Evaluating certificate status information mechanisms
Proceedings of the 7th ACM conference on Computer and communications security
Password authentication with insecure communication
Communications of the ACM
PKI: It's Not Dead, Just Resting
Computer
A Digital Signature Based on a Conventional Encryption Function
CRYPTO '87 A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology
Can We Eliminate Certificate Revocations Lists?
FC '98 Proceedings of the Second International Conference on Financial Cryptography
On Certificate Revocation and Validation
FC '98 Proceedings of the Second International Conference on Financial Cryptography
Harvest, Yield, and Scalable Tolerant Systems
HOTOS '99 Proceedings of the The Seventh Workshop on Hot Topics in Operating Systems
Recent-secure authentication: enforcing revocation in distributed systems
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
Efficient Certificate Revocation
Efficient Certificate Revocation
PKI design based on the use of on-line certification authorities
International Journal of Information Security
Distributing security-mediated PKI
International Journal of Information Security
NetAuth: supporting user-based network services
SS'08 Proceedings of the 17th conference on Security symposium
Certificate revocation using fine grained certificate space partitioning
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Distributing security-mediated PKI revisited
EuroPKI 2006 Proceedings of the Third European conference on Public Key Infrastructure: theory and Practice
Towards a framework for evaluating certificate status information mechanisms
Computer Communications
Using WebDAV for improved certificate revocation and publication
EuroPKI'07 Proceedings of the 4th European conference on Public Key Infrastructure: theory and practice
Digital identity security architecture in Ethos
Proceedings of the 7th ACM workshop on Digital identity management
Certification validation: back to the past
EuroPKI'11 Proceedings of the 8th European conference on Public Key Infrastructures, Services, and Applications
Privacy in mobile technology for personal healthcare
ACM Computing Surveys (CSUR)
Certification validation: Back to the past
Computers & Mathematics with Applications
| Hi-index | 0.00 |
PKI has a history of very poor support for revocation. It is both too expensive and too coarse grained, so that private keys which are compromised or otherwise become invalid remain in use long after they should have been revoked. This paper considers Instant Revocation, or revocations which take place within a second or two.A new revocation scheme, Certificate Push Revocation (CPR)is described which can support instant revocation. CPR can be hundreds to thousands of times more Internet-bandwidth efficient than traditional and widely deployed schemes. It also achieves significant improvements in cryptographic overheads. Its costs are essentially independent of the number of queries, encouraging widespread use of PKI authentication.Although explored in the context of instant revocation, CPR is even more efficient--both in relative and absolute terms--when used with coarser grain (non-instant) revocations.