Issue No. 04 - April (2007 vol. 18)
Eunjin (EJ) Jung , IEEE
Ehab S. Elmallah , IEEE
Mohamed G. Gouda , IEEE
<p><b>Abstract</b>—We consider a network where users can issue certificates that identify the public keys of other users in the network. The issued certificates in a network constitute a set of certificate chains between users. A user <tmath>u</tmath> can obtain the public key of another user <tmath>v</tmath> from a certificate chain from <tmath>u</tmath> to <tmath>v</tmath> in the network. For the certificate chain from <tmath>u</tmath> to <tmath>v</tmath>, <tmath>u</tmath> is called the source of the chain and <tmath>v</tmath> is called the destination of the chain. Certificates in each chain are dispersed between the source and destination of the chain such that the following condition holds. If any user <tmath>u</tmath> needs to securely send messages to any other user <tmath>v</tmath> in the network, then <tmath>u</tmath> can use the certificates stored in <tmath>u</tmath> and <tmath>v</tmath> to obtain the public key of <tmath>v</tmath> (then <tmath>u</tmath> can use the public key of <tmath>v</tmath> to set up a shared key with <tmath>v</tmath> to securely send messages to <tmath>v</tmath>). The cost of dispersing certificates in a set of chains among the source and destination users in a network is measured by the total number of certificates that need to be stored in all users. A dispersal of a set of certificate chains in a network is optimal if no other dispersal of the same chain set has a strictly lower cost. In this paper, we show that the problem of computing optimal dispersal of a given chain set is NP-complete. Thus, minimizing the total number of certificates stored in all users is NP--complete. We identify three special classes of chain sets that are of practical interests and devise three polynomial-time algorithms that compute optimal dispersals for each class. We also present two polynomial-time extensions of these algorithms for more general classes of chain sets.</p>
Security and privacy protection, authentication, security and protection, authentication, certificate graph, certificate dispersal, public-key management.
Eunjin (EJ) Jung, Ehab S. Elmallah, Mohamed G. Gouda, "Optimal Dispersal of Certificate Chains", IEEE Transactions on Parallel & Distributed Systems, vol. 18, no. , pp. 474-484, April 2007, doi:10.1109/TPDS.2007.1007