Advanced Search
CS Search Google Search
Subscribers, please login

Published Articles >> Table of Contents >> Abstract

16th Annual Computer Security Applications Conference (ACSAC'00)   p. 270
A novel approach to on-line status authentication of public-key certificates
E. Faldella, Dept. of Electron., Comput. Sci. & Syst., Bologna Univ., Italy
M. Prandini, Dept. of Electron., Comput. Sci. & Syst., Bologna Univ., Italy
Full Article Text: Download PDF of full textBuy this articleGet full text from IEEE Xplore

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ACSAC.2000.898881
Send link to a friend

Abstract
The widespread use of public networks, such as the Internet, for the exchange of sensitive data, like legally valid documents and business transactions, poses severe security constraints. The approach relying on public-key certificates certainly represents a valuable solution from the viewpoint of data integrity and authentication. The effectiveness of the approach, however, may be arguable, especially when a trivial strategy is adopted within a public key infrastructure (PKI) to deal with the problem of revoked certificates. This paper presents a novel certificate status handling scheme, based on a purposely-conceived extension of the one-way accumulator (OWA) cryptographic primitive. The distinguishing characteristic of the devised Owa-based Revocation Scheme (ORS) is that it exploits a single directory-signed proof to collectively authenticate the status of all the certificates handled by a certification authority (CA) within a PKI. A thorough investigation on the performance attainable shows that ORS exhibits the same features of the well-known Online Certificate Status Protocol (OCSP) as regards security, scalability and certificate status-updating timeliness, at the same time drastically reducing the directory computational load that, in a high-traffic context, could be nearly unbearable when OCSP is applied.
Additional Information
Index Terms- public key cryptography; message authentication; telecommunication security; computer networks; data integrity; protocols; online status authentication; public-key certificates; public networks; Internet; sensitive data exchange; security constraints; data integrity; authentication; public key infrastructure; revoked certificates; certificate status handling scheme; one-way accumulator; cryptography; Owa-based Revocation Scheme; certification authority; Online Certificate Status Protocol; scalability; computational load

Citation:  E. Faldella, M. Prandini, "A novel approach to on-line status authentication of public-key certificates," acsac, p. 270,  16th Annual Computer Security Applications Conference (ACSAC'00),  2000

Similar Articles

Abstract Contents
Abstract
Index Terms
Citation

Download Citation
Ascii Text
BibTex
RefWorks
Procite/RefMan/Endnote




Free access to

  • Abstracts
  • Selected PDFs

Electronic subscribers login to:

  • Access HTML/PDFs of full text articles

Subscription information

Get a Web account

PDFs require Adobe Acrobat Reader.

Peer Review Notice

Give us Feedback