A Proposal of TLS Implementation for Cross Certification Model
Summary :
Today, TLS is widely used for achieving a secure communication system. And TLS is used PKI for server authentication and/or client authentication. However, its PKI environment, which is called as "multiple trust anchors environment," causes the problem that the verifier has to maintain huge number of CA certificates in the ubiquitous network because the increase of terminals connected to the network brings the increase of CAs. However, most of terminals in the ubiquitous network will not have enough memory to hold such huge number of CA certificates. Therefore, another PKI environment, "cross certification environment", is useful for the ubiquitous network. But, because current TLS is designed for the multiple trust anchors model, TLS cannot work efficiently on the cross-certification model. This paper proposes a TLS implementation method to support the cross certification model efficiently. Our proposal reduces the size of exchanged messages between the TLS client and the TLS server during the handshake process. Therefore, our proposal is suitable for implementing TLS in the terminals that do not have enough computing power and memory in ubiquitous network.
- Publication
- IEICE TRANSACTIONS on Information Vol.E91-D No.5 pp.1311-1318
- Publication Date
- 2008/05/01
- Publicized
- Online ISSN
- 1745-1361
- DOI
- 10.1093/ietisy/e91-d.5.1311
- Type of Manuscript
- Special Section PAPER (Special Section on Information and Communication System Security)
- Category
- Implementation
Authors
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Tadashi KAJI, Takahiro FUJISHIRO, Satoru TEZUKA, "A Proposal of TLS Implementation for Cross Certification Model" in IEICE TRANSACTIONS on Information,
vol. E91-D, no. 5, pp. 1311-1318, May 2008, doi: 10.1093/ietisy/e91-d.5.1311.
Abstract: Today, TLS is widely used for achieving a secure communication system. And TLS is used PKI for server authentication and/or client authentication. However, its PKI environment, which is called as "multiple trust anchors environment," causes the problem that the verifier has to maintain huge number of CA certificates in the ubiquitous network because the increase of terminals connected to the network brings the increase of CAs. However, most of terminals in the ubiquitous network will not have enough memory to hold such huge number of CA certificates. Therefore, another PKI environment, "cross certification environment", is useful for the ubiquitous network. But, because current TLS is designed for the multiple trust anchors model, TLS cannot work efficiently on the cross-certification model. This paper proposes a TLS implementation method to support the cross certification model efficiently. Our proposal reduces the size of exchanged messages between the TLS client and the TLS server during the handshake process. Therefore, our proposal is suitable for implementing TLS in the terminals that do not have enough computing power and memory in ubiquitous network.
URL: https://global.ieice.org/en_transactions/information/10.1093/ietisy/e91-d.5.1311/_p
Copy
@ARTICLE{e91-d_5_1311,
author={Tadashi KAJI, Takahiro FUJISHIRO, Satoru TEZUKA, },
journal={IEICE TRANSACTIONS on Information},
title={A Proposal of TLS Implementation for Cross Certification Model},
year={2008},
volume={E91-D},
number={5},
pages={1311-1318},
abstract={Today, TLS is widely used for achieving a secure communication system. And TLS is used PKI for server authentication and/or client authentication. However, its PKI environment, which is called as "multiple trust anchors environment," causes the problem that the verifier has to maintain huge number of CA certificates in the ubiquitous network because the increase of terminals connected to the network brings the increase of CAs. However, most of terminals in the ubiquitous network will not have enough memory to hold such huge number of CA certificates. Therefore, another PKI environment, "cross certification environment", is useful for the ubiquitous network. But, because current TLS is designed for the multiple trust anchors model, TLS cannot work efficiently on the cross-certification model. This paper proposes a TLS implementation method to support the cross certification model efficiently. Our proposal reduces the size of exchanged messages between the TLS client and the TLS server during the handshake process. Therefore, our proposal is suitable for implementing TLS in the terminals that do not have enough computing power and memory in ubiquitous network.},
keywords={},
doi={10.1093/ietisy/e91-d.5.1311},
ISSN={1745-1361},
month={May},}
Copy
TY - JOUR
TI - A Proposal of TLS Implementation for Cross Certification Model
T2 - IEICE TRANSACTIONS on Information
SP - 1311
EP - 1318
AU - Tadashi KAJI
AU - Takahiro FUJISHIRO
AU - Satoru TEZUKA
PY - 2008
DO - 10.1093/ietisy/e91-d.5.1311
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E91-D
IS - 5
JA - IEICE TRANSACTIONS on Information
Y1 - May 2008
AB - Today, TLS is widely used for achieving a secure communication system. And TLS is used PKI for server authentication and/or client authentication. However, its PKI environment, which is called as "multiple trust anchors environment," causes the problem that the verifier has to maintain huge number of CA certificates in the ubiquitous network because the increase of terminals connected to the network brings the increase of CAs. However, most of terminals in the ubiquitous network will not have enough memory to hold such huge number of CA certificates. Therefore, another PKI environment, "cross certification environment", is useful for the ubiquitous network. But, because current TLS is designed for the multiple trust anchors model, TLS cannot work efficiently on the cross-certification model. This paper proposes a TLS implementation method to support the cross certification model efficiently. Our proposal reduces the size of exchanged messages between the TLS client and the TLS server during the handshake process. Therefore, our proposal is suitable for implementing TLS in the terminals that do not have enough computing power and memory in ubiquitous network.
ER -
English
