ABSTRACT
Digital certificates are employed in existing classical certification
systems to certify the public keys of the users. In this thesis, a new
certification scheme, which is called nested certification, is proposed.
In simple terms, a nested certificate is defined as a certificate to certify
another certificate. The nested certification scheme brings out a new certificate
verification method, called subject certificate verification. Nested certificates
can be used together with classical certificates in the Public Key Infrastructures
(PKIs). Such a PKI, which is called Nested certificate based PKI (NPKI),
is proposed in this thesis also. Moreover, it is shown in this thesis that
subject certificate verification and the verification of certificate paths
in NPKI have the same confidence as the classical cryptographic certificate
and certificate path verification methods. Nested certificates give less
assurance than the classical certificates and no trust assumptions are
necessary to issue them. In this way, the certificate issuers and verifiers
of NPKI become more flexible.
In this thesis, analytical and simulation based performance analyses
are also carried out, in order to show the nested certification overhead
and the efficiency improvement in certificate and certificate path verification.
These analyses show that the subject certificate verification method and
the usage of nested certificates in NPKI significantly improve the verification
times as compared to cryptographic certificate and certificate path verification
methods. The disadvantage of nested certification in NPKI is the overhead
of a large number of nested certificate issuances, for the cases where
nested certification is enforced. However, this overhead is acceptable
in order to have quickly verifiable certificate paths.
Thesis in PDF (845K)