Title :
Performance optimizations for certificate revocation
Author :
Li, BaoHong ; Zhao, Yinliang ; Hou, Yibin
Author_Institution :
Dept. of Comput. Sci. & Technol., Xi´´an Jiaotong Univ., China
Abstract :
Certificate revocation is an outstanding problem in PKI. This paper extends Naor´s scheme of dynamic hash tree in order to optimize performance. Set of revoked certificates is divided into groups. In each group, proofs for certificate status are computed by using one-way accumulator, while all groups are still organized in hash tree. The main advantage of the proposed scheme is that it can adjust traffic between CA-to-directory and directory-to-user according to certificate update rate and query rate in applications, thus can remarkably reduce overall traffic consumed for certificate revocation, and can efficiently accommodate a wide range of scenarios. Compared with Naor´s origin scheme, performance analysis shows it can reduce traffic by about 50% in typical environments.
Keywords :
public key cryptography; trees (mathematics); Naor scheme; certificate revocation; directory-to-user; dynamic hash tree; one-way accumulator; performance analysis; performance optimizations; query rate; traffic reduction; Cities and towns; Data security; Data structures; Dictionaries; Information security; Large-scale systems; Optimization; Performance analysis; Public key; Traffic control; certificate dictionary; certificate revocation; dynamic hash tree; on-way accumulators;
Conference_Titel :
IP Operations and Management, 2004. Proceedings IEEE Workshop on
Print_ISBN :
0-7803-8836-4
DOI :
10.1109/IPOM.2004.1547598
