Part of the book series:Lecture Notes in Computer Science ((LNSC,volume 4043))
Included in the following conference series:
593Accesses
Abstract
Establishing trust on certificates across multiple domains requires an efficient certification path discovery algorithm. Previously, small exmaples are used to analyze the performance of certification path discovery. In this work, we propose and implement a simulation framework and a probability search tree model for systematic performance evaluation. Built from measurement data collected from current PKI systems in development and deployment over more than 10 countries, our model is (to the best of our knowledge) the largest simulated PKI architecture to-date.
This is a preview of subscription content,log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Årnes, A., Just, M., Lloyd, S., Meijer, H.: Certificate Revocation Performance Simulations. Project paper (June 2000)
Brazilian Government PKI System,http://www.icpbrasil.gov.br/
CertiPath: Enabling Trusted Communication,http://www.certipath.com
Certification Path Library (CPL). Cygnacom Solutions,http://www.cygnacom.com/products/index.html#cpl
Domain Modeling Language (DML) Reference Manual,http://www.ssfnet.org/SSFdocs/dmlReference.html
Elley, Y., Anderson, A., Hanna, S., Mullan, S., Perlman, R., Proctor, S.: Building Certification Paths: Forward vs. Reverse. In: The 10th Annual Network and Distributed Systems Security Symposium (NDSS 2001) (February 2001)
EuroPKI Top Level Certification Authority,http://www.europki.org/ca/root/en_index.html
Federal Bridge Certification Authority,http://www.cio.gov/fbca/
Higher Education Bridge Certification Authority (HEBCA)-Transforming Education Through Information Technologies,http://www.educause.edu/hebca/
Housley, R., Polk, W., Ford, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and CRL Profile. RFC3280 (April 2002),http://www.ietf.org/rfc/rfc3280.txt
Iliadis, J., Gritzalis, S., Spinellis, D., de Cock, D., Preneel, B., Gritzalis, D.: Towards a Framework for Evaluating Certificate Status Information Mechanisms. Computer Communications 26(16), 1839–1850 (2003)
Iliadis, J., Spinellis, D., Gritzalis, D., Preneel, B., Katsikas, K.: Evaluating Certificate Status Information Mechanisms. In: Proceedings of the 7th ACM conference on Computer and Communications Security (CCS 2000), pp. 1–8. ACM Press, New York (2000)
CoreStreet Inc. Distributed Path Validation-Massive Scalability for Federated PKIs. Presentation st FBCA Path Discovery & Validation Working Group (August 2004)
Kohnfelder, L.M.: Toward a Practical Public-Key Cryptosystem. Bachelor’s thesis, Dept. Electrical Engineering. MIT, Cambridge (1978)
Lloyd, S.: Understanding Certification Path Construction. PKI Forum White Paper (September 2002)
Muñoz, J.L., Forné, J., Esparza, O., Soriano, B.M.: CERVANTES – A Certificate Validation Test-Bed. In: Katsikas, S.K., Gritzalis, S., López, J. (eds.) EuroPKI 2004. LNCS, vol. 3093, pp. 28–42. Springer, Heidelberg (2004)
Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol. RFC2560 (June 1999),http://www.ietf.org/rfc/rfc2560.txt
Ogielski, A.T., Cowie, J.H.: SSFNet: Scalable Simulation Framework- Network Models,http://www.ssfnet.org, Seehttp://www.ssfnet.org/publications.html for links to related publications
Russell, S., Dawson, E., Okamoto, E., Lopez, J.: Virtual Certificates and Synthetic Certificates: New Paradigms for Improving Public Key Validation. Elsevier Computer Communications 26, 1826–1838 (2003)
SAFE Bridge Certification Authority TEST Environment. SAFE-BioPharma Association,http://www.safe-biopharma.org/
MitreTek Systems. Certificate Arbitrator Module,http://cam.mitretek.org/cam/
USHER: The Root Certificate Authority for Trust in Higher Education Research and Education,http://usher.internet2.edu
Wahl, M., Howes, T., Kille, S.: Lightweight Directory Access Protocol (v3). RFC2551 (March 1997),http://www.ietf.org/rfc/rfc2251.txt
Zhao, M.: Performance Evaluation of Distributed Security Protocols Using Discrete Event Simulation. PhD thesis, Dartmouth College, Hanover, NH, TR2005-559 (October 2005)
Author information
Authors and Affiliations
Communications Technology Lab, Intel Corporation, Hillsboro, OR, 97124, USA
Meiyuan Zhao
Department of Computer Science, Dartmouth College, Hanover, NH, 03755, USA
Sean W. Smith
- Meiyuan Zhao
You can also search for this author inPubMed Google Scholar
- Sean W. Smith
You can also search for this author inPubMed Google Scholar
Editor information
Editors and Affiliations
Dip. di Automatica ed Informatica, Politecnico di Torino, Corso Duca degli Abruzzi, 24, 10129, Turin, Italy
Andrea S. Atzeni
Dip. Di Automatica e Informatica, Politecnico di Torino, Corso Duca degli Abruzzi 24, 10129, Torino, Italy
Antonio Lioy
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhao, M., Smith, S.W. (2006). Modeling and Evaluation of Certification Path Discovery in the Emerging Global PKI. In: Atzeni, A.S., Lioy, A. (eds) Public Key Infrastructure. EuroPKI 2006. Lecture Notes in Computer Science, vol 4043. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11774716_2
Download citation
Publisher Name:Springer, Berlin, Heidelberg
Print ISBN:978-3-540-35151-1
Online ISBN:978-3-540-35152-8
eBook Packages:Computer ScienceComputer Science (R0)
Share this paper
Anyone you share the following link with will be able to read this content:
Sorry, a shareable link is not currently available for this article.
Provided by the Springer Nature SharedIt content-sharing initiative