Abstract
The public-key is usually made public by way of a digital document called Identity Certificate (IC). ICs are valid during quite long periods of time. However, there are circumstances under which the validity of an IC must be terminated sooner than assigned and thus, the IC needs to be revoked. In this paper, we present practical aspects of a certificate revocation system called Huffman Merkle Hash Tree (HuffMHT). HuffMHT provides an efficient and balanced performance with regards other proposals in the sense that the system does not save bandwidth at the expense of processing capacity and viceversa. Finally, some performance results of HuffMHT are exposed as well.
This work has been supported by the Spanish Research Council under the project ARPA (TIC2003-08184-C02-02) and the European Research Council under the project UBISEC (IST-FP6 506926).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Housley, R., Ford, W., Polk, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and CRL Profile, RFC 2459 (1999)
Huffman, D.: A method for the construction of minimum-redundancy codes. IRE 40(9), 1098–1101 (1952)
ITU/ISO Recommendation. X.509 Information Technology Open Systems Interconnection - The Directory: Autentication Frameworks, Technical Corrigendum (2000)
Iliadis, J., Gritzalis, S., Spinellis, D., de Cock, D., Preneel, B., Gritzalis, D.: Towards a framework for evaluating certificate status information mechanisms. Computer Communications. Elsevier Science 26(16), 1839–1850 (2003)
Kocher, P.C.: On certificate revocation and validation. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 172–177. Springer, Heidelberg (1998)
Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 234–246. Springer, Heidelberg (1990)
Muñoz, J., Forné, J., Esparza, O., Soriano, M.: Certificate Revocation System Implementation Based on the Merkle Hash Tree. International Journal of Information Security (IJIS) 2(2), 110–124 (2004)
Muñoz, J., Forné, J., Esparza, O., Pegueroles, J., Pallares, E.: Reducing the communication overhead of an offline revocation dictionary. In: Katsikas, S.K., López, J., Pernul, G. (eds.) TrustBus 2004. LNCS, vol. 3184, pp. 269–278. Springer, Heidelberg (2004)
Muñoz, J.L., Forné, J., Esparza, O., Soriano, B.M.: CERVANTES – A certificate validation test-bed. In: Katsikas, S.K., Gritzalis, S., López, J. (eds.) EuroPKI 2004. LNCS, vol. 3093, pp. 28–42. Springer, Heidelberg (2004)
Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP, RFC 2560 (1999)
Naor, M., Nissim, K.: Certificate Revocation and Certificate Update. IEEE Journal on Selected Areas in Communications 18(4), 560–561 (2000)
ITU/ISO Recommendation, X.: 509. Information technology Open Systems Interconnection - The Directory: Public Key and Attribute Certificate Frameworks (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Muñoz, J.L., Forné, J., Esparza, O., Rey, M. (2005). Efficient Certificate Revocation System Implementation: Huffman Merkle Hash Tree (HuffMHT). In: Katsikas, S., López, J., Pernul, G. (eds) Trust, Privacy, and Security in Digital Business. TrustBus 2005. Lecture Notes in Computer Science, vol 3592. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11537878_13
Download citation
DOI: https://doi.org/10.1007/11537878_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28224-2
Online ISBN: 978-3-540-31796-8
eBook Packages: Computer ScienceComputer Science (R0)