A novel approach to on-line status authentication of public-key certificates

Faldella, E.; Prandini, Marco

doi:10.1109/acsac.2000.898881

Cited by 21 publications

(5 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These studies include Certificate Revocation System (CRS) (Micali, 1996), Certificate Revocation Tree (CRT) (Kocher, 1998), Delta CRL (Adams & Zuccherato, 1998), and On-line Certificate Status Protocol (OCSP) (The Internet Society, 1999). The use of CRS and CRT for certificate revocation still has a number of weaknesses, including the complexity of certificate verification and the latency associated with certificate statusupdating (Faldella & Prandini, 2000Naor & Nissim, 2002). Moreover, Cooper (2000) asserts that the Delta CRL mechanism does not improve the performance and scalability of the certificate-based PKI scheme.…”

Section: Related Workmentioning

confidence: 99%

Using a Public Key Registry for Improved Trust and Scalability in National E-Health Systems

Liu

Caelli

Chen

2013

International Journal of E-Health and Medical Communications

View full text Add to dashboard Cite

An increasing number of countries are faced with an aging population increasingly needing healthcare services. For any e-health information system, the need for increased trust by such clients with potentially little knowledge of any security scheme involved is paramount. In addition notable scalability of any system has become a critical aspect of system design, development and ongoing management. Meanwhile cryptographic systems provide the security provisions needed for confidentiality, authentication, integrity and non-repudiation. Cryptographic key management, however, must be secure, yet efficient and effective in developing an attitude of trust in system users. Digital certificate-based Public Key Infrastructure has long been the technology of choice or availability for information security/assurance; however, there appears to be a notable lack of successful implementations and deployments globally. Moreover, recent issues with associated Certificate Authority security have damaged trust in these schemes. This paper proposes the adoption of a centralised public key registry structure, a non-certificate based scheme, for large scale e-health information systems. The proposed structure removes complex certificate management, revocation and a complex certificate validation structure while maintaining overall system security. Moreover, the registry concept may be easier for both healthcare professionals and patients to understand and trust.

show abstract

Section: Related Workmentioning

confidence: 99%

Using a Public Key Registry for Improved Trust and Scalability in National E-Health Systems

Liu

Caelli

Chen

2013

International Journal of E-Health and Medical Communications

View full text Add to dashboard Cite

show abstract

“…Both the heights of the binary search tree and the redblack tree increase as O(log n) with time. The red-black tree is always shorter than the binary search tree, and approaches the optimum height 1 N/A O (1) hash chain CRT 5) O(n) N/A O(n) binary search tree 2-3 Tree 13) O(log n) N/A O(log n) 2-3 Tree EFECT 8) O(log n) N/A O(log n) B-Tree SEM 10) 1 1 O(1) Threshold RSA Accumulator 9) N/A O(n) O (1) RSA Accumulator proposed O(log n) N/A O(log n) red-black tree of a completely balanced tree. The maximum reduction at n = 20,000 was 0.75, which implies a reduction in computation cost for insert, delete, and search.…”

Section: 6 Estimation Based On Actual Revocation Datamentioning

confidence: 99%

Online Certification Status Verification with a Red-Black Hash Tree

Kikuchi

Abe

Nakanishi

2006

ipsjdc

View full text Add to dashboard Cite

Certificate revocation is a critical issue for a practical, public-key infrastructure. A new efficient revocation protocol using a one-way hash tree structure (instead of the classical list structure, which is known as a standard for revocation) was proposed and examined to reduce communication and computation costs. A tree approach, however, may run in O(n) time, in the worst case, i.e., when all the entries are sorted in descending order. A red-black tree is a binary sorted tree, with one extra bit per node, which is used for balancing the tree and guarantees that search and insertion operations take O(log n), even in the worst case. In this paper, we propose a binary red-black hash tree for certificate revocation and prove that it reduces costs more than any other tree balancing approache. We also compare the estimated communication and computation cost reductions of the red-black hash tree to those of the conventional binary search tree.

show abstract

“…When X=0 and v/u=100, because m has increased up to n, the number of total revoked certificates in system, computation cost reaches the maximum-about 174 exponentiations. Although this maximal cost is much better than in [5] and [6], some strategies can be employed to efficiently reduce computation cost. One is choosing a moderate value of X.…”

Section: B Re-computation Ofaccumulatorsmentioning

confidence: 99%

“…Although [5] and [6] present some methods to reduce traffic and computation in this scheme, unfortunately, the performance is still not satisfying.…”

Section: One-way Accumulatorsmentioning

confidence: 99%

Performance optimizations for certificate revocation

Liu

Zhao

Hou³

2004 IEEE International Workshop on IP Operations and Management

View full text Add to dashboard Cite

Certificate revocation is an outstanding problem in PKI. This paper extends Naor's scheme of dynamic hash tree in order to optimize performance. Set of revoked certificates is divided into groups. In each group, Proofs for certificate status are computed by using one-way accumulator, while all groups are still organized in hash tree. The main advantage of the proposed scheme is that it can adjust traffic between CA-todirectory and directory-to-user according to certificate update rate and query rate in applications, thus can remarkably reduce overall traffic consumed for certificate revocation, and can efficiently accommodate a wide range of scenarios. Compared with Naor's origin scheme, performance analysis shows it can reduce traffic by about 50% 'in typical environments.

show abstract

A novel approach to on-line status authentication of public-key certificates

Cited by 21 publications

References 7 publications

Using a Public Key Registry for Improved Trust and Scalability in National E-Health Systems

Using a Public Key Registry for Improved Trust and Scalability in National E-Health Systems

Online Certification Status Verification with a Red-Black Hash Tree

Performance optimizations for certificate revocation

Contact Info

Product

Resources

About