On the self-similarity nature of the revocation data

Authors:
Carlos Gañán;Jorge Mata-Díaz;Jose L. Muñoz;Oscar Esparza;Juanjo Alins
Affiliations:
Telematics Department, Universitat Politècnica de Catalunya, Barcelona, Spain;Telematics Department, Universitat Politècnica de Catalunya, Barcelona, Spain;Telematics Department, Universitat Politècnica de Catalunya, Barcelona, Spain;Telematics Department, Universitat Politècnica de Catalunya, Barcelona, Spain;Telematics Department, Universitat Politècnica de Catalunya, Barcelona, Spain
Venue:
ISC'12 Proceedings of the 15th international conference on Information Security
Year:
2012

Citing 11
Cited 0

On the self-similar nature of Ethernet traffic (extended version)

IEEE/ACM Transactions on Networking (TON)
Self-similarity and heavy tails: structural modeling of network traffic

A practical guide to heavy tails
Certificate Recocation: Mechanics and Meaning

FC '98 Proceedings of the Second International Conference on Financial Cryptography
A Model of Certificate Revocation

ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
A More Efficient Use of Delta-CRLs

SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
On the release of CRLs in public key infrastructure

USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Empirical Analysis of Certificate Revocation Lists

Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Certificate revocation release policies

Journal of Computer Security
Reducing the cost of certificate revocation: a case study

EuroPKI'09 Proceedings of the 6th European conference on Public key infrastructures, services and applications
Tutorial: Technological infrastructure for PKI and digital certification

Computer Communications
Certificate revocation and certificate update

IEEE Journal on Selected Areas in Communications

Quantified Score

Hi-index	0.00

Visualization

Abstract

One of the hardest tasks of a Public Key Infrastructure (PKI) is to manage revocation. Different revocation mechanisms have been proposed to invalidate the credentials of compromised or misbehaving users. All these mechanisms aim to optimize the transmission of revocation data to avoid unnecessary network overhead. To that end, they establish release policies based on the assumption that the revocation data follows uniform or Poisson distribution. Temporal distribution of the revocation data has a significant influence on the performance and scalability of the revocation service. In this paper, we demonstrate that the temporal distribution of the daily number of revoked certificates is statistically self-similar, and that the currently assumed Poisson distribution does not capture the statistical properties of the distribution. None of the commonly used revocation models takes into account this fractal behavior, though such behavior has serious implications for the design, control, and analysis of revocation protocols such as CRL or delta-CRL.