as it may happen when OCSP is applied. |
| Data prodotto definitivo in UGOV: | 12-ott-2005 |
| Appare nelle tipologie: | 4.01 Contributo in Atti di convegno |
File in questo prodotto:
Copyright © 2021