Abstract
We investigate how to reduce the cost of certificate revocation in the PKI system of UNINETT (The Internet of Norwegian Universities and Colleges), by analyzing and characterizing existing users’ needs and behavior. The focus is on how to reduce the number of revoked certificates and bandwidth consumption in order to achieve better scalability. We distinguish between three main types of revocation mechanisms: list pull, list push, and short validity period. We try to find the optimal parameter values with respect to revocation method, the number of groups, group size, validity period duration, application type access, and certificate security policy. The current user categories are permanent employees, temporary employees and students. This paper analyzes the collected empirical data for how long the users actually stay in the system, and the reasons and frequency of user terminations that require certificate revocations, and then models the consequences for certificate revocation.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Berkovits, S., Chokhani, S., Furlong, J.A., Geiter, J. A., Guild J.C.: Public Key Infrastructure Study: Final Report. Produced by MITRE Corporation for NIST (1994)
Adams, C., Lloyd, S.: Understanding PKI - concepts, standards and deployment considerations, 2nd edn. Addison-Wesley, Reading (2003)
Cooper, D.A.: A Model of Certificate Revocation. In: Proceedings of the Fifteenth Annual Computer Applications Conference, pp. 256–264 (1999)
Aarnes, A.: Public key Certificate Revocation schemes. Degree of Sivilingeniør at NTNU, Trondheim Norway (2000)
McDaniel, P., Rubin, A.: A response to Can we eliminate certificate revocation lists? In: Frankel, Y. (ed.) FC 2000. LNCS, vol. 1962, pp. 245–258. Springer, Heidelberg (2001)
Micali, S.: NOVOMODO - scalable certificate validation and simplified PKI management. In: Proceedings - 1st annual PKI research workhop (2002)
Cvrcek, D.: Real-world problems of PKI hierarchy. In: Proceedings of the SPI Conference, Brno Czech, pp. 39–46 (2001)
Zheng, P.: Tradeoffs in certificate revocation schemes. In: ACM SIGCOMM Computer Communication Review, pp. 103–112. ACP Press, New York (2003)
Wohlmacher, P.: Digital Certificates: A survey of Revocation Methods. In: Proceedings of the 2000 ACM workshops on Multimedia, pp. 111–114. ACM Press, New York (2000)
Jain, G.: Certificate revocation - A survey Computer Science Department. University of Pennsylvania (2000)
Rivest, R.L.: Can we eliminate certificate revocation lists? In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 178–183. Springer, Heidelberg (1998)
Ma, C., Yingjiu Li, N.H.: On the Release of CRL in Public Key Infrastructure. In: Proceedings 15th Usenix Security Symposium, Vancouver Canada, pp. 17–28 (2006)
Feide.: FEIDE System Architecture. version 1.2 - 2007. This handbook is in Norwegian. For English, http://www.feide.no
Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., Polk, W.: PKIX Certificate and CRL Profile. RFC5280 (2008)
Database for statistic on higher degree, The ministry of Knowledge in Norway, http://dbh.nsd.uib.no/dbhvev/ (in Norwegian)
Survey report for higher education, The ministry of Knowledge in Norway (2009), http://www.regjeringen.no (in Norwegian)
Housley, R., Polk, W., Ford, W., Solo, D.: Internet X.509 Public Key Infrastructure: Certificate and Certificate Revocation List (CRL) Profile. RFC3280 (2002)
Zheilenga, K.: Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names. RFC4514 (2006)
Sciberras, A.: Lightweight Directory Access Protocol (LDAP): Schema for User Applications. RFC 4519 (2006)
Kazeronni, E.A.: Population and Sample. American Journal of Roentgenology, AJR2001 177, 993–999 (2006)
Battacharyya, G.K., Johnson, R.A.: Statistical concepts and methods. John Wiley & Sons, Chichester (1977)
Sica, G.T.: Bias in Research Studies. Journal of Radiological Society of North America, Radiology 238, 780–789 (2006)
Fletcher, R., Suzanne: Clinical empidemiology - The essentials, 4th edn. Lippincott Williams & Wilkins (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ofigsbø, M.H., Mjølsnes, S.F., Heegaard, P., Nilsen, L. (2010). Reducing the Cost of Certificate Revocation: A Case Study. In: Martinelli, F., Preneel, B. (eds) Public Key Infrastructures, Services and Applications. EuroPKI 2009. Lecture Notes in Computer Science, vol 6391. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16441-5_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-16441-5_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16440-8
Online ISBN: 978-3-642-16441-5
eBook Packages: Computer ScienceComputer Science (R0)