Instant Revocation

PKI has a history of very poor support for revocation. It is both too expensive and too coarse grained, so that private keys which are compromised or otherwise become invalid remain in use long after they should have been revoked. This paper considers Instant Revocation, or revocations which take place within a second or two. A new revocation scheme, Certificate Push Revocation (CPR)is described which can support instant revocation. CPR can be hundreds to thousands of times more Internet-bandwidth efficient than traditional and widely deployed schemes. It also achieves significant improvements in cryptographic overheads. Its costs are essentially independent of the number of queries, encouraging widespread use of PKI authentication. Although explored in the context of instant revocation, CPR is even more efficient--both in relative and absolute terms--when used with coarser grain (non-instant) revocations.

[1]  David W. Chadwick,et al.  Using WebDAV for Improved Certificate Revocation and Publication , 2007, EuroPKI.

[2]  Vipul Goyal Certificate Revocation Using Fine Grained Certificate Space Partitioning , 2007, Financial Cryptography.

[3]  Ralph C. Merkle,et al.  A Digital Signature Based on a Conventional Encryption Function , 1987, CRYPTO.

[4]  Eric A. Brewer,et al.  Harvest, yield, and scalable tolerant systems , 1999, Proceedings of the Seventh Workshop on Hot Topics in Operating Systems.

[5]  Stuart G. Stubblebine,et al.  Recent-secure authentication: enforcing revocation in distributed systems , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[6]  Diomidis Spinellis,et al.  Evaluating certificate status information mechanisms , 2000, CCS.

[7]  Carl Pomerance,et al.  Advances in Cryptology — CRYPTO ’87 , 2000, Lecture Notes in Computer Science.

[8]  Ed Dawson,et al.  Virtual certificates and synthetic certificates: new paradigms for improving public key validation , 2003, Comput. Commun..

[9]  Nancy A. Lynch,et al.  Brewer's conjecture and the feasibility of consistent, available, partition-tolerant web services , 2002, SIGA.

[10]  Kouichi Sakurai,et al.  Proposal and Analysis of a Distributed Online Certificate Status Protocol with Low Communication Cost , 2005, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[11]  Sean W. Smith,et al.  Distributing security-mediated PKI , 2004, International Journal of Information Security.

[12]  Peter Gutmann,et al.  PKI: It's Not Dead, Just Resting , 2002, Computer.

[13]  José A. Montenegro,et al.  PKI design based on the use of on-line certification authorities , 2003, International Journal of Information Security.

[14]  Jon A. Solworth,et al.  NetAuth: Supporting User-Based Network Services , 2008, USENIX Security Symposium.

[15]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[16]  Matt Brown,et al.  Invited talk , 2007 .

[17]  Diomidis Spinellis,et al.  Towards a framework for evaluating certificate status information mechanisms , 2003, Comput. Commun..

[18]  David L. Mills,et al.  Network Time Protocol (Version 3) Specification, Implementation and Analysis , 1992, RFC.

[19]  Jon A. Solworth What can you say and what does it mean? , 2006, 2006 International Conference on Collaborative Computing: Networking, Applications and Worksharing.

[20]  Paul C. Kocher On Certificate Revocation and Validation , 1998, Financial Cryptography.

[21]  S. Micali,et al.  NOVOMODO : Scalable Certificate Validation and Simplified PKI Management , 2002 .

[22]  Ronald L. Rivest,et al.  Can We Eliminate Certificate Revocations Lists? , 1998, Financial Cryptography.

[23]  Kouichi Sakurai,et al.  Distributing Security-Mediated PKI Revisited , 2006, EuroPKI.