Please use this identifier to cite or link to this item:
http://drsr.daiict.ac.in//handle/123456789/64
Title: | Technique to improve revocation mechanism and enhancement of CA's services |
Authors: | Jadhav, Ashish Thacker, Grishma D. |
Keywords: | Certificate revocation list Certification authority Cryptography Public key infrastructure Publics key cryptography |
Issue Date: | 2004 |
Publisher: | Dhirubhai Ambani Institute of Information and Communication Technology |
Citation: | Thacker, Grishma D. (2004). Technique to improve revocation mechanism and enhancement of CA's services. Dhirubhai Ambani Institute of Information and Communication Technology, iv, 54 p. (Acc.No: T00027) |
Abstract: | Public Key Cryptography [PKC] is becoming popular in the world of security because of its promising features like authentication and non-repudiation along with integrity and data confidentiality. It has been possible to achieve an electronic equivalent of hand written signatures that are considered to be the most common method of providing identity proof in a non-electronic world, thanks to PKC techniques. Public Key Infrastructure [PKI] is a technology that supports PKC to achieve its intended services by implementing PKC concepts. It is considered to be one of the potential technologies for the future of e-business and e-governance. Digital certificates are one of the most important components of PKI. They are issued and signed by a trusted third party named Certification Authority to provide trust worthy binding between the entity and its public key, thus, they impute trust in the public key of a claimant. The certificate has predefined validity period after which they expire. But sometimes during its valid lifetime due to certain events, the certificate doesn't remain valid. A need arises to declare its invalidity implying withdrawal of trust that was imputed in it at the time of issuance. This event is called 'revocation' of the certificate. The information regarding this event of revocation has to propagate to the entire community that might use the certificate in question for its important transaction. 'Certificate Revocation' is one of the key issues in PKI because security of any transaction relies on the validity of the certificate used in it. Hence, the status of these certificates in terms of 'valid' / 'non- valid' becomes important information to be processed, conveyed, acquired, and managed securely. There are many mechanisms proposed for the certificate revocation information distribution. My primary concern is to focus on some of these mechanisms and to provide some solution for this problem. I've proposed a method named "Staggered CRLs". It uses delta CRLs and shows how a CA can avoid generation of signature over the voluminous CRL and still can provide more timely information than the traditional CRL. CRLs are issued along with delta CRLs with 'slight' modification. The method avoids prefixing of next update time of CRL and makes it dynamic based on some other criteria. It provides more timely information at lesser frequency of CRL. My second proposal is about how a CA can enhance its services to the user community. I suggest to go beyond merely providing revocation information about the certificate and to add more value to the CA services by providing further information about the certificates. |
URI: | http://drsr.daiict.ac.in/handle/123456789/64 |
Appears in Collections: | M Tech Dissertations |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
200211036.pdf Restricted Access | 293.21 kB | Adobe PDF | View/Open Request a copy |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.