A survey and security strength classification of PKI certificate revocation management implementations
03Dec_MacMichael.pdf (1.302Mb)Abstract
In this thesis, I define all currently operational, proposed, and theoretically possible methods of certificate revocation. The role of certificate revocation within the larger scheme of PKI is examined and the mandates upon Department of Defense from the Certification Practices Statement (CPS) and Certificate Policy (CP) are examined. A "best case" model for revocation is suggested. The security attributes affecting certificate revocation are examined; from these attributes a set of metrics are defined for the purpose of measuring the security-relevant strengths and weaknesses of all plausible methods of certificate revocation. Each method is examined and ranked according to security strength. Conclusions regarding certificate revocation use within Department of Defense are made and further study within the field is suggested.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.Collections
Related items
Showing items related by title, author, creator and subject.
-
A CyberCIEGE scenario illustrating PKI interoperability issues through e-mail communications in a corporate environment
(Monterey, California. Naval Postgraduate School, 2011-12);To help educate computer/network users and administrators on the complexities and potential implementation pitfalls of PKI, the work outlined in this thesis extended the CyberCIEGE computer security simulation game with ... -
Street Smarts: unconventional warriors in contemporary joint urban operations
(2001-06);Marine forces are expeditionary in nature yet require the full range of Public Key infrastructure (PKI) services at deployed sites with limited bandwidth and access to their respective Registration Authority (RA). The ... -
Requirements for the deployment of Public Key Infrastructure (PKI) in the USMC Tactical Envioronment
(2001-06);Marine forces are expeditionary in nature yet require the full range of Public Key infrastructure (PKI) services at deployed sites with limited bandwidth and access to their respective Registration Authority (RA). The ...
