Certificate Path Verification in Hierarchical and Peer-to-Peer Public Key Infrastructures



Balachandra and Prema K.V.


“Authentication of users in an automated business transaction is commonly realized by means of a Public Key Infrastructure(PKI). A PKI is a framework on which the security services are built. Each user or end entity is given a digitally signed data structure called digital certificate. In Hierarchical PKI, certificate path is unidirectional, so certificate path development and validation is simple and straight forward. Peer-to-Peer(also called Mesh PKI) architecture is one of the most popular PKI trust models that is widely used in automated business transactions, but certificate path verification is very complex since there are multiple paths between users and the certification path is bidirectional. In this paper, we demonstrate the advantage of certificate path verification in Hierarchical PKI based on forward path construction method over reverse path construction method with respect to the time requirement. We also propose a novel method to convert a peer-to-peer PKI to a Depth First Search(DFS) spanning tree to simplify the certificate path verification by avoiding multiple paths between users, since the DFS spanning tree equivalent of peer-to-peer PKI contains only one path between any two Certification Authorities.


PKI Hierarchical PKI, peer to peer PKI, Certification authority, certification verification, open SSL


  • Eric Cronin, Tal Malkin et.al(2003), ‘On the Performance, Feasibility and use of Forward- Secure Signatures’, CCS’03, Washington, DC, USA.
  • Burt Kaliski(1993), ‘A Survey of Encryption Standards’, RSA Laboratories, IEEE Micro Joel Weise(2001) , ‘Public Key Infrastructure Overview’
  • Juan Hernndez-Serranoa, Cristina Satizbal et.al(2007), ‘Building a virtual hierarchy to simplify certification path discovery in mobile ad-hoc networks, Computer Communications’, Volume 30, Issue 7, Pages 1498-1512.
  • Rafael Pez, Cristina Satizbal, et.al(2006), ‘Building a Virtual Hierarchy for Man- aging Trust Relationships in a Hybrid Architecture’, Journal of Computers, VOL. 1, NO. 7
  • Satoshi Koga, Kouichi Sakurai(2004), ‘A Merging Method of Certification Authorities Without Using Cross-Certifications’, Proceedings of the International Conference on Advanced Information Networking and Application (AINA\'04), IEEE
  • Guo, Okuyama et.al.(2005), ‘A New Trust Model for PKI Interoperability’, Proceedings of the Joint International Conference on Autonomic and Autonomous Systems and International Conference on Networking and Services (ICAS/ICNS 2005), IEEE

RNI Registration No. CHAENG/2016/68678