Certificate revocation release policies

Authors:
Nan Hu;Giri K. Tayi;Chengyu Ma;Yingjiu Li
Affiliations:
School of Information Systems, Singapore Management University, 178902 Singapore. E-mails: {hunan, cyma, yjli}@smu.edu.sg;School of Business, State University of New York at Albany, Albany, NY 12222, USA. E-mail: g.tayi@albany.edu;School of Information Systems, Singapore Management University, 178902 Singapore. E-mails: {hunan, cyma, yjli}@smu.edu.sg;(Correspd. E-mail: yjli@smu.edu.sg) School of Information Systems, Singapore Management University, 178902 Singapore. E-mails: {hunan, cyma, yjli}@smu.edu.sg
Venue:
Journal of Computer Security
Year:
2009

Citing 12
Cited 3

Generalized certificate revocation

Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Digital certificates: a survey of revocation methods

MULTIMEDIA '00 Proceedings of the 2000 ACM workshops on Multimedia
Nonmonotonicity, User Interfaces, and Risk Assessment in Certificate Revocation

FC '01 Proceedings of the 5th International Conference on Financial Cryptography
Certificate Recocation: Mechanics and Meaning

FC '98 Proceedings of the Second International Conference on Financial Cryptography
Can We Eliminate Certificate Revocations Lists?

FC '98 Proceedings of the Second International Conference on Financial Cryptography
On Certificate Revocation and Validation

FC '98 Proceedings of the Second International Conference on Financial Cryptography
A Response to ''Can We Eliminate Certificate Revocation Lists?''

FC '00 Proceedings of the 4th International Conference on Financial Cryptography
A Model of Certificate Revocation

ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Recent-secure authentication: enforcing revocation in distributed systems

SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
Efficient Certificate Revocation

Efficient Certificate Revocation
Tradeoffs in certificate revocation schemes

ACM SIGCOMM Computer Communication Review
Certificate revocation and certificate update

IEEE Journal on Selected Areas in Communications

On the self-similarity nature of the revocation data

ISC'12 Proceedings of the 15th international conference on Information Security
Impact of the revocation service in PKI prices

ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
Digital certificate management: Optimal pricing and CRL releasing strategies

Decision Support Systems

Quantified Score

Hi-index	0.01

Visualization

Abstract

Public key infrastructure provides a promising foundation for verifying the authenticity of communicating parties and transferring trust over the Internet. The key issue in public key infrastructure is how to process certificate revocations. Previous research in this area has concentrated on the tradeoffs that can be made among different revocation options. No rigorous efforts have been made to understand the probability distribution of certificate revocation requests based on real empirical data. In this study, we first collect real data from VeriSign and suggest a functional form for the probability density function of certificate revocation requests. Exponential distribution function is chosen as it adequately approximates the real data. We then provide an economic model based on which a certificate authority can choose the optimal Certificate Revocation List (CRL) release interval considering the intrinsic properties among different types of certificate services. To conclude we draw some insights by comparing the performance of four different CRL strategies.