DOC PREVIEW
MASON ECE 636 - Cryptographic Support for Certificate Revocation

This preview shows page 1-2-3-24-25-26-27-49-50-51 out of 51 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 51 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 51 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 51 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 51 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 51 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 51 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 51 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 51 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 51 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 51 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 51 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

Cryptographic Support for Certificate Revocation Åsa Hagström Christopher J. Michelsen David Rowe Secure Telecommunication Systems, ECE 636/ INFT 931 April 20011 1 Abstract This paper we outline the complexities of certificate revocation within a public-key infrastructure (PKI). We describe the importance of certificate revocation and how to initiate a certificate revocation request. Three certificate revocation models are presented, specifically, certificate revocation lists (CRLs), online certificate status checking protocol (OCSP), and Naor-Nissim authenticated search trees. The models illustrate various approaches at handling the complexities of certificate revocation. Each of the models are evaluated against practical implementation criteria. The results of the comparison should assist PKI implementers and subscribers alike in understanding the ramifications for a particular certificate revocation mechanism. We conclude with a discussion of the significance of non-repudiation in certificate revocation, a summary, and suggestions for future work.2 Contents 1 Abstract..................................................................................................................... 1 Contents........................................................................................................................... 2 2 Introduction............................................................................................................... 7 3 Background............................................................................................................... 8 3.1 Public-key infrastructure ............................................................................ 8 3.1.1 Root certification authority (CA)..............................................................................10 3.1.2 Certification authority...............................................................................................10 3.1.3 Registration authority................................................................................................10 3.1.4 Local registration authority.......................................................................................10 3.1.5 Directories.................................................................................................................11 3.1.6 Users..........................................................................................................................11 3.2 Initiating a revocation request .................................................................. 11 3.3 Models for certificate revocation.............................................................. 13 4 Requirements for cryptographic services............................................................... 133 5 Evaluation criteria................................................................................................... 14 6 Certificate revocation lists...................................................................................... 16 6.1 Model definition........................................................................................ 16 6.1.1 Delta-CRL.................................................................................................................17 6.1.2 Over-issued CRL.......................................................................................................18 6.1.3 Distribution point (DP) CRL (segmented CRL)......................................................19 6.1.4 Hybrid CRL options..................................................................................................20 7 OCSP ...................................................................................................................... 20 7.1 Definition.................................................................................................. 21 8 Naor-Nissim authenticated search trees................................................................. 22 8.1 Theory....................................................................................................... 22 8.1.1 2-3 trees.....................................................................................................................23 8.1.2 Incremental cryptography.........................................................................................23 8.2 Model definition........................................................................................ 24 9 Evaluation results and comparison ........................................................................ 28 9.1 Background............................................................................................... 284 9.2 Security ..................................................................................................... 29 9.2.1 CRLs..........................................................................................................................29 9.2.2 OCSP.........................................................................................................................30 9.2.3 Naor-Nissim..............................................................................................................31 9.3 Freshness and timeliness........................................................................... 32 9.3.1 CRLs..........................................................................................................................33 9.3.2 OCSP.........................................................................................................................33 9.3.3 Naor-Nissim..............................................................................................................34 9.4 Bandwidth................................................................................................. 34 9.4.1 CRLs..........................................................................................................................35 9.4.2 OCSP.........................................................................................................................35 9.4.3 Naor-Nissim..............................................................................................................36 9.5 Scalability.................................................................................................. 37 9.5.1 CRLs..........................................................................................................................37 9.5.2


View Full Document

MASON ECE 636 - Cryptographic Support for Certificate Revocation

Documents in this Course
Load more
Download Cryptographic Support for Certificate Revocation
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Cryptographic Support for Certificate Revocation and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Cryptographic Support for Certificate Revocation 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?