Model for PKI interoperability in Serbia
Abstract
The increasing use of electronic services that use electronic certificates and the increasing implementation of public key infrastructures require their interconnection and interoperability. In this paper, the authors analyze the models for interoperability between various PKI domains and their possible application in achieving interoperability of the public key infrastructures in the Republic of Serbia. The implementation of the interoperability of the existing models is discussed from the following aspects: scalability, processing of certification paths, implementing policies, the points of failure and the possibilities of re-establishing trust. We proposed a conceptual model based on the Bridge Certification Authority trust model. This model can provide the establishment of the interoperability of both the existing and new national PKI domains, their interconnection as well as their connection with foreign PKI domains. The model was extended with the Validation Authority that provides more efficient processing of the certification path.
References
Adams, C., & Lloyd, S., 2003. Understanding PKI: Concepts, standards, and deployment considerations, Addison-Wesley Professional, pp.11-15.
Arsenault, A., & Turner, S., 2003. Internet Draft PKIX: Internet X. 509 Public Key Infrastructure: Roadmap, PKIX Working Group.
Australian Government, 2009. Gatekeeper PKI Framework. Department of Finance and Deregulation. Available at: https://www.finance.gov.au/sites/default/files/Certification_Authority_Accreditation_Criteria.pdf. Accessed: 17 May 2016.
Connolly, C., van Dijk, P., Vierboom, F., Wilson, S., 2005. PKI Interoperability Models, Galexia.
Cooper, D., Santesson, S., Farrell, S., et. al., 2008. Internet X. 509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, RFC 5280.
Freeman, T., Housley, R., Malpani, A., et al, 2007. Server-Based Certificate Validation Protocol, Network Work Group, RFC 5055.
Johner, H., Fujiwara, S., Yeung, A.S., et al, 2000. Deploying a Public Key Infrastructure, IBM Redbooks, SG24-5512-00. Available at: http://www.ibm.com/redbooks. Accessed: 17 May 2015.
Lloyd, S., Fillingham, D., et al, 2001. CA-CA Interoperability, White Paper. PKI Forum. Available at: http://www.oasis-pki.org/pdfs/ca-ca_interop.pdf. Accessed: 17 May 2016.
Pavlović, G., 2007. [Internet]. Available at: http://www.telekomunikacije.rs/archive/first_issue/g_pavlovic:_implementacija_ elektronskog_ potpisa_u_srbiji.119.html. Accessed: 25 May 2016.
PKI Forum, 2001. PKI Interoperability Framework, PKI Forum. Available at: http://www.oasis-pki.org/pdfs/PKIInteroperabilityFramework.pdf. Accessed: 14 October 2014.
Pfleeger, C.P., & Pfleeger, S.L., 2006. Security in Computing, 4th ed, Prentice Hall.
Prodanović, R., 2007. Ugrožavanje bezbednosti u elektronskom poslovanju. In: Simpozijum YU INFO 2007, Kopaonik, March 11.
Prodanović, R., & Petrović, M., 2006. Digitalni sertifikat - nosilac zaštite u elektronskom poslovanju. In: SymOrg, Zlatibor, June 07.
Prodanović, R., & Vulić, I., 2011. A Proposal for the Solution of the Public Key Infrastructure of the Republic of Serbia. In: 4th International Scientific Conference on Defensive Technologies OTEH, Belgrade, October 06.
Sheehy, E.D., Greene, M., Lundin, M., Ward, J., 2011. Trust Service Principles and Criteria for Certification Authorities, Version 2.0., Canadian Institute of Chartered Accountants.
- OASIS, 2003. Survey on Obstracles to PKI Deployment and Usage, version 1.0. Available at: http://people.cs.vt.edu/~kafura/cs6204/ Readings/Authentication/PKIObstaclesSurveyReport.pdf. Accessed: 17 May 2016.
Proposed Creative Commons Copyright Notices
Proposed Policy for Military Technical Courier (Journals That Offer Open Access)
Authors who publish with this journal agree to the following terms:
Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).