共查询到20条相似文献,搜索用时 78 毫秒
1.
《Computer Standards & Interfaces》2014,36(3):513-523
One of the critical security issues of Vehicular Ad Hoc Networks (VANETs) is the revocation of misbehaving vehicles. While essential, revocation checking can leak potentially sensitive information. Road Side Units (RSUs) receiving the certificate status queries could infer the identity of the vehicles posing the query. An important loss of privacy results from the RSUs ability to tie the checking vehicle with the query's target. We propose a Privacy Preserving Revocation mechanism (PPREM) based on a universal one-way accumulator. PPREM provides explicit, concise, authenticated and unforgeable information about the revocation status of each certificate while preserving the users' privacy. 相似文献
2.
Security is vital for the reliable operation of vehicular ad hoc networks (VANETs). One of the critical security issues is the revocation of misbehaving vehicles. While essential, revocation checking can leak private information. In particular, repositories receiving the certificate status queries could infer the identity of the vehicles posing the query and the target of the query. An important loss of privacy results from this ability to tie the checking vehicle with the query’s target, due to their likely willingness to communicate. In this paper, we propose an Efficient and Privacy-Aware revocation Mechanism (EPA) based on the use of Merkle Hash Trees (MHT) and a Crowds-based anonymous protocol, which replaces the time-consuming certificate revocation lists checking process. EPA provides explicit, concise, authenticated and unforgeable information about the revocation status of each certificate while preserving the users’ privacy. Moreover, EPA reduces the security overhead for certificate status checking, and enhances the availability and usability of the revocation data. By conducting a detailed performance evaluation, EPA is demonstrated to be reliable, efficient, and scalable. 相似文献
3.
Jose L. Muñoz Jordi Forne Oscar Esparza Miguel Soriano 《International Journal of Information Security》2004,2(2):110-124
Public-key cryptography is widely used to provide Internet security services. The public-key infrastructure (PKI) is the infrastructure that supports the public-key cryptography, and the revocation of certificates implies one of its major costs. The goal of this article is to explain in detail a certificate revocation system based on the Merkle hash tree (MHT) called AD–MHT. AD–MHT uses the data structures proposed by Naor and Nissim in their authenticated dictionary (AD) [20]. This work describes the tools used and the details of the AD–MHT implementation. The authors also address important issues not addressed in the original AD proposal, such as responding to a request, revoking a certificate, deleting an expired certificate, the status checking protocol for communicating the AD–MHT repository with the users, verifying a response, system security, and, finally, performance evaluation. 相似文献
4.
5.
证书吊销的线索二叉排序Hash树解决方案 总被引:11,自引:1,他引:10
提出了公钥基础设施(publickeyinfrastructure,简称PKI)中证书吊销问题的一个新的解决方案--线索二叉排序Hash树(certificaterevocationthreadedbinarysortedhashtree,简称CRTBSHT)解决方案.目前关于证书吊销问题的主要解决方案有X.509证书系统的证书吊销列表(certificaterevocationlist,简称CRL)、Micali的证书吊销系统(certificaterevocationsystem,简称CRS)、Kocher的证书吊销树(certificaterevocationtree,简称CRT)及Naor-Nissm的2-3证书吊销树(2-3CRT),这些方案均不完善.在CRT系统思想的基础上,利用线索化二叉排序树及Hash树给出的新方案,既继承了CRT证明一个证书的状态(是否被吊销)不需要整个线索二叉树,而只与其中部分相关路径有关的优点,又克服了CRT在更新时几乎需要对整个树重新构造的缺点,新方案在更新时仅需计算相关部分路径的数值.新方案对工程实现具有一定的参考价值. 相似文献
6.
刘玉 《计算机工程与应用》2014,50(5):65-69
证书撤销是保障车载Ad Hoc网络安全的难点问题之一,但传统的CRL发布方式由于网络规模大,车辆机动性强等原因并不适用。结合车载Ad Hoc网络中节点移动规律和速度等特性,在提出降解CRL规模的方法的基础上,进一步提出一种基于车辆速度证书快速撤销方案。分析表明在证书有效期较短的情况下,该方案要优于传统方案。 相似文献
7.
8.
本文分析了网格安全基础设施(Grid Security Infrastructure、GSI)中传统的证书撤销机制存在的问题,并提出了一种新的联合证书撤销方案。该方案使用单向哈希链和多重证书来改进证书撤销机制,CA的部分功能被分散到其它网格节点,避免了网格环境下的拥塞和单点失败。不同CA颁发的证书能够进行交叉认证,用户可以验证证书的有效性而无需从该证书的颁发CA重新获得撤销信息。因此该方案可以保证证书撤销的实时性。为了研究方案性能,和其他三种传统的证书撤销方案进行了对比实验。结果表明,相对传统的证书撤销机制本文所提出的联合证书撤销方案能使峰值请求率降低、峰值带宽变窄、安全风险降低. 相似文献
9.
基于单向散列链的公钥证书撤销机制 总被引:5,自引:0,他引:5
证书撤销是公钥基础设施(PKI,Public Key Infrastructure)研究和应用的难点问题.本文首先讨论了当前应用最广泛的两类证书撤销机制一证书撤销列表(CRL,Certificate Revocation List)和在线证书状态罅议(OCSP,Online Certificate Status Protocol),剖析了这两种机制各自存在自的不足.在此基础上,提出了一种基于单向散列链的证书撤销机制. 相似文献
10.
安全凭证回收的实现是公钥基础设施(PKI)所面临的一个主要的问题。许多种回收策略已经被提出,CRL是其中最简单,最容易实现的方法。但是如何有效地分布已经回收的安全凭证信息是这种方法所面临的一个挑战。论文提出利用P2P技术组织终端实体,并利用bloomfilter压缩向量代表安全凭证回收链CRL。通过实体间的协作和bloomfilter的压缩功能减少REPOSITORY和网络的负担。此外,为了有效地向终端实体发布CRL的bloomfilter压缩向量,提出一种高效的广播算法,在最小的TTL内尽量将向量广播到每一个节点。论文最后进行了模拟试验,实验证明提出的解决方案是有效的。 相似文献
11.
由于Ad hoe网络的特殊性,基于数字证书的安全机制在其中的应用面临很多困难,其中最大的挑战是:在网络节点无法在线访问CA的情况下,如何实现证书的撤销。在对Adhoe网络环境下现存的证书撤销机制进行分析后,提出了一种基于单向哈希函数的证书撤销机制,这种机制具有执行效率高、节约网络带宽、计算开销低:等优点,非常适用于Adhoe网络环境。 相似文献
12.
目前关于公钥基础设施(public key infrastructure)中证书撤销问题的主要解决方案是使用X.509证书撤销列表(CRL)来定期发布证书状态信息;现有的发布机制主要针对提高处理时间,而对存储库性能的优化仍然存在一些问题——CRL存储库峰值负荷过大;通过对增量CRL和Over—Issued CRL模型的分析,给出了一种基于Over—Issued增量CRL机制的证书状态信息发布方法;它结合了上述两种模型的优点,通过改变Over- IssuedCRL发布的时间间隔和增量CRL发布窗口大小,有效降低了存储库峰值负荷。 相似文献
13.
14.
针对无线Mesh网络的特点和安全缺陷,提出将基于身份密码学机制应用到无线Mesh网络的思想,设计了IBS-EAP接入认证协议和IBS-RP漫游认证协议,实现快速接入,避免了多次认证;对新协议进行安全性分析和效率分析,证明了新协议的优越性。设计了IBS-EAP接入认证协议,实现了快速接入的目的,基于IBS签名技术完成双向认证,一个节点的公钥可以通过身份标识和IBS系统的公开参数直接获得,无需采用复杂的技术维护公钥证书和证书撤销列表CRL。 相似文献
15.
16.
We present architecture for a relying-party to manage credentials, and in particular to map different credentials into common format and semantics. This will allow use of simple, widely available credentials as well as more advanced credentials such as public key certificates, attribute certificates and 'negative' credentials (which result in reduced trust) such as certificate revocation lists (CRL). The core of the architecture is a Credential Manager who collects credentials, and maps them to common format and semantics. 相似文献
17.
基于增量CRL证书撤销机制,提出了基于P2P共享下载模式的证书撤销机制。在Delta-CRL的发布周期内,CA发布Base-CRL和Delta-CRL,用户除初始化外,其他时刻只需下载Delta-CRL即可。当用户提出请求,通过洪泛机制查询相应节点和资源的信誉度记录,找到最优记录节点,建立P2P连接。然后,将下载的CRL模块在客户端重构以获得完整的CRL。与其他CRL相比,该方法能够有效减少CRL的下载尺寸,真正降低通信载荷以及系统的峰值请求率,提供更为及时的证书撤销信息。 相似文献
18.
19.
Vehicular Ad Hoc Networks (VANETs) are appropriate networks that can be applied to intelligent transportation systems. In VANET, messages exchanged among vehicles may be damaged by attacker nodes. Therefore, security in message forwarding is an important factor. We propose the Detection of Malicious Vehicles (DMV) algorithm through monitoring to detect malicious nodes that drop or duplicate received packets and to isolate them from honest vehicles, where each vehicle is monitored by some of it trustier neighbors called verifier nodes. If a verifier vehicle observes an abnormal behavior from vehicle V, it increases distrust value of vehicle V. The ID of vehicle V is then reported to its relevant Certificate Authority (CA) as a malicious node when its distrust value is higher than a threshold value. Performance evaluation shows that DMV can detect most existence abnormal and malicious vehicles even at high speeds. 相似文献
20.
Dwaine Clarke 《Computer Communications》2011,34(3):407-422
We present PubKey-Wiki, a public key-based wiki group collaboration system. PubKey-Wiki allows users to authenticate themselves using public-key cryptography and gain authorizations using digital certificates. By using public key-based user authentication, users’ passwords are not sent across the network and are not stored on the web server’s host machine. Using digital certificates to authorize users to access protected files facilitates delegation of authority and simpler access control list (ACL) management, and allows the ability of a user to pass authorizations onto other users without needing to connect to the wiki’s server. The paper introduces a new approach to revocation in which revocation of certificates and revocation of public keys are handled separately and take effect immediately.The paper also introduces an algorithm, CertClosure, that computes the transitive closure of a set of certificates that contain authorization information. When a user adds or removes a certificate from his certificate directory in PubKey-Wiki, PubKey-Wiki uses the CertClosure algorithm to derive authorization rules. PubKey-Wiki stores these authorization rules in a lookup table where they can be easily referenced. When a user tries to access a protected file, PubKey-Wiki looks up and uses the relevant authorization rules to efficiently make an access control decision. 相似文献