Karatsiolis, Evangelos (2007)
Flexible Certificate Management in Public Key Infrastructures.
Technische Universität Darmstadt
Ph.D. Thesis, Primary publication
Abstract
A public key infrastructure (PKI) secures lots of applications and processes. These are for example the electronic commerce, email communication, access to computers and networks, or digital identities for use in e-Government or the health care sector. The various PKI based applications have different requirements. These depend on the security level, the number of participants, the software or hardware devices, the complexity of the installation, and many other parameters. This work focuses on the certificate management in a PKI and proposes various solutions to meet these requirements in a flexible way. In order to deal with the problems related to certificate management we design the certificate management authority (CMA). This authority is specified as a new trust center component involved in organising the workflow and the tasks that remain after the creation of a PKI product, like a certificate or a revocation list. Its design and implementation is discussed. The certificate management plugins, that the CMA is based on, can be (re)used to provide interoperable PKI solutions. We also give a security analysis of the CMA. The new authority requires to rethink the communication possibilities within a trust center. A new protocol for communication inside a trust center is designed and implemented. It addresses the problems of communication of arbitrary trust center components. It enables human readability of the messages, security mechanisms like digital signatures and encryption, it supports dual control, and expresses typical data in a trust center. One basic task of the CMA is the distribution and dissemination of PKI information. Typical solutions are based on LDAP directories. A best practice guide for these directories regarding PKI purposes is given. We further concentrate on the German Signature Act and see how to meet the directory related requirements in this context. We will use the LDAP directories for other PKI management functions, too. One function is the proof of possession for encryption keys. This scheme realises the indirect method of the CMP messages, but without the need for any confirmation messages. We propose a second scheme for delivering software personal security environments.
Item Type: | Ph.D. Thesis | ||||
---|---|---|---|---|---|
Erschienen: | 2007 | ||||
Creators: | Karatsiolis, Evangelos | ||||
Type of entry: | Primary publication | ||||
Title: | Flexible Certificate Management in Public Key Infrastructures | ||||
Language: | English | ||||
Referees: | Gritzalis, Prof. Dr. Stefanos ; Buchmann, Prof. Dr. Johannes | ||||
Advisors: | Johannes, Prof. Dr. Buchmann | ||||
Date: | 15 October 2007 | ||||
Place of Publication: | Darmstadt | ||||
Publisher: | Technische Universität | ||||
Refereed: | 27 February 2007 | ||||
URL / URN: | urn:nbn:de:tuda-tuprints-8781 | ||||
Abstract: | A public key infrastructure (PKI) secures lots of applications and processes. These are for example the electronic commerce, email communication, access to computers and networks, or digital identities for use in e-Government or the health care sector. The various PKI based applications have different requirements. These depend on the security level, the number of participants, the software or hardware devices, the complexity of the installation, and many other parameters. This work focuses on the certificate management in a PKI and proposes various solutions to meet these requirements in a flexible way. In order to deal with the problems related to certificate management we design the certificate management authority (CMA). This authority is specified as a new trust center component involved in organising the workflow and the tasks that remain after the creation of a PKI product, like a certificate or a revocation list. Its design and implementation is discussed. The certificate management plugins, that the CMA is based on, can be (re)used to provide interoperable PKI solutions. We also give a security analysis of the CMA. The new authority requires to rethink the communication possibilities within a trust center. A new protocol for communication inside a trust center is designed and implemented. It addresses the problems of communication of arbitrary trust center components. It enables human readability of the messages, security mechanisms like digital signatures and encryption, it supports dual control, and expresses typical data in a trust center. One basic task of the CMA is the distribution and dissemination of PKI information. Typical solutions are based on LDAP directories. A best practice guide for these directories regarding PKI purposes is given. We further concentrate on the German Signature Act and see how to meet the directory related requirements in this context. We will use the LDAP directories for other PKI management functions, too. One function is the proof of possession for encryption keys. This scheme realises the indirect method of the CMP messages, but without the need for any confirmation messages. We propose a second scheme for delivering software personal security environments. |
||||
Alternative Abstract: |
|
||||
Uncontrolled Keywords: | X.509 certificate, PKI, LDAP directories | ||||
Classification DDC: | 000 Generalities, computers, information > 004 Computer science | ||||
Divisions: | 20 Department of Computer Science 20 Department of Computer Science > Theoretical Computer Science - Cryptography and Computer Algebra |
||||
Date Deposited: | 17 Oct 2008 09:22 | ||||
Last Modified: | 24 Oct 2018 06:04 | ||||
PPN: | |||||
Referees: | Gritzalis, Prof. Dr. Stefanos ; Buchmann, Prof. Dr. Johannes | ||||
Refereed / Verteidigung / mdl. Prüfung: | 27 February 2007 | ||||
Export: | |||||
Suche nach Titel in: | TUfind oder in Google |
Send an inquiry |
Options (only for editors)
Show editorial Details |