On the self-similar nature of Ethernet traffic (extended version)
IEEE/ACM Transactions on Networking (TON)
Self-similarity and heavy tails: structural modeling of network traffic
A practical guide to heavy tails
Certificate Recocation: Mechanics and Meaning
FC '98 Proceedings of the Second International Conference on Financial Cryptography
A Model of Certificate Revocation
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
A More Efficient Use of Delta-CRLs
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
On the release of CRLs in public key infrastructure
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Empirical Analysis of Certificate Revocation Lists
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Certificate revocation release policies
Journal of Computer Security
Reducing the cost of certificate revocation: a case study
EuroPKI'09 Proceedings of the 6th European conference on Public key infrastructures, services and applications
Tutorial: Technological infrastructure for PKI and digital certification
Computer Communications
Certificate revocation and certificate update
IEEE Journal on Selected Areas in Communications
Hi-index | 0.00 |
One of the hardest tasks of a Public Key Infrastructure (PKI) is to manage revocation. Different revocation mechanisms have been proposed to invalidate the credentials of compromised or misbehaving users. All these mechanisms aim to optimize the transmission of revocation data to avoid unnecessary network overhead. To that end, they establish release policies based on the assumption that the revocation data follows uniform or Poisson distribution. Temporal distribution of the revocation data has a significant influence on the performance and scalability of the revocation service. In this paper, we demonstrate that the temporal distribution of the daily number of revoked certificates is statistically self-similar, and that the currently assumed Poisson distribution does not capture the statistical properties of the distribution. None of the commonly used revocation models takes into account this fractal behavior, though such behavior has serious implications for the design, control, and analysis of revocation protocols such as CRL or delta-CRL.