Digital certificates are employed in existing classical certification systems to certify the public keys of the users. In this thesis, a new certification scheme, which is called nested certification, is proposed. In simple terms, a nested certificate is defined as a certificate to certify another certificate. The nested certification scheme brings out a new certificate verification method, called subject certificate verification. Nested certificates can be used together with classical certificates in the Public Key Infrastructures (PKIs). Such a PKI, which is called Nested certificate based PKI (NPKI), is proposed in this thesis also. Moreover, it is shown in this thesis that subject certificate verification and the verification of certificate paths in NPKI have the same confidence as the classical cryptographic certificate and certificate path verification methods. Nested certificates give less assurance than the classical certificates and no trust assumptions are necessary to issue them. In this way, the certificate issuers and verifiers of NPKI become more flexible.
In this thesis, analytical and simulation based performance analyses
are also carried out, in order to show the nested certification overhead
and the efficiency improvement in certificate and certificate path verification.
These analyses show that the subject certificate verification method and
the usage of nested certificates in NPKI significantly improve the verification
times as compared to cryptographic certificate and certificate path verification
methods. The disadvantage of nested certification in NPKI is the overhead
of a large number of nested certificate issuances, for the cases where
nested certification is enforced. However, this overhead is acceptable
in order to have quickly verifiable certificate paths.
Thesis in PDF (845K)
Back to Albert Levi's home page