论文信息 - Digital certificate management: Optimal pricing and CRL releasing strategies

Digital certificate management: Optimal pricing and CRL releasing strategies

The fast growth of e-commerce and online activities places increasing needs for authentication and secure communication to enable information exchange and online transactions. The public key infrastructure (PKI) provides a promising foundation for meeting such demand, in which certificate authorities (CAs) provide digital certificates. In practice, it is critical to understand consumer purchasing and revocation behaviors so that CAs can better manage the digital certificates and its CRL releasing process. To address this problem, we analytically model a CA's pricing and revocation releasing strategies taking into consideration the users' rational decisions. The model provides solutions two main research questions: (1) How should the CA price the digital certificates? The the price of the digital certificate should be determined by the expected losses of the user's IT system, and the number of certificate revocations per period is expected to decrease over time during the lifecycle of the certificate. This result is supported by the empirical data from VeriSign. (2) How should the CA we further propose a dynamic CRL releasing policy that suggests that the optimal releasing intervals within the lifecycle of a certificate should increase over time.

M. K. Raja | Nan Hu | Jie Jennifer Zhang

[1] Joan Feigenbaum,et al. Nonmonotonicity, User Interfaces, and Risk Assessment in Certificate Revocation , 2002, Financial Cryptography.

[2] Moni Naor,et al. Certificate revocation and certificate update , 1998, IEEE Journal on Selected Areas in Communications.

[3] Barbara Fox,et al. Certificate Recocation: Mechanics and Meaning , 1998, Financial Cryptography.

[4] Peifang Zheng,et al. Tradeoffs in certificate revocation schemes , 2003, CCRV.

[5] David A. Cooper,et al. A model of certificate revocation , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[6] Petra Wohlmacher,et al. Digital certificates: a survey of revocation methods , 2000, MULTIMEDIA '00.

[7] 염흥렬,et al. [서평]「Applied Cryptography」 , 1997 .

[8] Huseyin Cavusoglu,et al. The Effect of Internet Security Breach Announcements on Market Value: Capital Market Reactions for Breached Firms and Internet Security Developers , 2004, Int. J. Electron. Commer..

[9] Russ Housley,et al. Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.

[10] Yingjiu Li,et al. Certificate revocation release policies , 2009, J. Comput. Secur..