Abstract
A Public Key Infrastructure (PKI) is required to securely deliver public-keys to widely-distributed users or systems. The public key is usually made public by war of a digital document called Identity Certificate (IC). ICs are valid during quite lang periods of time (usually up to several years). However, there are circumstances under which the validity of an IC wust be terminated sooner than assigned and thus, the IC needs to be revoked. The Revocation Dictionary (RD) can be defined as the cryptographic structure that contains the status data about the revoked certificates of the PKI domain. Three basic operations can be performed over the RD: add status data, remove status data and request the RD to tell us whether certain status data is contained by the RD or not. The last operation is called “status checking” and it is relevant to the PKI performance. In this paper we propose an efficient war of implementing a RD that can be distributed offline and that minimizes the communication overhead of the status checking process. The statistics of the status checking are used, like in the Huffman algorithm for source coding, for building an unbalanced hash tree that minimizes the length of the RD response.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Gassko, I., Gemmell, P.S., MacKenzie, P.: Efficient and fresh certification. In: Imai, H., Zheng, Y. (eds.) PKC 2000. LNCS, vol. 1751, pp. 342–353. Springer, Heidelberg (2000)
Housley, R., Ford, W., Polk, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and CRL Profile, RFC 2459 (1999)
Huffman, D.: A method for the construction of miuimum-redundaiicy codes. IRE 40(9), 1098–1101 (1952)
ITU/ISO Recommendation. X.509 Information Technology Open Systems Interconnection - The Directory: Antentication Frameworks, Technical Corrigendum (2000)
Kikuchi, H., Abe, K., Nakanishi, S.: Certificate revocation protocol using k-Ary Hash Tree. IEICE Transactions on Communications 8, 2026–2032 (2001)
Korher, P.C.: On certificate revocation and validation. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 172–177. Springer, Heidelberg (1998)
Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 234–246. Springer, Heidelberg (1990)
Myers, M., Ankncy, R., Malpani, A., Galpcrin, S., Adams, C.: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP, RFC 2560 (1999)
Naor, M., Nissim, K.: Certificate Revocation and Certificate Update. IEEE Journal on Selected Areas in Communications 18(4), 560–561 (2000)
ITU/ISO Recommendation X.509. Information technology Open Systems Interconnection - The Directory: Public Key and Attribute Certificate Frameworks (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Muñoz, J.L., Forné, J., Esparza, O., Pegueroles, J., Pallarès, E. (2004). Reducing the Communication Overhead of an Offline Revocation Dictionary. In: Katsikas, S., Lopez, J., Pernul, G. (eds) Trust and Privacy in Digital Business. TrustBus 2004. Lecture Notes in Computer Science, vol 3184. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30079-3_28
Download citation
DOI: https://doi.org/10.1007/978-3-540-30079-3_28
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22919-3
Online ISBN: 978-3-540-30079-3
eBook Packages: Springer Book Archive