Windowed certificate revocation

Research output: Contribution to journalConference article

30 Citations (Scopus)

Abstract

The advent of electronic commerce and personal communications on the Internet heightens concerns over the lack of privacy and security. Network services providing a wide range of security related guarantees are increasingly based on public key certificates. A fundamental problem inhibiting the wide acceptance of existing certificate distribution services is the lack of a scalable certificate revocation mechanism. We argue in this paper that the resource requirements of extant revocation mechanisms place significant burden on certificate servers and network resources. We propose a novel mechanism called windowed revocation that satisfies the security policies and requirements of existing mechanism, and, at the same time, reduces the burden on certificate servers and network resources. We include a proof of correctness of windowed revocation and analyze worst case performance scenarios.

Original languageEnglish (US)
Pages (from-to)1406-1414
Number of pages9
JournalProceedings - IEEE INFOCOM
Volume3
StatePublished - Jan 1 2000
Event19th Annual Joint Conference of the IEEE Computer and Communications Societies - IEEE INFOCOM2000: 'Reaching the Promised Land of Communications' - Tel Aviv, Isr
Duration: Mar 26 2000Mar 30 2000

Fingerprint

Servers
Cellular telephone systems
Electronic commerce
Internet

All Science Journal Classification (ASJC) codes

  • Computer Science(all)
  • Electrical and Electronic Engineering

Cite this

McDaniel, Patrick Drew ; Jamin, Sugih. / Windowed certificate revocation. In: Proceedings - IEEE INFOCOM. 2000 ; Vol. 3. pp. 1406-1414.
@article{21c7870aab944c0083f12d1bf29821bb,
title = "Windowed certificate revocation",
abstract = "The advent of electronic commerce and personal communications on the Internet heightens concerns over the lack of privacy and security. Network services providing a wide range of security related guarantees are increasingly based on public key certificates. A fundamental problem inhibiting the wide acceptance of existing certificate distribution services is the lack of a scalable certificate revocation mechanism. We argue in this paper that the resource requirements of extant revocation mechanisms place significant burden on certificate servers and network resources. We propose a novel mechanism called windowed revocation that satisfies the security policies and requirements of existing mechanism, and, at the same time, reduces the burden on certificate servers and network resources. We include a proof of correctness of windowed revocation and analyze worst case performance scenarios.",
author = "McDaniel, {Patrick Drew} and Sugih Jamin",
year = "2000",
month = "1",
day = "1",
language = "English (US)",
volume = "3",
pages = "1406--1414",
journal = "Proceedings - IEEE INFOCOM",
issn = "0743-166X",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

McDaniel, PD & Jamin, S 2000, 'Windowed certificate revocation', Proceedings - IEEE INFOCOM, vol. 3, pp. 1406-1414.

Windowed certificate revocation. / McDaniel, Patrick Drew; Jamin, Sugih.

In: Proceedings - IEEE INFOCOM, Vol. 3, 01.01.2000, p. 1406-1414.

Research output: Contribution to journalConference article

TY - JOUR

T1 - Windowed certificate revocation

AU - McDaniel, Patrick Drew

AU - Jamin, Sugih

PY - 2000/1/1

Y1 - 2000/1/1

N2 - The advent of electronic commerce and personal communications on the Internet heightens concerns over the lack of privacy and security. Network services providing a wide range of security related guarantees are increasingly based on public key certificates. A fundamental problem inhibiting the wide acceptance of existing certificate distribution services is the lack of a scalable certificate revocation mechanism. We argue in this paper that the resource requirements of extant revocation mechanisms place significant burden on certificate servers and network resources. We propose a novel mechanism called windowed revocation that satisfies the security policies and requirements of existing mechanism, and, at the same time, reduces the burden on certificate servers and network resources. We include a proof of correctness of windowed revocation and analyze worst case performance scenarios.

AB - The advent of electronic commerce and personal communications on the Internet heightens concerns over the lack of privacy and security. Network services providing a wide range of security related guarantees are increasingly based on public key certificates. A fundamental problem inhibiting the wide acceptance of existing certificate distribution services is the lack of a scalable certificate revocation mechanism. We argue in this paper that the resource requirements of extant revocation mechanisms place significant burden on certificate servers and network resources. We propose a novel mechanism called windowed revocation that satisfies the security policies and requirements of existing mechanism, and, at the same time, reduces the burden on certificate servers and network resources. We include a proof of correctness of windowed revocation and analyze worst case performance scenarios.

UR - http://www.scopus.com/inward/record.url?scp=0033885757&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0033885757&partnerID=8YFLogxK

M3 - Conference article

AN - SCOPUS:0033885757

VL - 3

SP - 1406

EP - 1414

JO - Proceedings - IEEE INFOCOM

JF - Proceedings - IEEE INFOCOM

SN - 0743-166X

ER -