Dividing PKI in strongest availability zones

Key management involves two aspects: key distribution and key revocation. This paper presents the geographic server distributed model for key revocation which concerns about the security and performance of the system. The concept presented in this paper is more reliable, faster and scalable than the existing revocation techniques used in Public Key Infrastructure (PKI) framework in various countries, as it optimises key authentication in a network. It proposes auto-seeking of a geographically distributed certifying authority's key revocation server, which holds the revocation lists by the client, based on the best service availability. The network is divided itself into the strongest availability zones (SAZ), which automatically allows the new receiver to update the address of the authentication server and replace the old address with the new address of the SAZ, in case it moves to another location in the zone, or in case the server becomes unavailable in the same zone. Our scheme eases out the revocation mechanism and enables key revocation in the legacy systems.

[1]  Rebecca N. Wright,et al.  Certificate revocation the responsible way , 1998, Proceedings Computer Security, Dependability, and Assurance: From Needs to Solutions (Cat. No.98EX358).

[2]  Moni Naor,et al.  Certificate revocation and certificate update , 1998, IEEE Journal on Selected Areas in Communications.

[3]  Ning Zhang,et al.  Revocation invocation for accountable anonymous PKI certificate trees , 2004, Proceedings. ISCC 2004. Ninth International Symposium on Computers And Communications (IEEE Cat. No.04TH8769).

[4]  Sean W. Smith,et al.  Distributing security-mediated PKI , 2004, International Journal of Information Security.

[5]  David A. Cooper,et al.  A model of certificate revocation , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[6]  David A. Cooper A more efficient use of delta-CRLs , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[7]  Ueli Maurer New approaches to digital evidence , 2004, Proceedings of the IEEE.

[8]  Hyoung-Jun Kim,et al.  The autoconfiguration of recursive DNS server and the optimization of DNS name resolution in hierarchical mobile IPv6 , 2003, 2003 IEEE 58th Vehicular Technology Conference. VTC 2003-Fall (IEEE Cat. No.03CH37484).

[9]  Ju-Sung Kang,et al.  An efficient key distribution scheme with self-healing property , 2005, IEEE Communications Letters.