Efficient and Scalable Infrastructure Support

Efficient and Scalable Infrastructure Support for Dynamic Coalitions

The project is for certificate revocation schemes and public key infrastructure components to enable secure collaboration within dynamically established coalitions. Novel infrastructure security services are needed for the successful operation of a coalition across multiple domains. Certificate management is especially challenging in a dynamic real-time environment. Also, scalability and integration across domains should be efficiently supported.

Traditional certificate management schemes use certificate revocation lists maintained by certificate authorities. This approach requires the entire signed list to be transmitted to any user who requests certificate validation. While this approach is secure and is being deployed in practice, it requires substantial (linear size) communication overhead and is not a scalable solution for dynamic coalitions.

Extending preliminary work on the subject, this project developed a novel certificate revocation scheme in Java that supports fast language and platform independent certificate verification and small communication overhead.

Papers

M. T. Goodrich, M. Shin, R. Tamassia, W. H. Winsborough, Authenticated dictionaries for fresh attribute credentials, Proc. Trust Management Conference, pages 332--347, Springer, LNCS 2692, 2003.
M. T. Goodrich, R. Tamassia, N. Triandopoulos and R. Cohen, Authenticated Data Structures for Graph and Geometric Searching, Proc. RSA Conference -- Cryptographers' Track, pages 295--313, Springer, LNCS 2612, 2003.
D. J. Polivy and R. Tamassia, Authenticating Distributed Data using Web Services and XML Signatures, Proc. ACM Workshop on XML Security, ACM Press, 2002.
M. T. Goodrich, and R. Tamassia and J. Hasic, An Efficient Dynamic and Distributed Cryptographic Accumulator, Proc. Information Security Conference (ISC 2002) Lecture Notes in Computer Science, vol. 2433, Springer-Verlag, pp. 372-388, 2002.
R. Tamassia, Efficient Low-Cost Authentication of Distributed Data and Transactions, Conduit, vol. 10, no. 2, Department of Computer Science, Brown University, 2001.
A. Anagnostopoulos, M. T. Goodrich, and R. Tamassia, Persistent Authenticated Dictionaries and Their Applications, Proc. Information Security Conference (ISC 2001), Lecture Notes in Computer Science, vol. 2200, Springer-Verlag, pp. 379-393, 2001.
M. T. Goodrich, R. Tamassia, and A. Schwerin, Implementation of an Authenticated Dictionary with Skip Lists and Commutative Hashing, Proc. DARPA Information Survivability Conference and Exposition (DISCEX '01), IEEE Press, vol. 2, pp. 68-82, 2001.

Support

This project was supported by DARPA under Grant F30602-00-2-0509.

Michael Goodrich, Project Leader.