Optimal CRL Releasing Strategy in Public Key Infrastructure
نویسندگان
چکیده
Public key infrastructure has been proposed as a promising foundation for verifying the authenticity of communicating parties and transferring trust over the internet. One of the key issues in public key infrastructure is how to manage certificate revocations. Various technical solutions dealing with key revocation have been proposed. However, to the best of our best knowledge, no rigorous efforts have been made to understand the behavior of certificate revocation requests based on empirical data. Furthermore, there is no study on the managerial aspect of Certificate Revocation Release. In this study, based on the empirical data collected from VeriSign, we prove that a revocation system will become stable after a period of time. We show that different certificate authorities should take different strategies for releasing different types of certificate revocations. We also provide the exact steps by which certificate authorities can follow to derive optimal releasing strategies.
منابع مشابه
Hasten Message Authentication Protocol for Vehicular Ad Hoc Networks
In Vehicular ad hoc network (VANET) vehicles communicates through wireless channels, so there will be variety of attacks. To secure vehicular ad hoc network, deployed Public Key Infrastructure (PKI), and to use Certificate Revocation List (CRL) for managing the revoked certificates. The authentication of received message can be performed by first check if the sender’s certificate is in current ...
متن کاملNetwork Working Group Additional Algorithms and Identifiers for Rsa Cryptography for Use in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (crl) Profile
This document supplements RFC 3279. It describes the conventions for using the RSA Probabilistic Signature Scheme (RSASSA-PSS) signature algorithm, the RSA Encryption Scheme Optimal Asymmetric Encryption Padding (RSAES-OAEP) key transport algorithm and additional one-way hash functions with the Public-Key Cryptography Standards (PKCS) #1 version 1.5 signature algorithm in the Internet X.509 Pub...
متن کاملInternet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
This document supplements RFC 3279. It describes the conventions for using the RSA Probabilistic Signature Scheme (RSASSA-PSS) signature algorithm, the RSA Encryption Scheme Optimal Asymmetric Encryption Padding (RSAES-OAEP) key transport algorithm and additional one-way hash functions with the Public-Key Cryptography Standards (PKCS) #1 version 1.5 signature algorithm in the Internet X.509 Pub...
متن کاملIntrusion prevention and Message Authentication Protocol (IMAP) using Region Based Certificate Revocation List Method in Vehicular Ad hoc Networks
Vehicular Ad-hoc network uses some advanced Public Key Infrastructure and digital signature method for security. But, intrusion detection and avoidance is an inevitable challenge in networks. Authentication is performed in any PKI (Public Key Infrastructure) system by checking if the certificate of the sender is included in the CRL (Certificate Revocation List) and verifying the authenticity an...
متن کاملUpdate to DirectoryString Processing in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Abstract This document updates the handling of DirectoryStrin...
متن کامل