Skip to main content
SpringerLink
Log in

Certificate Revocation Using Fine Grained Certificate Space Partitioning

  • Conference paper
Financial Cryptography and Data Security (FC 2007)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4886))

Included in the following conference series:

Abstract

A new certificate revocation system is presented. The basic idea is to divide the certificate space into several partitions, the number of partitions being dependent on the PKI environment. Each partition contains the status of a set of certificates. A partition may either expire or be renewed at the end of a time slot. This is done efficiently using hash chains.

We evaluate the performance of our scheme following the framework and numbers used in previous papers. We show that for many practical values of the system parameters, our scheme is more efficient than the three well known certificate revocation techniques: CRL, CRS and CRT. Our scheme strikes the right balance between CA to directory communication costs and query costs by carefully selecting the number of partitions.

The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-3-540-77366-5_37

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aiello, W., Lodha, S., Ostrovsky, R.: Fast digital identity revocation (extended abstract). In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 137–152. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  2. Boneh, D., Franklin, M.K.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  3. Buldas, A., Laud, P., Lipmaa, H.: Accountable certificate management using undeniable attestations. In: ACM Conference on Computer and Communications Security, pp. 9–17 (2000)

    Google Scholar 

  4. Coppersmith, D., Jakobsson, M.: Almost optimal hash sequence traversal. In: Blaze, M. (ed.) FC 2002. LNCS, vol. 2357, pp. 102–119. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  5. Dan Boneh, G.T., Ding, X., Wong, C.M.: A method for fast revocation of public key certificates and security capabilities. In: The 10th USENIX Security Symposium, pp. 297–308 (2001)

    Google Scholar 

  6. Gentry, C.: Certificate-based encryption and the certificate revocation problem. In: Biham, E. (ed.) EUROCRPYT 2003. LNCS, vol. 2656, pp. 272–293. Springer, Heidelberg (2003)

    Google Scholar 

  7. Gassko, I., Gemmell, P., MacKenzie, P.D.: Efficient and fresh certification. In: Imai, H., Zheng, Y. (eds.) PKC 2000. LNCS, vol. 1751, pp. 342–353. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  8. Goyal, V.: Certificate revocation lists or online mechanisms. In: Fernández-Medina, E., César Hernández Castro, J., Javier García-Villalba, L.(eds.) WOSIS, pp. 261–268, INSTICC Press (2004)

    Google Scholar 

  9. Jakobsson, M.: Fractal hash sequence representation and traversal. In: ISIT 2002, http://eprint.iacr.org/2002/001 and www.markus-jakobsson.com

  10. Kocher, P.C.: On certificate revocation and validation. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 172–177. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  11. Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990)

    Google Scholar 

  12. Micali, S.: Efficient certificate revocation. Technical Report MIT/LCS/TM-542b (1996)

    Google Scholar 

  13. Micali, S.: Efficient certificate revocation. In: Proceedings 1997 RSA Data Security Conference (1997)

    Google Scholar 

  14. Micali, S.: Novomodo: Scalable certificate validation and simplified pki management. In: 1st Annual PKI Research Workshop - Proceeding (2002)

    Google Scholar 

  15. McDaniel, P.D., Jamin, S.: Windowed certificate revocation. In: INFOCOM, pp. 1406–1414 (2000)

    Google Scholar 

  16. Naor, M., Nissim, K.:Certificate revocation and certificate update. In: Proceedings 7th USENIX Security Symposium (San Antonio, Texas) (January 1998)

    Google Scholar 

  17. Online certificate status protocol: version 2. In: Working document of the Internet Engineering Task Force (IETF), RFC 2560, http://www.ietf.org

  18. Rivest, R.L.: Can we eliminate certificate revocations lists? In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 178–183. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  19. Sella, Y.: On the computation-storage trade-offs of hash chain traversal. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 270–285. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  20. Stubblebine, S.: Recent-secure authentication: Enforcing revocation in distributed systems. In: Proceedings 1995 IEEE Symposium on Research in Security and Privacy, pp. 224–234 (May 1995)

    Google Scholar 

  21. Zheng, P.: Tradeoffs in certificate revocation schemes. Computer Communication Review 33(2), 103–112 (2003)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of California, Los Angeles

    Vipul Goyal

Authors
  1. Vipul Goyal
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Software Engineering Institute, Carnegie Mellon University, 4500 Fifth Avenue, 15213, Pittsburgh, PA, USA

    Sven Dietrich

  2. CRCS DEAS, Harvard University, Maxwell Dworkin 110, 33 Oxford Street, 02138, Cambridge, MA, USA

    Rachna Dhamija

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Goyal, V. (2007). Certificate Revocation Using Fine Grained Certificate Space Partitioning. In: Dietrich, S., Dhamija, R. (eds) Financial Cryptography and Data Security. FC 2007. Lecture Notes in Computer Science, vol 4886. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77366-5_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-77366-5_24

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-77365-8

  • Online ISBN: 978-3-540-77366-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation