Empirical Analysis of Certificate Revocation Lists

Authors:
Daryl Walleck;Yingjiu Li;Shouhuai Xu
Affiliations:
University of Texas at San Antonio, West San Antonio, TX 78249;Singapore Management University, Singapore, 178902;University of Texas at San Antonio, West San Antonio, TX 78249
Venue:
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Year:
2008

Citing 12
Cited 4

Generalized certificate revocation

Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Digital certificates: a survey of revocation methods

MULTIMEDIA '00 Proceedings of the 2000 ACM workshops on Multimedia
Nonmonotonicity, User Interfaces, and Risk Assessment in Certificate Revocation

FC '01 Proceedings of the 5th International Conference on Financial Cryptography
Certificate Recocation: Mechanics and Meaning

FC '98 Proceedings of the Second International Conference on Financial Cryptography
Can We Eliminate Certificate Revocations Lists?

FC '98 Proceedings of the Second International Conference on Financial Cryptography
On Certificate Revocation and Validation

FC '98 Proceedings of the Second International Conference on Financial Cryptography
A Response to ''Can We Eliminate Certificate Revocation Lists?''

FC '00 Proceedings of the 4th International Conference on Financial Cryptography
A Model of Certificate Revocation

ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Recent-secure authentication: enforcing revocation in distributed systems

SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
Tradeoffs in certificate revocation schemes

ACM SIGCOMM Computer Communication Review
On the release of CRLs in public key infrastructure

USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Certificate revocation and certificate update

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7

Modeling long-term signature validation for resolution of dispute

TOSCA'11 Proceedings of the 2011 international conference on Theory of Security and Applications
On the self-similarity nature of the revocation data

ISC'12 Proceedings of the 15th international conference on Information Security
Certification validation: Back to the past

Computers & Mathematics with Applications
BECSI: Bandwidth efficient certificate status information distribution mechanism for VANETs

Mobile Information Systems

Quantified Score

Hi-index	0.02

Visualization

Abstract

Managing public key certificates revocation has long been a central issue in public key infrastructures. Though various certificate revocation mechanisms have been proposed to address this issue, little effort has been devoted to the empirical analysis of real-world certificate revocation data. In this paper, we conduct such an empirical analysis based on a large amount of data collected from VeriSign. Our study enables us to understand how long a revoked certificate lives and what the difference is in the lifetime of revoked certificates by certificate types, geographic locations, and organizations. Our study also provides a solid foundation for future research on optimal management of certificate revocation for different types of certificates requested from different organizations and located in different geographic locations.