The widespread use of public networks, such as the Internet, for the exchange of sensitive data, like legally valid documents and business transactions, poses severe security constraints. The approach relying on public-key certificates certainly represents a valuable solution from the viewpoint of data integrity and authentication. The effectiveness of the approach, however, may be arguable, especially when a trivial strategy is adopted within a public key infrastructure (PKI) to deal with the problem of revoked certificates. This paper presents a novel certificate status handling scheme, based on a purposely-conceived extension of the one-way accumulator (OWA) cryptographic primitive. The distinguishing characteristic of the devised Owa-based Revocation Scheme (ORS) is that it exploits a single directory-signed proof to collectively authenticate the status of all the certificates handled by a certification authority (CA) within a PKI. A thorough investigation on the performance attainable shows that ORS exhibits the same features of the well-known Online Certificate Status Protocol (OCSP) as regards security, scalability and certificate status-updating timeliness, at the same time drastically reducing the directory computational load that, in a high-traffic context, could be nearly unbearable when OCSP is applied.

Faldella, E., Prandini, M. (2000). A novel approach to on-line status authentication of public-key certificates. 10662 LOS VAQUEROS CIRCLE, PO BOX 3014, LOS ALAMITOS, CA 90720-1264 USA : IEEE Computer Society [10.1109/ACSAC.2000.898881].

A novel approach to on-line status authentication of public-key certificates

Prandini M.
Writing – Original Draft Preparation
2000

Abstract

The widespread use of public networks, such as the Internet, for the exchange of sensitive data, like legally valid documents and business transactions, poses severe security constraints. The approach relying on public-key certificates certainly represents a valuable solution from the viewpoint of data integrity and authentication. The effectiveness of the approach, however, may be arguable, especially when a trivial strategy is adopted within a public key infrastructure (PKI) to deal with the problem of revoked certificates. This paper presents a novel certificate status handling scheme, based on a purposely-conceived extension of the one-way accumulator (OWA) cryptographic primitive. The distinguishing characteristic of the devised Owa-based Revocation Scheme (ORS) is that it exploits a single directory-signed proof to collectively authenticate the status of all the certificates handled by a certification authority (CA) within a PKI. A thorough investigation on the performance attainable shows that ORS exhibits the same features of the well-known Online Certificate Status Protocol (OCSP) as regards security, scalability and certificate status-updating timeliness, at the same time drastically reducing the directory computational load that, in a high-traffic context, could be nearly unbearable when OCSP is applied.
2000
Proceedings - Annual Computer Security Applications Conference, ACSAC
270
276
Faldella, E., Prandini, M. (2000). A novel approach to on-line status authentication of public-key certificates. 10662 LOS VAQUEROS CIRCLE, PO BOX 3014, LOS ALAMITOS, CA 90720-1264 USA : IEEE Computer Society [10.1109/ACSAC.2000.898881].
Faldella, E.; Prandini, M.
File in questo prodotto:
Eventuali allegati, non sono esposti

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11585/904935
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 23
  • ???jsp.display-item.citation.isi??? 3
social impact