On the release of CRLs in public key infrastructure

Authors:
Chengyu Ma;Nan Hu;Yingjiu Li
Affiliations:
Beijing University;Singapore Management, University;Singapore Management University
Venue:
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Year:
2006

Citing 0
Cited 8

On interdomain routing security and pretty secure BGP (psBGP)

ACM Transactions on Information and System Security (TISSEC)
Empirical Analysis of Certificate Revocation Lists

Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
A practical and efficient tree-list structure for public-key certificate validation

ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
Reducing the cost of certificate revocation: a case study

EuroPKI'09 Proceedings of the 6th European conference on Public key infrastructures, services and applications
Observations on certification authority key compromise

EuroPKI'10 Proceedings of the 7th European conference on Public key infrastructures, services and applications
On the self-similarity nature of the revocation data

ISC'12 Proceedings of the 15th international conference on Information Security
Impact of the revocation service in PKI prices

ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
PPREM: Privacy Preserving REvocation Mechanism for Vehicular Ad Hoc Networks

Computer Standards & Interfaces

Quantified Score

Hi-index	0.00

Visualization

Abstract

Public key infrastructure provides a promising foundation for verifying the authenticity of communicating parties and transferring trust over the internet. The key issue in public key infrastructure is how to process certificate revocations. Previous research in this aspect has concentrated on the tradeoffs that can be made among different revocation options. No rigorous efforts have been made to understand the probability distribution of certificate revocation requests based on real empirical data. In this study, we first collect real empirical data from VeriSign and derive the probability function for certificate revocation requests. We then prove that a revocation system will become stable after a period of time. Based on these, we show that different certificate authorities should take different strategies for releasing certificate revocation lists for different types of certificate services. We also provide the exact steps by which certificate authorities can derive optimal releasing strategies.