期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于P2P网络的Over-Issued CRL机制研究 被引量:1

Research of Over-Issued CRL mechanism based on P2P network
下载PDF
导出
摘要 目前关于公钥基础设施(public key infrastructure)中证书撤销问题的主要解决方案是使用X.509证书撤销列表(Certifi-cate Revocation List)来定期发布证书状态信息。现有的发布机制存在CRL存储库峰值负荷过重,导致PKI部署成本过高的问题。通过对Over-Issued CRL模型和P2P技术的分析,给出一种基于P2P网络和Over-Issued CRL发布机制,它结合了上述两种技术的优点,有效降低了CRL存储库峰值负荷。 At present,the main solution scheme in public key infrastructure of certificate revocation problem is to use X.509 certificate revocation list.The existing methods have some problems such that peak load on CRL repository is too heavy to deploy a large-scale PKI with reasonable cost.By analyzing Over-Issued CRL model and P2P network,an approach to distribute CRL is given based on the above models.It combines the advantages of above two models,reduces the peak load of CRL repository effectively.
作者 邱钊 陈明锐
机构地区 海南大学信息科学技术学院
出处 《计算机工程与应用》 CSCD 北大核心 2011年第1期80-82,88,共4页 Computer Engineering and Applications
基金 海口市重点科技计划项目(No.2009-038)
关键词 证书撤销列表 公钥基础设施 过量发布证书撤消列表 Certificate Revocation Lis(tCRL) Public Key Infrastructure(PKI) Over-Issued CRL
分类号 TP309.2 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献13

  • 1Intemet X.509 Public Key Infrastructure PKIX roadmap[EB/OL]. ( 1999-10-22 ) .http ://tools .let f.org/html/draft-iet f-pkix-roadmap-04.
  • 2Berkovits S, Chokhani S,Furlong J A, et al.Public key infrastructure study: Final report[R].MITRE Corporation for NIST, 1994,.
  • 3Hourly R, Ford W,Polk W,et al.RFC2459 Intemet X.509 public key infrastructure certificate and CRL profile[S/OL].IETF.2009. http://www.ietf.org/r fc/rfc2459.html.
  • 4Ames A, Just M, Knapskong S J, et al.Selecting revocation solution for PKI[C]//Proc of the 5th Nordic Workshop on Secure IT Systems(NORDSEC 2000),Reykjavik,Ieeland,2000:360-376.
  • 5Cooper D A.A more efficient use of Delta-CRLs[C]//Proceedings of the 2000 IEEE Symposium on Security and Privacy, 2000 :190-202.
  • 6Cooper D A.A model of certificate revocation[C]//Proceedings of the 15th Annual Computer Security Applications Conference, 1999: 256-264.
  • 7谭良,佘堃,周明天.CRL增量-过量发布综合模型研究[J].计算机科学,2005,32(4):133-136. 被引量:10
  • 8Wolff T.Public-Key-Infrastrucmre based on a Peer-to-Peer network[C]//Proceedings of the 38th Annual Hawaii International Conference on System Sciences,2005.
  • 9刘聆,贾焰,陈玉教.基于P2P的数字证书撤销列表更新方案及性能分析[J].计算机工程与科学,2007,29(2):24-25. 被引量:1
  • 10高迎,程涛远,王珊.对等网信任管理模型及安全凭证回收方法的研究[J].计算机学报,2006,29(8):1282-1289. 被引量:8

二级参考文献27

  • 1王珊,高迎,程涛远,张坤龙.服务网格环境下基于行为的双层信任模型的研究[J].计算机应用,2005,25(9):1974-1977. 被引量:19
  • 2高迎,程涛远,王珊.基于Hilbert曲线的许可证存储策略及查找算法[J].软件学报,2006,17(2):305-314. 被引量:20
  • 3Adams C, Farrell S. RFC2510 Internet X. 509 Public Key Infrastructure Certificate Management Protocols [s]. RFC2510, Internet Engineer TaskForce,March 1999
  • 4Rivest R L. Can we eliminate certificate revocation lists. In:Rafael H, ed. Financial Cryptography. Anguilla, 1998. British West Indies: Springer, 1997.178~ 183
  • 5Hously R, Ford W, Polk W, et al. Internet X. 509 public key infrastructure certificate and CRL profile. IETFRFC2459, 1999.http: //www. ietf. org/rfc/rfc2459. html
  • 6Micali S. Efficient certificate revocation. TechnicalMemory, MIT/LCS/TM-5426,1996. http://www. lcs. mit. edu/pub-lications
  • 7Kocher P. On certificate revocation and validation. In:Hirschfeld,R., ed. Financial Cryptography-FC'98. LNCS1465, Berlin:Springer-Verlag, 1998. 171 ~177
  • 8Moni Naor, Kobbi Nissim. Certificate revocation and certificate update. IEEE Journal on Selected Areasin Communications, 2000,18(1):561~170
  • 9Arnes A, Just M, Knapskong S J, et al. Selecting revocation solutions for PKI. Paper Submitted to NORSEC2000, 2000
  • 10Cooper D A. A more efficient use of Delta-CRLs. In:Proc. of the 2000 IEEE Symposium on Security and Privacy,2000. 190~202

共引文献16

同被引文献9

  • 1Internet X.509 Public Key Infrastructure PKIX Roadmap[EB/OL],《draft-ietf-pkix-roadmap-04》,October 22,1999.
  • 2Berkovits S.Chokhani S,Furlong J A,et al.Public Key Infra-structure Study:Final Report[R].MITRE Corporation for NIST.1994.
  • 3Myers M,Anlcney R,Malpani A,et al.X.509 Internet Public Key Infrastructure Online Certificate Status Protocol-OCSP[EB/OL].RFC2560.1999.
  • 4Ames A.Just M,Knapskong S J,et al.Selecting revocation solutione for PKI[C].Paper Submitted to NORSEC2000,2000.
  • 5David A.Cooper,A More Efficient Use of Delta-CRLs[C],the Proceedings of the 2000 IEEE Symposium on Security and Privacy,Pages 190-202,May 2000.
  • 6David A.Cooper,A Model of Certificate Revocation[C],Proceedings of the Fifteenth Annual Computer Security Applications Conference,Pages 256-264,December 1999.
  • 7Zhao Qiu,Mingrui Chen,Jun Huang.A Study on CRL Issue by P2P Network[C],2010.Proceedings of the 3th International Symposium on Intelligent Information Technology and Security Informatics on 2-4 April 2010 Page(s):526-529.
  • 8David A C.A closer look at revocation and key public key inEraetructurea[C].http://csrc.nist.gov/nissc/1998/ proceedings/paperG2.pdf,1998-10-11.
  • 9Jun Huang,Tao Yin,Zhao Wang,Zhao Qiu.Feasibility and Efficiency Analysis of Distributing the Certificate Revocation List by P2P Network[C],2009.Proceedings of Second International Symposium on Knowledge Acquisition and Modeling on 30 November 2009 Page(s):387-390.

引证文献1

二级引证文献1

计算机工程与应用
2011年 第1期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部