Certificate revocation system implementation based on the Merkle Hash Tree
Tipo de documentoArtículo
Fecha de publicación2004-01
Condiciones de accesoAcceso restringido por política de la editorial
Public-key cryptography is widely used to provide Internet security services. The public-key infrastructure (PKI) is the infrastructure that supports the public-key cryptography, and the revocation of certificates implies one of its major costs. The goal of this article is to explain in detail a certificate revocation system based on the Merkle hash tree (MHT) called AD–MHT. AD–MHT uses the data structures proposed by Naor and Nissim in their authenticated dictionary (AD) . This work describes the tools used and the details of the AD–MHT implementation. The authors also address important issues not addressed in the original AD proposal, such as responding to a request, revoking a certificate, deleting an expired certificate, the status checking protocol for communicating the AD–MHT repository with the users, verifying a response, system security, and, finally, performance evaluation.
CitaciónMuñoz, J. [et al.]. Certificate revocation system implementation based on the Merkle Hash Tree. "International journal of information security", Gener 2004, vol. 2, núm. 2, p. 110-124.
Versión del editorhttp://link.springer.com/article/10.1007/s10207-003-0026-4