A New and Scalable Certification Path Discovery Model in the Emerging Global PKI

Establishing trust on certificates across multiple domains requires an efficient certification path discovery algorithm. In this work, we propose and implement a model based on rigorous binary tree algorithm for efficient certification path discovery. Our model has four advantages. First, there is not any bottleneck problem when establishing a certification path. Second, its authentication path is short with no more than two entities intervened. Third not need to inquire about a certificate revolution list. Fourth, it's easy to extend and suitable for large-scale network.

[1]  Henk Meijer,et al.  Certificate Revocation Performance Simulations , 2000 .

[2]  T. Wolfl Public-Key-Infrastructure Based on a Peer-to-Peer Network , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[3]  John Linn,et al.  Understanding Certification Path Construction , 2002 .

[4]  Sean W. Smith,et al.  Modeling and Evaluation of Certification Path Discovery in the Emerging Global PKI , 2006, EuroPKI.

[5]  Ed Dawson,et al.  Virtual certificates and synthetic certificates: new paradigms for improving public key validation , 2003, Comput. Commun..

[6]  Jose L. Muñoz,et al.  CERVANTES - A Certificate Validation Test-Bed , 2004, EuroPKI.

[7]  Ping Luo,et al.  A structured hierarchical P2P model based on a rigorous binary tree code algorithm , 2007, Future Gener. Comput. Syst..

[8]  Thomas Wölfl Public-Key-Infrastructure Based on a Peer-to-Peer Network , 2005, HICSS.

[9]  David R. Karger,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[10]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.

[11]  Loren M. Kohnfelder,et al.  Towards a practical public-key cryptosystem. , 1978 .

[12]  M. Wahl,et al.  Lightweight Directory Access Protocol , 1997 .

[13]  Steve Hanna,et al.  Building Certifications Paths: Forward vs. Reverse , 2001, NDSS.

[14]  Robert Morris,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM 2001.