Certificate revocation system implementation based on the Merkle Hash Tree

Muñoz Tapia, José Luis; Forné Muñoz, Jorge; Esparza Martín, Óscar; Soriano Ibáñez, Miguel

doi:10.1007/s10207-003-0026-4

View/Open

ijis2004.pdf (1,805Mb) (Restricted access) Request copy

View Usage Statistics

Cita com:

Show full item record

Muñoz Tapia, José Luis

Forné Muñoz, Jorge

Esparza Martín, Óscar

Soriano Ibáñez, Miguel

Document typeArticle

Defense date2004-01

Rights accessRestricted access - publisher's policy

Abstract

Public-key cryptography is widely used to provide Internet security services. The public-key infrastructure (PKI) is the infrastructure that supports the public-key cryptography, and the revocation of certificates implies one of its major costs. The goal of this article is to explain in detail a certificate revocation system based on the Merkle hash tree (MHT) called AD–MHT. AD–MHT uses the data structures proposed by Naor and Nissim in their authenticated dictionary (AD) [20]. This work describes the tools used and the details of the AD–MHT implementation. The authors also address important issues not addressed in the original AD proposal, such as responding to a request, revoking a certificate, deleting an expired certificate, the status checking protocol for communicating the AD–MHT repository with the users, verifying a response, system security, and, finally, performance evaluation.

CitationMuñoz, J. [et al.]. Certificate revocation system implementation based on the Merkle Hash Tree. "International journal of information security", Gener 2004, vol. 2, núm. 2, p. 110-124.

URIhttp://hdl.handle.net/2117/23248

DOI10.1007/s10207-003-0026-4

ISSN1615-5262

Publisher versionhttp://link.springer.com/article/10.1007/s10207-003-0026-4

Collections