A performance study of over-issuing delta-CRLs with distribution points

Author

Rojanapasakorn, Aradee ; Sathitwiriyawong, Chanboon

Author_Institution

Fac. of Inf. Technol., King Mongkut´´s Inst. of Technol., Bangkok, Thailand

Volume

2

fYear

2004

fDate

29-31 March 2004

Firstpage

178

Abstract

Digital certificates have been used to prove the identities of entities. Due to different constraints, they are only valid within a specific time. Confronting many threats is an important reason why their validities must be terminated sooner than assigned. Therefore, a certificate revocation is essential. We present a new method of issuing certificate revocation lists (CRLs) by overissuing delta-CRL with distribution points. The combination of over-issuing segmented CRLs and delta-CRLs is used to distribute CRL segments over several directories. The results from the comparative analyzes show that the proposed certificate revocation method can significantly improve the system performance such as spreading out the request rate, and reducing the size of certification revocation information and the average network usage. It also highlights inefficiencies of the traditional method of distributing certificate status information using CRLs.

Keywords

certification; distributed processing; public key cryptography; certificate revocation lists; certificate status information; delta-CRL; digital certificate; distribution points; performance study; system performance; Certification; Content addressable storage; Delay; Information analysis; Information security; Information technology; Performance analysis; Public key; Public key cryptography; System performance;

fLanguage

English

Publisher

ieee

Conference_Titel

Advanced Information Networking and Applications, 2004. AINA 2004. 18th International Conference on

Print_ISBN

0-7695-2051-0

Type

conf

DOI

10.1109/AINA.2004.1283781

Filename

1283781