Reducing the cost of certificate revocation: a case study

  • Authors:

  • Mona H. Ofigsbø;Stig Frode Mjølsnes;Poul Heegaard;Leif Nilsen

  • Affiliations:

  • Department of Telematics, NTNU, Trondheim, Norway;Department of Telematics, NTNU, Trondheim, Norway;Department of Telematics, NTNU, Trondheim, Norway;Department of Informatics, UiO, Unik, Oslo, Norway

  • Venue:
  • EuroPKI'09 Proceedings of the 6th European conference on Public key infrastructures, services and applications
  • Year:
  • 2009

Quantified Score

Hi-index 0.00

Visualization

Abstract

We investigate how to reduce the cost of certificate revocation in the PKI system of UNINETT (The Internet of Norwegian Universities and Colleges), by analyzing and characterizing existing users' needs and behavior. The focus is on how to reduce the number of revoked certificates and bandwidth consumption in order to achieve better scalability. We distinguish between three main types of revocation mechanisms: list pull, list push, and short validity period. We try to find the optimal parameter values with respect to revocation method, the number of groups, group size, validity period duration, application type access, and certificate security policy. The current user categories are permanent employees, temporary employees and students. This paper analyzes the collected empirical data for how long the users actually stay in the system, and the reasons and frequency of user terminations that require certificate revocations, and then models the consequences for certificate revocation.