Abstract
The advent of electronic commerce and personal communications on the Internet heightens concerns over the lack of privacy and security. Network services providing a wide range of security related guarantees are increasingly based on public key certificates. A fundamental problem inhibiting the wide acceptance of existing certificate distribution services is the lack of a scalable certificate revocation mechanism. We argue in this paper that the resource requirements of extant revocation mechanisms place significant burden on certificate servers and network resources. We propose a novel mechanism called windowed revocation that satisfies the security policies and requirements of existing mechanism, and, at the same time, reduces the burden on certificate servers and network resources. We include a proof of correctness of windowed revocation and analyze worst case performance scenarios.
| Original language | English (US) |
|---|---|
| Pages (from-to) | 1406-1414 |
| Number of pages | 9 |
| Journal | Proceedings - IEEE INFOCOM |
| Volume | 3 |
| State | Published - Jan 1 2000 |
| Event | 19th Annual Joint Conference of the IEEE Computer and Communications Societies - IEEE INFOCOM2000: 'Reaching the Promised Land of Communications' - Tel Aviv, Isr Duration: Mar 26 2000 → Mar 30 2000 |
All Science Journal Classification (ASJC) codes
- Computer Science(all)
- Electrical and Electronic Engineering