Advertisement

Impact of the Revocation Service in PKI Prices

  • Carlos Gañán
  • Jose L. Muñoz
  • Oscar Esparza
  • Jorge Mata-Díaz
  • Juanjo Alins
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7618)

Abstract

The ability to communicate securely is needed for many network applications. Public key infrastructure (PKI) is the most extended solution to verify and confirm the identity of each party involved in any secure transaction and transfer trust over the network. One of the hardest tasks of a certification infrastructure is to manage revocation. Research on this topic has focused on the trade-offs that different revocation mechanisms offer. However, less effort has been paid to understand the benefits of improving the revocation policies. In this paper, we analyze the behavior of the oligopoly of certificate providers that issue digital certificates to clients facing identical independent risks. We found the prices in the equilibrium, and we proof that certificate providers that offer better revocation information are able to impose higher prices to their certificates without sacrificing market share in favor of the other oligarchs. In addition, we show that our model is able to explain the actual tendency of the SSL market where providers with worst QoS are suffering loses.

Keywords

PKI pricing SSL certificates CRLs 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Adams, C., Farrell, S.: Internet X.509 Public Key Infrastructure Certificate Management Protocols. RFC 2510, Internet Engineering Task Force (March 1999)Google Scholar
  2. 2.
    Housley, R., Polk, W., Ford, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 3280, Internet Engineering Task Force (April 2002)Google Scholar
  3. 3.
    Perlines Hormann, T., Wrona, K., Holtmanns, S.: Evaluation of certificate validation mechanisms. Comput. Commun. 29, 291–305 (2006)CrossRefGoogle Scholar
  4. 4.
    Arnes, A.: Public key certificate revocation schemes. Queen’s University. Ontario, Canada. Master Thesis (2000)Google Scholar
  5. 5.
    Cooper, D.A.: A more efficient use of Delta-CRLs. In: 2000 IEEE Symposium on Security and Privacy. Computer Security Division of NIST, pp. 190–202 (2000)Google Scholar
  6. 6.
    Ofigsbø, M.H., Mjølsnes, S.F., Heegaard, P., Nilsen, L.: Reducing the Cost of Certificate Revocation: A Case Study. In: Martinelli, F., Preneel, B. (eds.) EuroPKI 2009. LNCS, vol. 6391, pp. 51–66. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  7. 7.
    Ma, C., Hu, N., Li, Y.: On the release of CRLs in public key infrastructure. In: Proceedings of the 15th Conference on USENIX Security Symposium, Berkeley, CA, USA, vol. 15 (2006)Google Scholar
  8. 8.
    Hu, N., Tayi, G.K., Ma, C., Li, Y.: Certificate revocation release policies. J. Comput. Secur. 17, 127–157 (2009)Google Scholar
  9. 9.
    WhichSSL. SSL Market Share (2010), http://www.whichssl.com/ssl-market-share.html

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Carlos Gañán
    • 1
  • Jose L. Muñoz
    • 1
  • Oscar Esparza
    • 1
  • Jorge Mata-Díaz
    • 1
  • Juanjo Alins
    • 1
  1. 1.Departament Enginyeria TelemàticaUniversitat Politècnica de CatalunyaSpain

Personalised recommendations