Open AccessPublic‐key infrastructure validation and revocation mechanism suitable for delay/disruption tolerant networks
Author(s) -
Bhutta Muhammad Nasir Mumtaz,
Cruickshank Haitham,
Sun Zhili
Publication year - 2017
Publication title -
iet information security
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.308
H-Index - 34
eISSN - 1751-8717
pISSN - 1751-8709
DOI - 10.1049/iet-ifs.2015.0438
Subject(s) - revocation list , revocation , public key infrastructure , computer science , certificate authority , computer network , computer security , public key cryptography , node (physics) , certificate , key (lock) , encryption , engineering , operating system , theoretical computer science , structural engineering , overhead (engineering)
Public‐key infrastructure (PKI) is based on public‐key certificates and is the most widely used mechanism for trust and key management. However, standard PKI validation and revocation mechanisms are considered major reasons for its unsuitability for delay/disruption tolerant networking (DTN). DTN requires mechanism to authenticate messages at each node before forwarding it in the network. So, certificate revocation lists (CRLs) being distributed in DTN network will need to be authenticated and validated for issuer certificate authority (CA) at each node. In this study, the authors propose new validation and revocation mechanism which is compliant with DTN semantics and protocols. This study also proposes a new design for CRL in compliance with standard PKI X.509 standard to make the proposed mechanism easy to implement for DTN. The new designed CRL is of reduced size as it contains fewer entries as compared with standard X.509 CRL and also arranges the revocation list in the form of hash table (map) to increase the searching efficiency.