Infra-estrutura de Chaves Públicas Otimizada: Uma ICP de Suporte a Assinaturas Eficientes para Documentos Eletrônicos
Resumo
Neste trabalho estendem-se as idéias sobre a Infra-estrutura de Chaves Públicas Otimizada (ICPO) e os Certificados Otimizados (CO) em vários aspectos: (1) propõe-se a entidade Crypto Time, responsável pela publicação das provas Novomodo, reduzindo assim o custo operacional da AC Raiz da ICPO, (2) apresenta-se uma modificação para a semântica da validade do CO, (3) aborda-se uma solução de Carimbo do Tempo Relativo, (4) descreve-se a confiança dos usuários na Autoridade Certificadora de Certificados Otimizados e (5) mostra-se, através de um novo comparativo de custos, por que o CO é uma atraente alternativa para arquivamento a longo prazo.Referências
Adams, C., Sylvester, P., Zolotarev, M., and Zuccherato, R. (2001). Internet X.509 Public Key Infrastructure Data Validation and Certification Server Protocols. RFC 3029 (Experimental).
Adams, C. and Zuccherato, R. (1998). A general, flexible approach to certificate revocation. Entrust Technologies White Paper.
Berbecaru, D., Lioy, A., and Marian, M. (2001). On the complexity of public-key certificate validation. In ISC ’01: Proceedings of the 4th International Conference on Information Security, pages 183–203, London, UK. Springer-Verlag.
Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and Polk, W. (2008). Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280 (Proposed Standard).
Cooper, D. A. (1999). A model of certificate revocation. In ACSAC ’99: Proceedings of the 15th Annual Computer Security Applications Conference, page 256, Washington, DC, USA. IEEE Computer Society.
Custódio, R. F., Vigil, M. A., Romani, J., Pereira, F. C., and Silva Fraga, J. (2008). Optimized certificates — a new proposal for efficient electronic document signature validation. In EuroPKI ’08: Proceedings of the 5th European PKI workshop on Public Key Infrastructure, pages 49–59, Berlin, Heidelberg. Springer-Verlag.
Diffie, W. and Hellman, M. E. (1976). New directions in cryptography. IEEE Transactions on Information Theory, IT-22(6):644–654.
Dzung, D., Naedele, M., Von Hoff, T., and Crevatin, M. (2005). Security for industrial communication systems. Proceedings of the IEEE, 93(6):1152–1177.
Ellison, C. (1999). SPKI Requirements. RFC 2692 (Experimental).
Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., and Ylonen, T. (1999). SPKI Certificate Theory. RFC 2693 (Experimental).
Freeman, T., Housley, R., Malpani, A., Cooper, D., and Polk, W. (2007). Server-Based Certificate Validation Protocol (SCVP). RFC 5055 (Proposed Standard).
Gondrom, T., Brandner, R., and Pordesch, U. (2007). Evidence Record Syntax (ERS). RFC 4998 (Proposed Standard).
Guida, R., Stahl, R., Bunt, T., Secrest, G., and Moorcones, J. (2004). Deploying and using public key technology: Lessons learned in real life. IEEE Security and Privacy, 2(4):67–71.
Gutman, P. (2002). Pki: It’s not dead, just resting. Computer, 35(8):41–49.
Haber, S. and Stornetta, W. S. (1991). How to time-stamp a digital document. In CRYPTO ’90: Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology, pages 437–455, London, UK. Springer-Verlag.
Hallam-Baker, P. (1999). OCSP Extensions. Work in progress, IETF PKIX working group.
Housley, R. (2002). Cryptographic Message Syntax (CMS). RFC 3369 (Proposed Standard). Obsoleted by RFC 3852.
ITU-T (2005). Recommendation X.509 information technology open systems interconnection the directory: Authentication framework. Technical report, ITU-T.
Kocher, P. C. (1998). On certificate revocation and validation. Financial Cryptography, 1465:172–177.
Levi, A., Caglayan, M. U., and Koc, C. K. (2004). Use of nested certificates for efficient, dynamic, and trust preserving public key infrastructure. ACM Trans. Inf. Syst. Secur., 7(1):21–59.
Martinez-Peláez, R., Satizábal, C., Rico-Novella, F., and Forné, J. (2008). Efficient certificate path validation and its application in mobile payment protocols. In ARES ’08: Proceedings of the 2008 Third International Conference on Availability, Reliability and Security, pages 701–708, Washington, DC, USA. IEEE Computer Society.
Mcdaniel, P., Jamin, S., and Arbor, A. (2000). Windowed key revocation in public key infrastructures. IEEE INFOCOM, 3:1406–1414.
Micali, S. (2002). NOVOMODO: Scalable Certificate Validation and Simplified PKI Management. In Proceedings of the 1st Annual PKI Research Workshop, NIST, Gaithersburg MD, USA.
Myers, M., Ankney, R., Malpani, A., Galperin, S., and Adams, C. (1999). X.509 Internet Public Key Infrastructure Online Certificate Status Protocol OCSP. RFC 2560 (Proposed Standard).
Perlman, R. and Kaufman, C. (1993). Method of issuance and revocation of certificates of authenticity used in public key networks and other systems. Technical report, United State Patent 5,261,002.
Pinkas, D., Pope, N., and Ross, J. (2008). CMS Advanced Electronic Signatures (CAdES). RFC 5126 (Informational).
Rivest, R. L. (1998). Can we eliminate certificate revocations lists? In FC ’98: Proceedings of the Second International Conference on Financial Cryptography, pages 178–183, London, UK. Springer-Verlag.
Satizábal, C., Hernández-Serrano, J., Forné, J., and Pegueroles, J. (2007). Building a virtual hierarchy to simplify certification path discovery in mobile ad-hoc networks. Comput. Commun., 30(7):1498–1512.
Signatures, E. T. C. E. and (ESI), I. (2008a). Electronic signatures and infrastructures (esi); cms advanced electronic signatures (cades). Technical report, European Telecommunications Standards Institute.
Signatures, E. T. C. E. and (ESI), I. (2008b). Electronic signatures and infrastructures (esi); profiles of xml advanced electronic signatures based on ts 101 903 (xades). Technical report, European Telecommunications Standards Institute.
Willig, A. (2008). Recent and emerging topics in wireless industrial communications: A selection. IEEE Transactions on Industrial Informatics, 4(2):102–124.
Adams, C. and Zuccherato, R. (1998). A general, flexible approach to certificate revocation. Entrust Technologies White Paper.
Berbecaru, D., Lioy, A., and Marian, M. (2001). On the complexity of public-key certificate validation. In ISC ’01: Proceedings of the 4th International Conference on Information Security, pages 183–203, London, UK. Springer-Verlag.
Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and Polk, W. (2008). Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280 (Proposed Standard).
Cooper, D. A. (1999). A model of certificate revocation. In ACSAC ’99: Proceedings of the 15th Annual Computer Security Applications Conference, page 256, Washington, DC, USA. IEEE Computer Society.
Custódio, R. F., Vigil, M. A., Romani, J., Pereira, F. C., and Silva Fraga, J. (2008). Optimized certificates — a new proposal for efficient electronic document signature validation. In EuroPKI ’08: Proceedings of the 5th European PKI workshop on Public Key Infrastructure, pages 49–59, Berlin, Heidelberg. Springer-Verlag.
Diffie, W. and Hellman, M. E. (1976). New directions in cryptography. IEEE Transactions on Information Theory, IT-22(6):644–654.
Dzung, D., Naedele, M., Von Hoff, T., and Crevatin, M. (2005). Security for industrial communication systems. Proceedings of the IEEE, 93(6):1152–1177.
Ellison, C. (1999). SPKI Requirements. RFC 2692 (Experimental).
Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., and Ylonen, T. (1999). SPKI Certificate Theory. RFC 2693 (Experimental).
Freeman, T., Housley, R., Malpani, A., Cooper, D., and Polk, W. (2007). Server-Based Certificate Validation Protocol (SCVP). RFC 5055 (Proposed Standard).
Gondrom, T., Brandner, R., and Pordesch, U. (2007). Evidence Record Syntax (ERS). RFC 4998 (Proposed Standard).
Guida, R., Stahl, R., Bunt, T., Secrest, G., and Moorcones, J. (2004). Deploying and using public key technology: Lessons learned in real life. IEEE Security and Privacy, 2(4):67–71.
Gutman, P. (2002). Pki: It’s not dead, just resting. Computer, 35(8):41–49.
Haber, S. and Stornetta, W. S. (1991). How to time-stamp a digital document. In CRYPTO ’90: Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology, pages 437–455, London, UK. Springer-Verlag.
Hallam-Baker, P. (1999). OCSP Extensions. Work in progress, IETF PKIX working group.
Housley, R. (2002). Cryptographic Message Syntax (CMS). RFC 3369 (Proposed Standard). Obsoleted by RFC 3852.
ITU-T (2005). Recommendation X.509 information technology open systems interconnection the directory: Authentication framework. Technical report, ITU-T.
Kocher, P. C. (1998). On certificate revocation and validation. Financial Cryptography, 1465:172–177.
Levi, A., Caglayan, M. U., and Koc, C. K. (2004). Use of nested certificates for efficient, dynamic, and trust preserving public key infrastructure. ACM Trans. Inf. Syst. Secur., 7(1):21–59.
Martinez-Peláez, R., Satizábal, C., Rico-Novella, F., and Forné, J. (2008). Efficient certificate path validation and its application in mobile payment protocols. In ARES ’08: Proceedings of the 2008 Third International Conference on Availability, Reliability and Security, pages 701–708, Washington, DC, USA. IEEE Computer Society.
Mcdaniel, P., Jamin, S., and Arbor, A. (2000). Windowed key revocation in public key infrastructures. IEEE INFOCOM, 3:1406–1414.
Micali, S. (2002). NOVOMODO: Scalable Certificate Validation and Simplified PKI Management. In Proceedings of the 1st Annual PKI Research Workshop, NIST, Gaithersburg MD, USA.
Myers, M., Ankney, R., Malpani, A., Galperin, S., and Adams, C. (1999). X.509 Internet Public Key Infrastructure Online Certificate Status Protocol OCSP. RFC 2560 (Proposed Standard).
Perlman, R. and Kaufman, C. (1993). Method of issuance and revocation of certificates of authenticity used in public key networks and other systems. Technical report, United State Patent 5,261,002.
Pinkas, D., Pope, N., and Ross, J. (2008). CMS Advanced Electronic Signatures (CAdES). RFC 5126 (Informational).
Rivest, R. L. (1998). Can we eliminate certificate revocations lists? In FC ’98: Proceedings of the Second International Conference on Financial Cryptography, pages 178–183, London, UK. Springer-Verlag.
Satizábal, C., Hernández-Serrano, J., Forné, J., and Pegueroles, J. (2007). Building a virtual hierarchy to simplify certification path discovery in mobile ad-hoc networks. Comput. Commun., 30(7):1498–1512.
Signatures, E. T. C. E. and (ESI), I. (2008a). Electronic signatures and infrastructures (esi); cms advanced electronic signatures (cades). Technical report, European Telecommunications Standards Institute.
Signatures, E. T. C. E. and (ESI), I. (2008b). Electronic signatures and infrastructures (esi); profiles of xml advanced electronic signatures based on ts 101 903 (xades). Technical report, European Telecommunications Standards Institute.
Willig, A. (2008). Recent and emerging topics in wireless industrial communications: A selection. IEEE Transactions on Industrial Informatics, 4(2):102–124.
Publicado
28/09/2009
Como Citar
VIGIL, Martín Augusto Gagliotti; SILVA, Nelson da; MORAES, Ricardo; CUSTÓDIO, Ricardo Felipe.
Infra-estrutura de Chaves Públicas Otimizada: Uma ICP de Suporte a Assinaturas Eficientes para Documentos Eletrônicos. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 9. , 2009, Campinas.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2009
.
p. 129-142.
DOI: https://doi.org/10.5753/sbseg.2009.20628.
