Reducing the cost of certificate revocation: A case study

Mona H. Ofigsbø; Stig Frode Mjølsnes; Poul Heegaard; Leif Nilsen

doi:10.1007/978-3-642-16441-5_4

Reducing the cost of certificate revocation: A case study

Mona H. Ofigsbø, Stig Frode Mjølsnes, Poul Heegaard, Leif Nilsen

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

5 Scopus citations

Abstract

We investigate how to reduce the cost of certificate revocation in the PKI system of UNINETT (The Internet of Norwegian Universities and Colleges), by analyzing and characterizing existing users' needs and behavior. The focus is on how to reduce the number of revoked certificates and bandwidth consumption in order to achieve better scalability. We distinguish between three main types of revocation mechanisms: list pull, list push, and short validity period. We try to find the optimal parameter values with respect to revocation method, the number of groups, group size, validity period duration, application type access, and certificate security policy. The current user categories are permanent employees, temporary employees and students. This paper analyzes the collected empirical data for how long the users actually stay in the system, and the reasons and frequency of user terminations that require certificate revocations, and then models the consequences for certificate revocation.

Original language	English
Title of host publication	Public Key Infrastructures, Services and Applications - 6th European Workshop, EuroPKI 2009, Revised Selected Papers
Pages	51-66
Number of pages	16
DOIs	https://doi.org/10.1007/978-3-642-16441-5_4
State	Published - 2010
Externally published	Yes
Event	6th European Workshop on Public Key Services, Applications and Infrastructures, EuroPKI 2009 - Pisa, Italy Duration: 10 Sep 2009 → 11 Sep 2009

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	6391 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	6th European Workshop on Public Key Services, Applications and Infrastructures, EuroPKI 2009
Country/Territory	Italy
City	Pisa
Period	10/09/09 → 11/09/09

Keywords

Revocation schemes
architecture
network aspects
policies
scalability

Access to Document

10.1007/978-3-642-16441-5_4

Cite this

Ofigsbø, M. H., Mjølsnes, S. F., Heegaard, P., & Nilsen, L. (2010). Reducing the cost of certificate revocation: A case study. In Public Key Infrastructures, Services and Applications - 6th European Workshop, EuroPKI 2009, Revised Selected Papers (pp. 51-66). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6391 LNCS). https://doi.org/10.1007/978-3-642-16441-5_4

Ofigsbø, Mona H. ; Mjølsnes, Stig Frode ; Heegaard, Poul et al. / Reducing the cost of certificate revocation : A case study. Public Key Infrastructures, Services and Applications - 6th European Workshop, EuroPKI 2009, Revised Selected Papers. 2010. pp. 51-66 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{2885c8a817c24d5b87825cf403218e59,

title = "Reducing the cost of certificate revocation: A case study",

abstract = "We investigate how to reduce the cost of certificate revocation in the PKI system of UNINETT (The Internet of Norwegian Universities and Colleges), by analyzing and characterizing existing users' needs and behavior. The focus is on how to reduce the number of revoked certificates and bandwidth consumption in order to achieve better scalability. We distinguish between three main types of revocation mechanisms: list pull, list push, and short validity period. We try to find the optimal parameter values with respect to revocation method, the number of groups, group size, validity period duration, application type access, and certificate security policy. The current user categories are permanent employees, temporary employees and students. This paper analyzes the collected empirical data for how long the users actually stay in the system, and the reasons and frequency of user terminations that require certificate revocations, and then models the consequences for certificate revocation.",

keywords = "Revocation schemes, architecture, network aspects, policies, scalability",

author = "Ofigsb{\o}, {Mona H.} and Mj{\o}lsnes, {Stig Frode} and Poul Heegaard and Leif Nilsen",

year = "2010",

doi = "10.1007/978-3-642-16441-5_4",

language = "English",

isbn = "3642164404",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "51--66",

booktitle = "Public Key Infrastructures, Services and Applications - 6th European Workshop, EuroPKI 2009, Revised Selected Papers",

note = "6th European Workshop on Public Key Services, Applications and Infrastructures, EuroPKI 2009 ; Conference date: 10-09-2009 Through 11-09-2009",

}

Ofigsbø, MH, Mjølsnes, SF, Heegaard, P & Nilsen, L 2010, Reducing the cost of certificate revocation: A case study. in Public Key Infrastructures, Services and Applications - 6th European Workshop, EuroPKI 2009, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 6391 LNCS, pp. 51-66, 6th European Workshop on Public Key Services, Applications and Infrastructures, EuroPKI 2009, Pisa, Italy, 10/09/09. https://doi.org/10.1007/978-3-642-16441-5_4

Reducing the cost of certificate revocation: A case study. / Ofigsbø, Mona H.; Mjølsnes, Stig Frode; Heegaard, Poul et al.
Public Key Infrastructures, Services and Applications - 6th European Workshop, EuroPKI 2009, Revised Selected Papers. 2010. p. 51-66 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6391 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Reducing the cost of certificate revocation

T2 - 6th European Workshop on Public Key Services, Applications and Infrastructures, EuroPKI 2009

AU - Ofigsbø, Mona H.

AU - Mjølsnes, Stig Frode

AU - Heegaard, Poul

AU - Nilsen, Leif

PY - 2010

Y1 - 2010

N2 - We investigate how to reduce the cost of certificate revocation in the PKI system of UNINETT (The Internet of Norwegian Universities and Colleges), by analyzing and characterizing existing users' needs and behavior. The focus is on how to reduce the number of revoked certificates and bandwidth consumption in order to achieve better scalability. We distinguish between three main types of revocation mechanisms: list pull, list push, and short validity period. We try to find the optimal parameter values with respect to revocation method, the number of groups, group size, validity period duration, application type access, and certificate security policy. The current user categories are permanent employees, temporary employees and students. This paper analyzes the collected empirical data for how long the users actually stay in the system, and the reasons and frequency of user terminations that require certificate revocations, and then models the consequences for certificate revocation.

AB - We investigate how to reduce the cost of certificate revocation in the PKI system of UNINETT (The Internet of Norwegian Universities and Colleges), by analyzing and characterizing existing users' needs and behavior. The focus is on how to reduce the number of revoked certificates and bandwidth consumption in order to achieve better scalability. We distinguish between three main types of revocation mechanisms: list pull, list push, and short validity period. We try to find the optimal parameter values with respect to revocation method, the number of groups, group size, validity period duration, application type access, and certificate security policy. The current user categories are permanent employees, temporary employees and students. This paper analyzes the collected empirical data for how long the users actually stay in the system, and the reasons and frequency of user terminations that require certificate revocations, and then models the consequences for certificate revocation.

KW - Revocation schemes

KW - architecture

KW - network aspects

KW - policies

KW - scalability

UR - http://www.scopus.com/inward/record.url?scp=78449265237&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-16441-5_4

DO - 10.1007/978-3-642-16441-5_4

M3 - Conference contribution

AN - SCOPUS:78449265237

SN - 3642164404

SN - 9783642164408

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 51

EP - 66

BT - Public Key Infrastructures, Services and Applications - 6th European Workshop, EuroPKI 2009, Revised Selected Papers

Y2 - 10 September 2009 through 11 September 2009

ER -

Ofigsbø MH, Mjølsnes SF, Heegaard P, Nilsen L. Reducing the cost of certificate revocation: A case study. In Public Key Infrastructures, Services and Applications - 6th European Workshop, EuroPKI 2009, Revised Selected Papers. 2010. p. 51-66. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-642-16441-5_4

Reducing the cost of certificate revocation: A case study

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this