Windowed Certificate Revocation
نویسندگان
چکیده
The advent of electronic commerce and personal communications on the Internet heightens concerns over the lack of privacy and security. Network services providing a wide range of security related guarantees are increasingly based on public key certificates. A fundamental problem inhibiting the wide acceptance of existing certificate distribution services is the lack of a scalable certificate revocation mechanism. We argue in this paper that the resource requirements of extant revocation mechanisms place significant burden on certificate servers and network resources. We propose a novel mechanism called windowed revocation that satisfies the security policies and requirements of existing mechanisms and, at the same time, reduces the burden on certificate servers and network resources. We include a proof of correctness of windowed revocation and analyze worst case performance scenarios.
منابع مشابه
Windowed Key Revocation in Public Key Infrastructures
A fundamental problem inhibiting the wide acceptance of a Public Key Infrastructure (PKI) in the Internet is the lack of a mechanism that provides scalable certificate revocation. In this paper, we propose a novel mechanism called Windowed Revocation. In windowed revocation, certificate revocation is announced for short periods in periodic Certificate Revocation Lists (CRLs). Due to the assuran...
متن کاملA Model to Evaluate Certificate Revocation
This paper presents a model to evaluate certificate revocation using certificate revocation lists (CRL's) of the X.509 standard. The model shows the relationship between the number of users managed by a Certificate Authorities (CA) and the size of the revocation lists, the computation power of the CA and the necessary bandwidth to access the revoked certificates.
متن کاملStudy and Analysis on Certificate Revocation in MANETS
In Mobile Ad hoc Networks (MANETs), certification systems play an important role to achieve network security. Handling the issue of certificate revocation in wired network is somewhat easy compared to the MANETs. In wired network when the certificate of a malicious node get revoked then the certificate authorities add the information about the revoked node in to certificate revocation lists (CR...
متن کاملEmpirical Analysis of Certificate Revocation Lists
Managing public key certificates revocation has long been a central issue in public key infrastructures. Though various certificate revocation mechanisms have been proposed to address this issue, little effort has been devoted to the empirical analysis of real-world certificate revocation data. In this paper, we conduct such an empirical analysis based on a large amount of data collected from V...
متن کاملCertificate Revocation Lists or Online Mechanisms1
With more and more acceptance of Digital Certificates and Public Key Infrastructures (PKI), the mechanisms to revoke a certificate in a PKI have recently received increasing attention. The revocation mechanisms are commonly classified into Certificate Revocation Lists (CRLs), trusted dictionaries and online mechanisms. The designer of a PKI should select an appropriate revocation method suiting...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2000