Beacon certificate push revocation

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Beacon certificate push revocation

Full text

Pdf (194 KB)

Source

Conference on Computer and Communications Security archive
Proceedings of the 2nd ACM workshop on Computer security architectures table of contents

Alexandria, Virginia, USA

SESSION: Network security architecture table of contents

Pages 59-66

Year of Publication: 2008

ISBN:978-1-60558-300-6

Author

Jon A. Solworth

University of Illinois at Chicago, Chicago, IL, USA

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 3, Downloads (12 Months): 80, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1456508.1456519 What is a DOI?

ABSTRACT

Authentication information is best localized. Local sources of authentication information are better able to physically identify users, provide authoritative information on them, adequately protect authentication information and infrastructure, and ato provide high quality authentication at an affordable cost.

We consider here the problem of public key authentication using a potentially large number of local Certificate Authorities (CAs). The information provided by these CAs is federated together to create a large-scale distributed authentication base. One of the key problems in doing so is certificate revocation. Efficient mechanisms are described for certificate revocation when there are many CAs and we provide some measures on their efficiency.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Y. Elley, A. Anderson, S. Hanna, S. Mullan, R. Perlman, and S. Proctor. Building certification paths: Forward vs. reverse. In Proc. of the Symp. on Network and Distributed Systems Security (NDSS), San Diego, CA, 2001. Internet Society.
	2	Armando Fox , Eric A. Brewer, Harvest, Yield, and Scalable Tolerant Systems, Proceedings of the The Seventh Workshop on Hot Topics in Operating Systems, p.174, March 28-30, 1999
	3	Seth Gilbert , Nancy Lynch, Brewer's conjecture and the feasibility of consistent, available, partition-tolerant web services, ACM SIGACT News, v.33 n.2, June 2002 [doi>10.1145/564585.564601]
	4	Vipul Goyal. Certificate revocation using fine grained certificate space patitioning. In Financial Cryptography and Data Security Conference, 2007.
	5	Peter Gutman, PKI: It's Not Dead, Just Resting, Computer, v.35 n.8, p.41-49, August 2002 [doi>10.1109/MC.2002.1023787]
	6	Peter Gutmann. Drawing lessons. In 3rd PKI workshop, 2004. Invited talk.
	7	Paul C. Kocher, On Certificate Revocation and Validation, Proceedings of the Second International Conference on Financial Cryptography, p.172-177, February 23-25, 1998
	8	Leslie Lamport, Password authentication with insecure communication, Communications of the ACM, v.24 n.11, p.770-772, Nov. 1981 [doi>10.1145/358790.358797]
	9	Ralph C. Merkle, A Digital Signature Based on a Conventional Encryption Function, A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology, p.369-378, August 16-20, 1987
	10	S. Micali, Efficient Certificate Revocation, Massachusetts Institute of Technology, Cambridge, MA, 1996
	11	Silvio Micali. Efficient certificate revocation. In Proceedings 1197 RSA Data Security Conference, 1997.
	12	Silvio Micali. NOVOMODO: Scalable certificate validation and simplified PKI management. In 1st PKI Workshop, 2002.
	13	Online certificate status protocol, version 2. Working document of the Internet Engineering Task Force (IETF).
	14	D.D. Redell and R.S. Fabry. Selective revocation of capabilities. In Proceedings of the International Workshop on Protection in Operating Systems, pages 197--209, August 1974.
	15	R. L. Rivest , A. Shamir , L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM, v.21 n.2, p.120-126, Feb. 1978 [doi>10.1145/359340.359342]
	16	Ronald L. Rivest, Can We Eliminate Certificate Revocations Lists?, Proceedings of the Second International Conference on Financial Cryptography, p.178-183, February 23-25, 1998
	17	Jon A. Solworth, Instant Revocation, Proceedings of the 5th European PKI workshop on Public Key Infrastructure: Theory and Practice, June 16-17, 2008, Trondheim, Norway [doi>10.1007/978-3-540-69485-4_3]
	18	Jennifer G. Steiner, B. Clifford Neuman, and J. I. Schiller. Kerberos: An authentication service for open network systems. In Winter 1988 USENIX Conference, pages 191--201, Dallas, TX, 1988.
	19	S. G. Stubblebine, Recent-secure authentication: enforcing revocation in distributed systems, Proceedings of the 1995 IEEE Symposium on Security and Privacy, p.224, May 08-10, 1995
	20	M. Zhao and S.W. Smith. Modeling and evaluation of certification path discovery in the emerging global PKI. In Public Key Infrastructure: EuroPKI 2006. Springer-Verlag LNCS., 2006.