Skip to main content
SpringerLink
Log in
Book cover

European Public Key Infrastructure Workshop

EuroPKI 2006: Public Key Infrastructure pp 16–30Cite as

Modeling and Evaluation of Certification Path Discovery in the Emerging Global PKI

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNSC,volume 4043)

Abstract

Establishing trust on certificates across multiple domains requires an efficient certification path discovery algorithm. Previously, small exmaples are used to analyze the performance of certification path discovery. In this work, we propose and implement a simulation framework and a probability search tree model for systematic performance evaluation. Built from measurement data collected from current PKI systems in development and deployment over more than 10 countries, our model is (to the best of our knowledge) the largest simulated PKI architecture to-date.

Keywords

  • Search Tree
  • Simulation Framework
  • Path Discovery
  • Algorithm Option
  • Building Direction

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (Canada)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (Canada)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (Canada)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Årnes, A., Just, M., Lloyd, S., Meijer, H.: Certificate Revocation Performance Simulations. Project paper (June 2000)

    Google Scholar 

  2. Brazilian Government PKI System, http://www.icpbrasil.gov.br/

  3. CertiPath: Enabling Trusted Communication, http://www.certipath.com

  4. Certification Path Library (CPL). Cygnacom Solutions, http://www.cygnacom.com/products/index.html#cpl

  5. Domain Modeling Language (DML) Reference Manual, http://www.ssfnet.org/SSFdocs/dmlReference.html

  6. Elley, Y., Anderson, A., Hanna, S., Mullan, S., Perlman, R., Proctor, S.: Building Certification Paths: Forward vs. Reverse. In: The 10th Annual Network and Distributed Systems Security Symposium (NDSS 2001) (February 2001)

    Google Scholar 

  7. EuroPKI Top Level Certification Authority, http://www.europki.org/ca/root/en_index.html

  8. Federal Bridge Certification Authority, http://www.cio.gov/fbca/

  9. Higher Education Bridge Certification Authority (HEBCA)-Transforming Education Through Information Technologies, http://www.educause.edu/hebca/

  10. Housley, R., Polk, W., Ford, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and CRL Profile. RFC3280 (April 2002), http://www.ietf.org/rfc/rfc3280.txt

  11. Iliadis, J., Gritzalis, S., Spinellis, D., de Cock, D., Preneel, B., Gritzalis, D.: Towards a Framework for Evaluating Certificate Status Information Mechanisms. Computer Communications 26(16), 1839–1850 (2003)

    CrossRef  Google Scholar 

  12. Iliadis, J., Spinellis, D., Gritzalis, D., Preneel, B., Katsikas, K.: Evaluating Certificate Status Information Mechanisms. In: Proceedings of the 7th ACM conference on Computer and Communications Security (CCS 2000), pp. 1–8. ACM Press, New York (2000)

    CrossRef  Google Scholar 

  13. CoreStreet Inc. Distributed Path Validation-Massive Scalability for Federated PKIs. Presentation st FBCA Path Discovery & Validation Working Group (August 2004)

    Google Scholar 

  14. Kohnfelder, L.M.: Toward a Practical Public-Key Cryptosystem. Bachelor’s thesis, Dept. Electrical Engineering. MIT, Cambridge (1978)

    Google Scholar 

  15. Lloyd, S.: Understanding Certification Path Construction. PKI Forum White Paper (September 2002)

    Google Scholar 

  16. Muñoz, J.L., Forné, J., Esparza, O., Soriano, B.M.: CERVANTES – A Certificate Validation Test-Bed. In: Katsikas, S.K., Gritzalis, S., López, J. (eds.) EuroPKI 2004. LNCS, vol. 3093, pp. 28–42. Springer, Heidelberg (2004)

    CrossRef  Google Scholar 

  17. Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol. RFC2560 (June 1999), http://www.ietf.org/rfc/rfc2560.txt

  18. Ogielski, A.T., Cowie, J.H.: SSFNet: Scalable Simulation Framework- Network Models, http://www.ssfnet.org , See http://www.ssfnet.org/publications.html for links to related publications

  19. Russell, S., Dawson, E., Okamoto, E., Lopez, J.: Virtual Certificates and Synthetic Certificates: New Paradigms for Improving Public Key Validation. Elsevier Computer Communications 26, 1826–1838 (2003)

    Google Scholar 

  20. SAFE Bridge Certification Authority TEST Environment. SAFE-BioPharma Association, http://www.safe-biopharma.org/

  21. MitreTek Systems. Certificate Arbitrator Module, http://cam.mitretek.org/cam/

  22. USHER: The Root Certificate Authority for Trust in Higher Education Research and Education, http://usher.internet2.edu

  23. Wahl, M., Howes, T., Kille, S.: Lightweight Directory Access Protocol (v3). RFC2551 (March 1997), http://www.ietf.org/rfc/rfc2251.txt

  24. Zhao, M.: Performance Evaluation of Distributed Security Protocols Using Discrete Event Simulation. PhD thesis, Dartmouth College, Hanover, NH, TR2005-559 (October 2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Communications Technology Lab, Intel Corporation, Hillsboro, OR, 97124, USA

    Meiyuan Zhao

  2. Department of Computer Science, Dartmouth College, Hanover, NH, 03755, USA

    Sean W. Smith

Authors
  1. Meiyuan Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sean W. Smith
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dip. di Automatica ed Informatica, Politecnico di Torino, Corso Duca degli Abruzzi, 24, 10129, Turin, Italy

    Andrea S. Atzeni

  2. Dip. Di Automatica e Informatica, Politecnico di Torino, Corso Duca degli Abruzzi 24, 10129, Torino, Italy

    Antonio Lioy

Rights and permissions

Reprints and Permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Zhao, M., Smith, S.W. (2006). Modeling and Evaluation of Certification Path Discovery in the Emerging Global PKI. In: Atzeni, A.S., Lioy, A. (eds) Public Key Infrastructure. EuroPKI 2006. Lecture Notes in Computer Science, vol 4043. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11774716_2

Download citation

  • DOI: https://doi.org/10.1007/11774716_2

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-35151-1

  • Online ISBN: 978-3-540-35152-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

search

Navigation