A Certificate Status Checking Protocol for the Authenticated Dictionary - Computer Network Security

Information Technology Reference

In-Depth Information

well too. Due to that, it is necessary to reduce the number of time-consuming

calculations like generation and verification of digital signatures and to minimize

the amount of data transmitted.

3 Related Work

In this Section we present in short the main approaches to the certificate sta-

tus checking. The simplest approach is traditional Certificate Revocation List

(CRL) [5]. CRL is the most mature revocation system and it is part of X.509

since its version 1. A CRL is a digitally signed collection of serial numbers with

additional information about version, CRL serial number, issuer, algorithm used

to sign, signature, issuing date, expiration date and some optional fields called

extensions. The CA that issued the certificate acts as RDI and repositories can

be used to distribute the CRL. The Indirect CRL (I-CRL) enables a RDI to pick

up revocation records from multiple CAs to be issued within a single CRL. In

1994 Delta CRL (D-CRL) was introduced; a Delta-CRL is a small CRL that

provides information about the certificates whose status have changed since the

issuance of a complete list called Base-CRL. CRL Distribution Points (CRL-DP)

was introduced in version 3 of X.509 [5]. In CRL Distribution Points, each CRL

contains the status information of a certain subgroup of certificates. The criteria

to create these subgroups can be geographic, level of importance, scope of use,

revocation reason, etc.

Micali proposed the Certificate Revocation System (CRS) [8], recently re-

named as Novomodo [9]. In [2] an improvement over CRS called Hierarchical

Certificate Revocation Scheme is suggested .

The Certificate Revocation Tree (CRT) [6] and the Authenticated Dictionary

(AD) [11] are both based on the Merkle Hash Tree (MHT) [7]. The AD is further

discussed in Section 4. The PKIX workgroup of the IETF has proposed the On-

line Certificate Status Protocol (OCSP) [10], where the

SD

is available through

a responder that signs each response that it produces.

4 The Authenticated Dictionary

The AD is based on two data structures: the Merkle Hash Tree (MHT) and the

2-3 tree.

The Merkle Hash Tree (MHT).

The MHT [7] relies on the properties of the OWHF (One Way Hash Functions).

It exploits the fact that a OWHF is at least 10,000 times faster to compute than

a digital signature, so the majority of the cryptographic operations performed in

the revocation system are hash functions instead of digital signatures. A sample

MHT is represented in Fig. 2.

We denote by N i,j the nodes within the MHT where i and j represent re-

spectively the i -th level and the j -th node. We denote by H i,j the cryptographic

Search WWH ::

Custom Search

Home