Efficient and Scalable Infrastructure Support for Dynamic Coalitions

The project is for certificate revocation schemes and public key infrastructure components to enable secure collaboration within dynamically established coalitions. Novel infrastructure security services are needed for the successful operation of a coalition across multiple domains. Certificate management is especially challenging in a dynamic real-time environment. Also, scalability and integration across domains should be efficiently supported.

Traditional certificate management schemes use certificate revocation lists maintained by certificate authorities. This approach requires the entire signed list to be transmitted to any user who requests certificate validation. While this approach is secure and is being deployed in practice, it requires substantial (linear size) communication overhead and is not a scalable solution for dynamic coalitions.

Extending preliminary work on the subject, this project developed a novel certificate revocation scheme in Java that supports fast language and platform independent certificate verification and small communication overhead.

Papers

Support

This project was supported by DARPA under Grant F30602-00-2-0509.


Michael Goodrich, Project Leader.