论文信息 - A State-Based Model for Certificate Management Systems

A State-Based Model for Certificate Management Systems

A Certificate Management System (CMS) is used to generate, distribute, store and verify certificates. It supports secure electronic communication through its functions. This paper presents a state-based model for certificate management systems. The axiomatization of CMS structures and the security policy followed by CMSs is discussed. The main functions of a CMS, including certificate issuing, certificate revocation and certificate rekeying, are formally described through transitions that change states of the CMS. A major CMS client function, certificate verification, is also formally discussed. With this model, an approach to the formal specification of the structure and behavior of a CMS is provided. The approach is very general, and would be useful in guiding the developer and the evaluator of a CMS with the design, analysis and implementation of the system.

[1] Lawrence C. Paulson,et al. The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[2] T. Elgamal. A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[3] Russ Housley,et al. Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.

[4] Maris A. Ozols,et al. Proof Tactics for a Theory of State Machines in a Graphical Environment , 1997, CADE.

[5] Nada Kapidzic Cicovic. Extended certificate management system : design and protocols , 1997 .

[6] W. Ford,et al. Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption , 2000 .

[7] Warwick Ford. Advances in public-key certificate standards , 1995, SGSC.

[8] Simon S. Lam,et al. Authorizations in Distributed Systems: A New Approach , 1993, J. Comput. Secur..

[9] Nada Kapidzic. Creating security applications based on The Global Certificate Management System , 1998, Comput. Secur..

[10] P. Metzger,et al. Network Working Group , 2000 .