Certificate Revocation Guard (CRG): An Efficient Mechanism for Checking Certificate Revocation
| Autor: | Nevil Brownlee, Qinwen Hu, Muhammad Rizwan Asghar |
|---|---|
| Rok vydání: | 2016 |
| Předmět: |
021110 strategic
defence & security studies Revocation list Public key certificate Transport Layer Security ComputingMilieux_THECOMPUTINGPROFESSION Revocation business.industry computer.internet_protocol Computer science 0211 other engineering and technologies 020206 networking & telecommunications Public key infrastructure 02 engineering and technology Certificate Computer security computer.software_genre Electronic mail X.509 Root certificate Certificate authority 0202 electrical engineering electronic engineering information engineering Online Certificate Status Protocol business computer Computer network |
| Zdroj: | LCN |
| DOI: | 10.1109/lcn.2016.84 |
| Popis: | In the Public Key infrastructure (PKI) model, digital certificates play a vital role in securing online communication. Communicating parties exchange and validate these certificates, the validation fails if a certificate has been revoked. In this paper we propose the Certificate Revocation Guard (CRG) to efficiently check certificate revocation while minimising bandwidth, latency and storage overheads. CRG is based on OCSP, which caches the status of certificates locally. CRG could be installed on the user's machine, at the organisational proxy or even at the ISP level. Compared to a naive approach (where a client checks the revocation status of all certificates in the chain on every request), CRG decreases the bandwidth overheads and network latencies by 95%. Using CRG incurs 69% lower storage overheads compared to the CRL method. Our results demonstrate the effectiveness of our approach to improve certificate revocation. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|