Skip to main content
SpringerLink
Log in

Reducing the Cost of Certificate Revocation: A Case Study

  • Conference paper
Public Key Infrastructures, Services and Applications (EuroPKI 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6391))

Included in the following conference series:

Abstract

We investigate how to reduce the cost of certificate revocation in the PKI system of UNINETT (The Internet of Norwegian Universities and Colleges), by analyzing and characterizing existing users’ needs and behavior. The focus is on how to reduce the number of revoked certificates and bandwidth consumption in order to achieve better scalability. We distinguish between three main types of revocation mechanisms: list pull, list push, and short validity period. We try to find the optimal parameter values with respect to revocation method, the number of groups, group size, validity period duration, application type access, and certificate security policy. The current user categories are permanent employees, temporary employees and students. This paper analyzes the collected empirical data for how long the users actually stay in the system, and the reasons and frequency of user terminations that require certificate revocations, and then models the consequences for certificate revocation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Berkovits, S., Chokhani, S., Furlong, J.A., Geiter, J. A., Guild J.C.: Public Key Infrastructure Study: Final Report. Produced by MITRE Corporation for NIST (1994)

    Google Scholar 

  2. Adams, C., Lloyd, S.: Understanding PKI - concepts, standards and deployment considerations, 2nd edn. Addison-Wesley, Reading (2003)

    Google Scholar 

  3. Cooper, D.A.: A Model of Certificate Revocation. In: Proceedings of the Fifteenth Annual Computer Applications Conference, pp. 256–264 (1999)

    Google Scholar 

  4. Aarnes, A.: Public key Certificate Revocation schemes. Degree of Sivilingeniør at NTNU, Trondheim Norway (2000)

    Google Scholar 

  5. McDaniel, P., Rubin, A.: A response to Can we eliminate certificate revocation lists? In: Frankel, Y. (ed.) FC 2000. LNCS, vol. 1962, pp. 245–258. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  6. Micali, S.: NOVOMODO - scalable certificate validation and simplified PKI management. In: Proceedings - 1st annual PKI research workhop (2002)

    Google Scholar 

  7. Cvrcek, D.: Real-world problems of PKI hierarchy. In: Proceedings of the SPI Conference, Brno Czech, pp. 39–46 (2001)

    Google Scholar 

  8. Zheng, P.: Tradeoffs in certificate revocation schemes. In: ACM SIGCOMM Computer Communication Review, pp. 103–112. ACP Press, New York (2003)

    Google Scholar 

  9. Wohlmacher, P.: Digital Certificates: A survey of Revocation Methods. In: Proceedings of the 2000 ACM workshops on Multimedia, pp. 111–114. ACM Press, New York (2000)

    Chapter  Google Scholar 

  10. Jain, G.: Certificate revocation - A survey Computer Science Department. University of Pennsylvania (2000)

    Google Scholar 

  11. Rivest, R.L.: Can we eliminate certificate revocation lists? In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 178–183. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  12. Ma, C., Yingjiu Li, N.H.: On the Release of CRL in Public Key Infrastructure. In: Proceedings 15th Usenix Security Symposium, Vancouver Canada, pp. 17–28 (2006)

    Google Scholar 

  13. Feide.: FEIDE System Architecture. version 1.2 - 2007. This handbook is in Norwegian. For English, http://www.feide.no

  14. Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., Polk, W.: PKIX Certificate and CRL Profile. RFC5280 (2008)

    Google Scholar 

  15. Database for statistic on higher degree, The ministry of Knowledge in Norway, http://dbh.nsd.uib.no/dbhvev/ (in Norwegian)

  16. Survey report for higher education, The ministry of Knowledge in Norway (2009), http://www.regjeringen.no (in Norwegian)

  17. Housley, R., Polk, W., Ford, W., Solo, D.: Internet X.509 Public Key Infrastructure: Certificate and Certificate Revocation List (CRL) Profile. RFC3280 (2002)

    Google Scholar 

  18. Zheilenga, K.: Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names. RFC4514 (2006)

    Google Scholar 

  19. Sciberras, A.: Lightweight Directory Access Protocol (LDAP): Schema for User Applications. RFC 4519 (2006)

    Google Scholar 

  20. Kazeronni, E.A.: Population and Sample. American Journal of Roentgenology, AJR2001 177, 993–999 (2006)

    Article  Google Scholar 

  21. Battacharyya, G.K., Johnson, R.A.: Statistical concepts and methods. John Wiley & Sons, Chichester (1977)

    Google Scholar 

  22. Sica, G.T.: Bias in Research Studies. Journal of Radiological Society of North America, Radiology 238, 780–789 (2006)

    Google Scholar 

  23. Fletcher, R., Suzanne: Clinical empidemiology - The essentials, 4th edn. Lippincott Williams & Wilkins (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Telematics, NTNU, Trondheim, Norway

    Mona H. Ofigsbø, Stig Frode Mjølsnes & Poul Heegaard

  2. Department of Informatics, UiO/Unik, Oslo, Norway

    Leif Nilsen

Authors
  1. Mona H. Ofigsbø
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stig Frode Mjølsnes
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Poul Heegaard
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Leif Nilsen
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. National Research Council (C.N.R.), Istituto di Informatica e Telematica (IIT), Pisa Research Area, Via. G. Moruzzi 1, 56125, Pisa, Italy

    Fabio Martinelli

  2. Dept. Electrical Engineering-ESAT/COSIC, Katholieke Universiteit Leuven, Kasteelpark Arenberg 10, Bus 2446, 3001, Leuven, Belgium

    Bart Preneel

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ofigsbø, M.H., Mjølsnes, S.F., Heegaard, P., Nilsen, L. (2010). Reducing the Cost of Certificate Revocation: A Case Study. In: Martinelli, F., Preneel, B. (eds) Public Key Infrastructures, Services and Applications. EuroPKI 2009. Lecture Notes in Computer Science, vol 6391. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16441-5_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-16441-5_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-16440-8

  • Online ISBN: 978-3-642-16441-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation