China
Africa
Explore chapters and articles related to this topic
Key Management Techniques
Published in Alfred J. Menezes, Paul C. van Oorschot, Scott A. Vanstone, Handbook of Applied Cryptography, 2018
Alfred J. Menezes, Paul C. van Oorschot, Scott A. Vanstone
A CRL is a signed list of entries corresponding to revoked public keys, with each entry indicating the serial number of the associated certificate, the time the revocation was first made, and possibly other information such as the revocation reason. The list signature, guaranteeing its authenticity, is generated by the CA which originally issued the certificates; the CRL typically includes this name also. Inclusion of a date on the overall CRL provides an indication of its freshness. If CRLs are distributed using a pull model (e.g., via a public database), they should be issued at regular intervals (or intervals as advertised within the CRL itself) even if there are no changes, to prevent new CRLs being maliciously replaced by old CRLs.
Key Management
Published in Khaleel Ahmad, M. N. Doja, Nur Izura Udzir, Manu Pratap Singh, Emerging Security Algorithms and Techniques, 2019
For ensuring the security of the certificates, so that the CA will not be able to issue any improper certificate, RFC 5280 has defined a revoked state in which if the CA issues an improper certificate or the private keys are compromised in any manner or any policies of CA are violated by the CA or by their users, then the certificate is revoked. There is also an authority revocation list, which is a kind of CRL that contains the list of revoked certificates from the issuing CA.
Improving Security on Blockchain and Its Integration with IoT
Published in E. Golden Julie, J. Jesu Vedha Nayahi, Noor Zaman Jhanjhi, Blockchain Technology, 2020
M. Kavitha Margret, E. Golden Julie, D. Vijayanandh, A. Balamurugan
A CRL is a list with references to certificates that revoked for any reason. When one participant or node wants to verify another nodes identity, it need to check CRL issued by CA, the nodes are treated as a compromised identity. The validity also be checked by CLR. If an actor tries to pass a negotiated or compromised certificate for validating party, it checked against CRL. PKI can provide confirmable uniqueness of node through a chain of trust.
A pre-signed response method based on online certificate status protocol request prediction
Published in Enterprise Information Systems, 2021
Chi-Hua Chen, Genggeng Liu, Yu-Chih Wei, Zuoyong Li, Bon-Yeh Lin
One of the certificate verification approach is to utilise the use of certificate revocation lists (CRLs) (Cooper et al. 2008), which are signed revocation lists issued by CAs. However, the drawbacks of this approach are that it is time-consuming and there is bandwidth limitation (Pachilakis et al. 2020). Currently the Online Certificate Status Protocol (OCSP) (Santesson et al. 2013) is the mainstream approach used to resolve the aforementioned problems. OCSP responders are maintained by CAs to respond to queries about certificate revocation statuses. Cryptographic nonces and digital signatures are used to counter attacks in OCSP (Santesson et al. 2013). The lengths of nonces are required to extend to 32 octets in order to prevent nonce collisions (Sahni 2020). However, maintaining the reliability of the OCSP is still a big challenge because more than 7% of OCSP checks on potential attacks are ignored due to query timeouts (Jones 2020).
Policy-based security for distributed manufacturing execution systems
Published in International Journal of Computer Integrated Manufacturing, 2018
Octavian Morariu, Cristina Morariu, Theodor Borangiu
Step 4 – Revocation: is the last stage after the product execution is completed. As the product will no longer require communication with other shop floor devices, the certificate must be revoked. This is accomplished by sending a certificate revocation request to the CA agent. The CA agent publishes the certificate revocation in the CRL list, so that all future SSL handshakes that use this certificate will be prevented.