期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于CA缓存的快速公钥基础设施认证 被引量:1

Fast public key infrastructure authentication based on CA caching
原文传递
导出
摘要 公钥基础设施(PKI)通过公钥算法来实现身份认证和密钥交换,但由于其采用集中管理的模式,容易成为网络访问的瓶颈。为了解决PKI存在的效率问题,提出一种缓存认证模式。该模式结合了对称根密钥缓存和公钥证书缓存的优点,并将缓存认证扩展到认证中心(CA)与认证中心之间,以增加缓存信息的复用率。同时,通过引入改进的证书撤销列表(CRL)查询机制,提高CRL查询的效率。性能分析结果表明:与通用的X.509协议相比,CA缓存认证可以有效减少认证过程中的CRL查询及网络通信的次数。该认证模式在缓解PKI瓶颈问题的同时,较好地保证了认证的安全性和完整性。 Public key infrastructures (PKI) achieve authentication and key exchange by utilizing public key cryptography; however, the system's centralized models tend to be the bottleneck in the network. To improve PKI efficiency, a caching authentication model was developed. The model takes advantage of symmetric root key caching and public key certificates caching, with the caching authentication extended to among the certification authorities (CA) to increase re-usage of cached information. An improved certificate revocation list (CRL) look-up mechanism is introduced to enhance CRL look-up efficiency. Performance analyses show that, compared with the common X. 509 protocol, the CA caching authentication effectively reduces the CRL .look-up times and network communications in the authentication procedures. The authentication model eases bottlenecks for PKI frameworks, while guaranteeing authentication security and integrity.
作者 周海建 罗平 王道顺 戴一奇
机构地区 清华大学计算机科学与技术系
出处 《清华大学学报(自然科学版)》 EI CAS CSCD 北大核心 2008年第7期1160-1164,共5页 Journal of Tsinghua University(Science and Technology)
基金 国家自然科学基金资助项目(90304014) 国家“九七三”基础研究项目(2003CB314805) 清华大学信息科学技术学院基础研究基金资助
关键词 公钥基础设施(PKI) CA缓存认证 CRL查询 public key infrastructures (PKI) certification authorities (CA) caching authentication certificate revocation list (CRL) look-up
分类号 TP3 [自动化与计算机技术—计算机科学与技术]
  • 相关文献

参考文献8

  • 1Adams C, Lloyd S. Understanding Public Key Infrastructure: Concepts, Standards and Deployment Considerations[M]. Indiana, USA: Sams, 1999.
  • 2Perlman R. An overview of PKI trusts models [J].IEEE Network, 1999, 13(6): 38-43.
  • 3Housley R, Polk W, Ford W, et al. Internet X. 509 public key infrastructure certificate and certificate revocation list (CRL) profile [S]. RFC3280. Virginia, USA: IETF&IAB, 2002.
  • 4Lopez J, Oppliger R, Pernul G. Why publie key infrastructures have failed so far? [J]. Internet Research, Emerald, 2005, 15(5), 544-556.
  • 5Adams C, Zuccherato R, A general, flexible approach to certificate revocation [EB/OL]. (2006-01-26). http:// www. entrust.com/resourcecenter/pdf/certrev.pdf.
  • 6Myers M, Ankney R, Malpani A, et al. Internet X. 509 Public Key Infrastructure, Online Certificate Status Protocol[S]. Virginia, USA: IETF PKIX Working Group, 1999.
  • 7李新,张振涛,杨义先.公钥证书撤消机制综述[J].通信学报,2003,24(9):109-116. 被引量:4
  • 8Iliadis J, Gritzalis S, Spinellis D, et al. Towards a framework for evaluating certificate status information mechanisms [J]. Computer Communications, 2003, 26 (16) : 1839 - 1850.

二级参考文献24

  • 1ARNES A, .IUST M, KNAPSKOG S, et aL Selecting revocation solutions for PKI[EB/OL]. URL: http:// www.pvv.ntnu.no/-andrearn/certrev/crpaper_final_fullpage.ps. 2001.
  • 2MYERS M. Revocation: options and challengs[A]. Proc Financial Cryptography FC'98[C]. 1998; 165-171.
  • 3KOCHER P. On certificate revocation and validation[A]. Proc Financial Cryptography FC'98[C]. 1998. 172-177.
  • 4MCDANIEL P, JAMIN S. Windowed certificate revocation[A]. Proc IEEE INFORCOM2000[C]. 2000. 1406-1414.
  • 5MILLEN J, WRIGHT R. Certificate revocation the responsible way[A]. Proc Computer Security, Dependability, and Assurance[C].1999. 196-203.
  • 6RFC 2560, Internet, X.509 Public Key Infrastructure Online Certificate Status Protocol - OCSP[S]. 1999.
  • 7HALLAM E OCSP Extensions[S]. IETF Internet Draft, 1999.
  • 8MALPANI A, HOFFMAN P. Simple Certificate Validation Protocol[S]. IETF Internet Draft, 1999.
  • 9ADAMS C, ZUCCHERATO R. Data Certification Server Protocol[S]. IETF Internet Draft, 1998.
  • 10MICALI S. Efficient Certificate Revocation[R]. Technical Report TM-542, MIT, 1996.

共引文献3

同被引文献9

  • 1EPC Information Services (EPCIS) Version 1.0. 1 [ S/OL]. http:// www. epcglobalus, org/.
  • 2EPC global Object Name Service (ONS) 1.0. 1 [S/OL]. http:// www. epcglobalus, org/.
  • 3EPC global Certificate Profile Specification[ S/OL]. 2nd ed. http:// www. epcglobalus, org/.
  • 4Liu Bing, Chu Chao-Hsien. Security Analysis of EPC-Enabled RFID Network [ C ]//IEEE International Conference on RFiD-Technology and Applications, 2010.
  • 5Kim Taesung, Kim Howon. Authorization Policy for Middleware in RFID System[ C]. IEEE, 2006.
  • 6Sun Ji~g, Ma Yu-jian. A Study on the Design and Implementation of EPCIS Trust Model [ C ]//2008 International Conference on Computer Science and Software Engineering, 2008.
  • 7Li Xun, Yoo Sang Bong, Extended Role-Based Security System using Context Informal.ion [ C ]//2008 Second International Conference on Future Generation Communication and Networking, 2008.
  • 8周彦伟,吴振强.TA-ONS——新型的物联网查询机制[J].计算机应用,2010,30(8):2202-2206. 被引量:4
  • 9韩道军,高洁,翟浩良,李磊.访问控制模型研究进展[J].计算机科学,2010,37(11):29-33. 被引量:32

引证文献1

二级引证文献11

清华大学学报(自然科学版)
2008年 第7期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部