Title :
On the Performance of Certificate Validation Schemes Based on Pre-Computed Responses
Author :
Lim, T.L. ; Lakshminarayanan, A.
Author_Institution :
Inst. for Infocomm Res., Singapore
Abstract :
In public key infrastructures (PKIs), cryptographically protected responses are used to validate the status of certificates. The online certificate status protocol (OCSP) [1] is a scheme that was proposed for this purpose. However, OCSP is expensive primarily because it requires online trusted servers. Currently, there exists cheaper online validation schemes wherein validating clients download pre-computed responses from untrusted distribution servers. Examples of such schemes include NOVOMODO [3], certificate revocation tree (CRT) [4], authenticated dictionary (AD) [5] and the recently proposed augmented certificate revocation lists (ACRL) [6]. In this paper, we conduct a detailed performance analysis of these schemes with respect to their computational, network and storage costs and compare them against OCSP. Based on the system model that we adopt, our results show that all these schemes perform better than OCSP.
Keywords :
certification; cryptographic protocols; public key cryptography; telecommunication security; NOVOMODO; augmented certificate revocation list; authenticated dictionary; certificate revocation tree; certificate validation scheme; online certificate status protocol; online trusted server; precomputed response; public key infrastructure; untrusted distribution server; Cathode ray tubes; Computer networks; Costs; Cryptographic protocols; Dictionaries; Network servers; Performance analysis; Protection; Public key; Public key cryptography;
Conference_Titel :
Global Telecommunications Conference, 2007. GLOBECOM '07. IEEE
Conference_Location :
Washington, DC
Print_ISBN :
978-1-4244-1042-2
Electronic_ISBN :
978-1-4244-1043-9
DOI :
10.1109/GLOCOM.2007.42
