Reducing the Cost of Certificate Revocation: A Case Study

  • Mona H. Ofigsbø
  • Stig Frode Mjølsnes
  • Poul Heegaard
  • Leif Nilsen
Conference paper

DOI: 10.1007/978-3-642-16441-5_4

Part of the Lecture Notes in Computer Science book series (LNCS, volume 6391)
Cite this paper as:
Ofigsbø M.H., Mjølsnes S.F., Heegaard P., Nilsen L. (2010) Reducing the Cost of Certificate Revocation: A Case Study. In: Martinelli F., Preneel B. (eds) Public Key Infrastructures, Services and Applications. EuroPKI 2009. Lecture Notes in Computer Science, vol 6391. Springer, Berlin, Heidelberg

Abstract

We investigate how to reduce the cost of certificate revocation in the PKI system of UNINETT (The Internet of Norwegian Universities and Colleges), by analyzing and characterizing existing users’ needs and behavior. The focus is on how to reduce the number of revoked certificates and bandwidth consumption in order to achieve better scalability. We distinguish between three main types of revocation mechanisms: list pull, list push, and short validity period. We try to find the optimal parameter values with respect to revocation method, the number of groups, group size, validity period duration, application type access, and certificate security policy. The current user categories are permanent employees, temporary employees and students. This paper analyzes the collected empirical data for how long the users actually stay in the system, and the reasons and frequency of user terminations that require certificate revocations, and then models the consequences for certificate revocation.

Keywords

Revocation schemes scalability architecture policies network aspects 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Mona H. Ofigsbø
    • 1
  • Stig Frode Mjølsnes
    • 1
  • Poul Heegaard
    • 1
  • Leif Nilsen
    • 2
  1. 1.Department of TelematicsNTNUTrondheimNorway
  2. 2.Department of InformaticsUiO/UnikOsloNorway

Personalised recommendations