Title :
Security aspects in standard certificate revocation mechanisms: a case study for OCSP
Author :
Berbecaru, Diana ; Lioy, Antonio ; Marian, Marius
Author_Institution :
Dipt. di Automatica e Informatica, Politecnico di Torino, Italy
Abstract :
One of the highly sensitive problems that need careful consideration when employing public-key technology in IT systems is the validation of the digital certificates used. In particular, one of the steps that must be performed is checking the revocation status of the certificate. With real-time revocation checking, a PKI-enabled system that needs to validate a certificate executes an on-line transaction with a specialized server - designated by a certification authority to provide signed responses containing certificate status information. At the end of the transaction, an indication of the current revocation status of the certificate is returned. This paper presents the implementation of a system providing online certificate status service to end entities and proposes a simple OCSP (on-line certificate status protocol) client API which can be easily integrated into PKI-aware applications with the aim of performing on-line revocation-checking. Finally, the implementation´s performance was measured and the acquired results are presented and analyzed.
Keywords :
Internet; application program interfaces; certification; message authentication; protocols; public key cryptography; API; Internet; certification authority; on-line certificate status protocol; public-key cryptography; public-key infrastructures; security aspects; standard certificate revocation; Certification; Communication system security; Computer aided software engineering; Counterfeiting; IP networks; Performance analysis; Protection; Public key; Public key cryptography; Real time systems;
Conference_Titel :
Computers and Communications, 2002. Proceedings. ISCC 2002. Seventh International Symposium on
Print_ISBN :
0-7695-1671-8
DOI :
10.1109/ISCC.2002.1021719
