Evaluation of certificate validation mechanisms

Hormann, T. Perlines; Wrona, Konrad; Holtmanns, Silke

doi:10.1016/j.comcom.2004.12.008

Cited by 27 publications

(33 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Because the life cycle of the short-lived certificate is fixed, the verification of the short-lived certificate needs to check whether the certificate is legal, it does not need to verify whether the certificate expires [9,10]. However, the wireless X.509 certificate not only needs to verify its legitimacy but also to check whether the certificate expires, so the verification of the wireless X.509 certificate needs a more complex certificate verification scheme.…”

Section: Wpki's Certificate Verification Schemementioning

confidence: 99%

“…Therefore, according to the works of [9,10,[12][13][14][15], we improve the certificate verification scheme based on OCSP. In this paper, our contributions are as follows:…”

Section: Our Contributionmentioning

confidence: 99%

“…After receiving the certificate status query request from the OCSP client, the OCSP server queries the local database to obtain the certificate status information, then signs the status response information, and sends it to the OCSP client. The response information includes the certificate status, the time of the certificate update, and the next time of the certificate update [9], where the certificate status has three states, which, respectively, are "good," "revoked (hold)," or "unknown." In the WPKI mechanism, the OCSP scheme is shown in Figure 2: the mobile terminal applies for a transaction to the content server; after obtaining the transaction request, the content server requests the CA certificate and the ARL (Authority Revocation List) from the directory server, and then the directory server sends the CA certificate and the ARL to the mobile terminal and at the same time the content server sends its own certificate to the mobile terminal; after obtaining the CA certificate, the ARL, and the content server certificate, the mobile terminal sends a request to the OCSP server to verify the certificate status of the content server, and then the OCSP server sends the response result to the mobile terminal after querying the certificate status.…”

Section: Wpki's Certificate Verification Schemementioning

confidence: 99%

“…However, the wireless X.509 certificate not only needs to verify its legitimacy but also to check whether the certificate expires, so the verification of the wireless X.509 certificate needs a more complex certificate verification scheme. In the current WPKI mechanism, there are the certificate revocation list (CRL) scheme, the OCSP scheme and other extended schemes based on CRL or OCSP [9,11], where the CRL scheme and the OCSP scheme are widely used.…”

Section: Wpki's Certificate Verification Schemementioning

confidence: 99%

See 3 more Smart Citations

WPKI Certificate Verification Scheme Based on Certificate Digest Signature-Online Certificate Status Protocol

Liu

et al. 2018

Mathematical Problems in Engineering

View full text Add to dashboard Cite

Aiming at the problems of the WPKI certificate verification schemes based on online certificate status protocol (OCSP), this paper proposes a WPKI certificate verification scheme based on the certificate digest signature-online certificate status protocol (CDS OCSP). Compared with the existing schemes, the proposed scheme optimizes the number of communication connections between the communication entities and the network, reduces the consumption of the wireless network bandwidth in the certificate verification process, and uses the elliptic curves cipher-(ECC-) based encrypting/decrypting functions to sign and verify the certificate digest, which ensures the consistency of the verified certificates among the communication entities. The proposed scheme makes the certificate verification process more efficient and secure. The experimental results show that the proposed scheme effectively reduces the communication consumption of the wireless network and saves the storage space of the wireless entities.

show abstract

Section: Wpki's Certificate Verification Schemementioning

confidence: 99%

“…Therefore, according to the works of [9,10,[12][13][14][15], we improve the certificate verification scheme based on OCSP. In this paper, our contributions are as follows:…”

Section: Our Contributionmentioning

confidence: 99%

Section: Wpki's Certificate Verification Schemementioning

confidence: 99%

Section: Wpki's Certificate Verification Schemementioning

confidence: 99%

See 2 more Smart Citations

WPKI Certificate Verification Scheme Based on Certificate Digest Signature-Online Certificate Status Protocol

Liu

et al. 2018

Mathematical Problems in Engineering

View full text Add to dashboard Cite

show abstract

“…The work presented in this paper is motivated by the fact that despite there are many works in the literature that propose and evaluate different mechanisms for distributing revocation data like [2], [3], [4], [5], [6], [7], little work has been done for analyzing the revocation process itself. For instance, many of the previous studies consider very simplistic assumptions about the revocation process like that the percentage of revoked certificates remains always constant.…”

Section: Introductionmentioning

confidence: 99%

A model for revocation forecasting in public-key infrastructures

et al. 2014

View full text Add to dashboard Cite

Abstract-One of the hardest tasks of a certification infrastructure is to manage revocation. This process consists in collecting and making the revocation status of certificates available to users. Research on this topic has focused on the trade-offs that different revocation mechanisms offer. Much less effort has been conducted to understand and model real-world revocation processes. For this reason, in this paper, we present a novel analysis of realworld collected revocation data and we propose a revocation prediction model. The model uses an Autoregressive Integrated Moving Average Model (ARIMA). Our prediction model enables certification authorities to forecast the percentage of revoked certificates.

show abstract

Secure publish/subscribe‐based certificate status validations in mobile ad hoc networks

Màsdàrí

Jabbehdari

Bagherzadeh

2014

Security Comm Networks

View full text Add to dashboard Cite

Freshness of certificate status information is very important in validating public key certificates. However, existing certificate validation schemes suffer from high inconsistency, which makes network vulnerable to various security attacks. In this paper, we propose a new publish/subscribe‐based certificate validation scheme that provides fresh certificate status information in the mobile ad hoc networks. This scheme increases the security of public key infrastructure‐based security systems and improves the scalability of certificate validation systems. Also, according to the simulation results, our solution effectively decreases the processing overheads on responder nodes and reduces the messaging overhead of certificate status validations in mobile ad hoc networks. Copyright © 2014 John Wiley & Sons, Ltd.

show abstract

Evaluation of certificate validation mechanisms

Cited by 27 publications

References 22 publications

WPKI Certificate Verification Scheme Based on Certificate Digest Signature-Online Certificate Status Protocol

WPKI Certificate Verification Scheme Based on Certificate Digest Signature-Online Certificate Status Protocol

A model for revocation forecasting in public-key infrastructures

Secure publish/subscribe‐based certificate status validations in mobile ad hoc networks

Contact Info

Product

Resources

About