Abstract
With the ever-increasing growth in electronic messaging and electronic commerce, the need for an infrastructure to provide confidentiality, security, and confidence for such exchanges to take place is quite evident [2]. Here, public keys and certificates are issued to users for authorization purposes. One of the primary concerns in these systems is the handling of certificate revocation prior to the expiration date. In this paper, we propose a new approach for managing certificate revocation. All existing schemes require that the information about revoked certificates be sent only periodically to the directories used for verification. This gives rise to the problem of obsolescence. To overcome this problem, we have introduced a new layer in the traditional architecture. Using a preliminary analysis, we show the impact of the new scheme on the up-to-datedness, robustness, load distribution, and response time of the system. Similarly, we show the additional costs incurred in terms of communication cost, processing cost, and hardware costs.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35587-0_24
Chapter PDF
Similar content being viewed by others
References
Adams, C., and S. Lloyd, Understanding Public-Key Infrastructure: Concepts, Standards, and Deployment Considerations, Macmillan Publishing, 1999.
S. Berkovits, S. Chokhani, J. A. Furlong, J. A. Geiter, and J. C. Guild, “Public Key Infrastructure Study: Final Report,” MITRE, McLean, Virginia, 1994.
CertCo, Inc. White Paper by Richard C. Ankney: Certificate Revocation Mechanisms. Retrieved March 01, 2001 from the World Wide Web: http://www.certco.com./
CertCo, Inc. White Paper by Richard Salz: The Transaction Instant: A Question of Validity. Retrieved March 01, 2001 from the World Wide Web: http://www.certco.com/b2b/OCSP_Salz.pdf
Chokhani, S., “Toward a National Public Key Infrastructure,” IEEE Communications Magazine, September 1994, Vol. 32, Issue: 9, pp. 70–74.
Cooper, D.A., “A model for certificate revocation,” Proceedings of the 15th Annual Computer Security Applications Conference, pp. 256–264, December 1999.
Cooper, D.A., “A more efficient use of Delta-CRLs,” Proceedings of the 2000 IEEE Symposium on Security and Privacy, pp. 190–202, May 2000.
Ellison, C. and B. Schneier, “Ten Risks of PKI: What You’re not Being Told about Public Key Infrastructure.” Computer Security Journal, v 16, n 1, 2000, pp. 1–7. [Magazine, selected stories on-line]. Retrieved March 01, 2001 from http://www.counterpane.com/pki-risks.html.
Fox, B., and B. LaMacchia, “Certificate revocation: Mechanics and Meaning,” URL: www.farcaster.com/papers/fc98/.
Fratto, M., “Certificate Revocation: When not to trust,” Network Computing, June 26, 2000 (URL: http://www.networkcomputing.com/1112/1112ws1.html)
Housley, R., W. Ford,et al., “X.509 Internet Public Key Infrastructure Certificate and CRL Profile.” The Internet Society,1999. Retrieved February 14, 2001 from ftp://ftp.isi.edu/in-notes/rfc2459.txt.
McDaniel, P., “Windowed Certificate Revocation,” Technical Report CSE-TR-413–99, Department of Electrical Engineering and Computer Science, University of Michigan, 1999 (URL: http://www.eecs.umich.edu/techreports/cse/1999/CSE-TR-413–99.pdf)
Micali, S., “Efficient certificate revocation,” Technical Memo MIT/LCS/TM-542b, Massachusetts Institute of Technology, Laboratory for Computer Science, 1996.
Myers, M., R. Ankney, A. Malpani, S. Galperin, and C. Adams, X.509 Internet Public Key Infrastructure: On-line Certificate Status Protocol, IETF RFC 2560, June 1999.
Naor, M., and K. Nissim, “Certificate revocation and certificate update,” Proceedings of the 7th USENIX Security Symposium, 1998.
Rivest, R.L., “Can we eliminate certificate revocation lists?” Proc. Financial Cryptogrpahy 1998, Springer-Verlag, Feb. 1998.
Stubblebine, S., “Recent Secure Authentication: Enforcing Revocation in Distributed Systems,” IEEE Symposium on Research in Security and Privacy, Oakland, May, 1995, pp. 224–234.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Mukkamala, R., Jajodia, S. (2002). A Novel Approach to Certificate Revocation Management. In: Olivier, M.S., Spooner, D.L. (eds) Database and Application Security XV. IFIP — The International Federation for Information Processing, vol 87. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35587-0_16
Download citation
DOI: https://doi.org/10.1007/978-0-387-35587-0_16
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-1028-1
Online ISBN: 978-0-387-35587-0
eBook Packages: Springer Book Archive