Article

Certificate revocation and certificate update

Authors:

Kobbi NissimAuthors Info & Claims

SSYM'98: Proceedings of the 7th conference on USENIX Security Symposium - Volume 7

Page 17

Published: 26 January 1998 Publication History

Abstract

A new solution is suggested for the problem of certificate revocation. This solution represents Certificate Revocation Lists by an authenticated search data structure. The process of verifying whether a certificate is in the list or not, as well as updating the list, is made very efficient. The suggested solution gains in scalability, communication costs, robustness to parameter changes and update rate. Comparisons to the following solutions are included: 'traditional' CRLs (Certificate Revocation Lists), Micali's Certificate Revocation System (CRS) and Kocher's Certificate Revocation Trees (CRT).

Finally, a scenario in which certificates are not revoked, but frequently issued for short-term periods is considered. Based on the authenticated search data structure scheme, a certificate update scheme is presented in which all certificates are updated by a common message.

The suggested solutions for certificate revocation and certificate update problems is better than current solutions with respect to communication costs, update rate, and robustness to changes in parameters and is compatible e.g. with X.500 certificates.

References

[1]

{1} A. V. Aho, J. E. Hopcroft, J. D. Ullman. "Data Structures and Algorithms". Addison-Wesley, 1983.]]

Digital Library

[2]

{2} R.G. Seidel., C.R. Aragon "Randomized Search Trees". Proc. 30th Annual IEEE Symp. on Foundations of Computer Science, pp. 540-545, 1989.]]

[3]

{3} M. Blum, W. Evans, P. Gemmell, S. Kannan, M. Naor. "Checking the Correctness of Memories". Algorithmica Vol.12 pp. 225-244, Springer-Verlag, 1994.]]

Digital Library

[4]

{4} M. Bellare, O. Goldreich, S. Goldwasser. "Incremental Cryptography: The Case of Hashing and Signing". Advances in Cryptology - Crypto 94. Ed. Y. Desmedt. Lecture Notes in Computer Science 839, Springer-Verlag, 1994.]]

Digital Library

[5]

{5} M. Bellare, O. Goldreich, S. Goldwasser. "Incremental Cryptography and Application to Virus Protection". Proc. 27th ACS Symp. on Theory of Computing, 1995.]]

Digital Library

[6]

{6} M. Bellare, P. Rogaway. "Collision-Resistant Hashing: Towards Making UOWHFs Practical". Advances in Cryptology - CRYPTO '97, Lecture Notes in Computer Science, Springer-Verlag, 1997.]]

Digital Library

[7]

{7} S. Brands. "An efficient off-line electronic cash system based on the representation problem". CWI Technical Report, CS-R9323, 1993.]]

Digital Library

[8]

{8} D. Chaum, E. van Heijst and B. Pfitzmann. "Cryptographically strong undeniable signatures, unconditionally secure for the signer". Advances in Cryptology - CRYPTO '91, Lecture Notes in Computer Science 576, Springer-Verlag, 1992, pp. 470-484.]]

Digital Library

[9]

{9} H. Dobbertin. "Cryptanalysis of MD4". D. Gollmann, Ed. Fast Software Encryption, 3rd international workshop. Lecture Notes in Computer Science 1039, Springer-Verlag, pp. 53-69, 1996.]]

[10]

{10} H. Dobbertin. "Cryptanalysis of MD5". Rump session, Eurocrypt 1996. http://www.iacr.org/conferences/ec96 /rump/index.html]]

[11]

{11} S. Even, O. Goldreich, S. Micali. "On-Line/Off-Line Digital Signatures". Journal of Cryptology, Springer-Verlag, Vol. 9 pp. 35-67, 1996.]]

[12]

{12} O. Goldreich, S. Goldwasser, and S. Halevi. "Collision-Free Hashing from Lattice Problems". ECCC, TR96-042, 1996. http://www.eccc.uni-trier.de/eccc/]]

[13]

{13} A. Herzberg, H. Yochai. "Mini-Pay: Charging per Click on the Web". Proc. 6th International World Wide Web Conference, 1997. http://www6.nttlabs.com/]]

Digital Library

[14]

{14} R. Impagliazzo, M. Naor. "Efficient Cryptographic Schemes Provably as Secure as Subset Sum". Journal of Cryptology, Springer-Verlag, Vol. 9 pp. 199-216, 1996.]]

[15]

{15} C. Kaufman, R. Perlman, M. Speciner. "Network Security. Private Communication in a Public World". Prentice Hall series in networking and distributed systems, 1995.]]

Digital Library

[16]

{16} P. Kocher. "A Quick Introduction to Certificate Revocation Trees (CRTs)". http://www.valicert.com/company/crt.html]]

[17]

{17} R. C. Merkle. "A Certified Digital Signature". Proc. Crypto '89, Lecture Notes in Computer Science 435, pp. 234-246, Springer-Verlag, 1989.]]

Digital Library

[18]

{18} S. Micali. "Efficient Certificate revocation". Technical Memo MIT/LCS/TM-542b, 1996.]]

Digital Library

[19]

{19} M. Naor, M. Yung. "Universal one-way hash functions and their cryptographic applications". Proc. 21st ACM Symp. on Theory of Computing, pp. 33-43, 1989.]]

Digital Library

[20]

{20} U.S. National Institute of Standards and Technology. "A Public Key Infrastructure for U.S. Government unclassified but Sensitive Applications". September 1995.]]

[21]

{21} U.S. National Institute of Standards and Technology. "Secure Hash Standard". Federal Information Processing Standards Publication 180, 1993.]]

[22]

{22} R. Rivest. "The MD4 message-digest algorithm". Internet RFC 1320, 1992.]]

Digital Library

[23]

{23} R. Rivest "The MD5 message-digest algorithm". Internet RFC 1321, 1992.]]

Digital Library

Cited By

Erway CKüpçü APapamanthou CTamassia R(2015)Dynamic Provable Data PossessionACM Transactions on Information and System Security10.1145/269990917:4(1-29)Online publication date: 24-Apr-2015
https://dl.acm.org/doi/10.1145/2699909
Mao XLai JChen KWeng JMei Q(2015)Efficient revocable identity-based encryption from multilinear mapsSecurity and Communication Networks10.1002/sec.12748:18(3511-3522)Online publication date: 1-Dec-2015
https://dl.acm.org/doi/10.1002/sec.1274
Zhang LChoffnes DLevin DDumitraş TMislove ASchulman AWilson CWilliamson CAkella ATaft N(2014)Analysis of SSL certificate reissues and revocations in the wake of heartbleedProceedings of the 2014 Conference on Internet Measurement Conference10.1145/2663716.2663758(489-502)Online publication date: 5-Nov-2014
https://dl.acm.org/doi/10.1145/2663716.2663758
Show More Cited By

Index Terms

Certificate revocation and certificate update
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime
    2. Intellectual property

Recommendations

Certificate Revocation and Certificate Update
Certificate revocation and certificate update

We present a solution for the problem of certificate revocation. This solution represents certificate revocation lists by authenticated dictionaries that support: (1) efficient verification whether a certificate is in the list or not and (2) efficient ...
Augmented certificate revocation lists
ACISP'06: Proceedings of the 11th Australasian conference on Information Security and Privacy

We present a simple yet clever extension to the delta certificate revocation list(CRL) [1], the augmented certificate revocation list (ACRL). ACRLs contain revocation updates only and certificate verifiers construct complete CRLs locally. Locally ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

SSYM'98: Proceedings of the 7th conference on USENIX Security Symposium - Volume 7

January 1998

275 pages

Sponsors

USENIX Assoc: USENIX Assoc

Publisher

USENIX Association

United States

Publication History

Published: 26 January 1998

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

84
Total Citations
View Citations
29
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 08 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Erway CKüpçü APapamanthou CTamassia R(2015)Dynamic Provable Data PossessionACM Transactions on Information and System Security10.1145/269990917:4(1-29)Online publication date: 24-Apr-2015
https://dl.acm.org/doi/10.1145/2699909
Mao XLai JChen KWeng JMei Q(2015)Efficient revocable identity-based encryption from multilinear mapsSecurity and Communication Networks10.1002/sec.12748:18(3511-3522)Online publication date: 1-Dec-2015
https://dl.acm.org/doi/10.1002/sec.1274
Zhang LChoffnes DLevin DDumitraş TMislove ASchulman AWilson CWilliamson CAkella ATaft N(2014)Analysis of SSL certificate reissues and revocations in the wake of heartbleedProceedings of the 2014 Conference on Internet Measurement Conference10.1145/2663716.2663758(489-502)Online publication date: 5-Nov-2014
https://dl.acm.org/doi/10.1145/2663716.2663758
Schulman ALevin DSpring NAhn GYung MLi N(2014)RevCastProceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security10.1145/2660267.2660376(799-810)Online publication date: 3-Nov-2014
https://dl.acm.org/doi/10.1145/2660267.2660376
Miller AHicks MKatz JShi E(2014)Authenticated data structures, genericallyACM SIGPLAN Notices10.1145/2578855.253585149:1(411-423)Online publication date: 8-Jan-2014
https://dl.acm.org/doi/10.1145/2578855.2535851
Miller AHicks MKatz JShi EJagannathan SSewell P(2014)Authenticated data structures, genericallyProceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages10.1145/2535838.2535851(411-423)Online publication date: 11-Jan-2014
https://dl.acm.org/doi/10.1145/2535838.2535851
Sinha AJia LEngland PLorch J(2014)Continuous Tamper-Proof Logging Using TPM 2.0Proceedings of the 7th International Conference on Trust and Trustworthy Computing - Volume 856410.1007/978-3-319-08593-7_2(19-36)Online publication date: 30-Jun-2014
https://dl.acm.org/doi/10.1007/978-3-319-08593-7_2
Backes MFiore DReischuk RSadeghi AGligor VYung M(2013)Verifiable delegation of computation on outsourced dataProceedings of the 2013 ACM SIGSAC conference on Computer & communications security10.1145/2508859.2516681(863-874)Online publication date: 4-Nov-2013
https://dl.acm.org/doi/10.1145/2508859.2516681
Su LLim HLing SWang H(2013)Revocable IBE Systems with Almost Constant-Size Key Update6th International Conference on Pairing-Based Cryptography --- Pairing 2013 - Volume 836510.1007/978-3-319-04873-4_10(168-185)Online publication date: 22-Nov-2013
https://dl.acm.org/doi/10.1007/978-3-319-04873-4_10
Goodrich MPapamanthou CNguyen DTamassia RLopes COhrimenko OTriandopoulos N(2012)Efficient verification of web-content searching through authenticated web crawlersProceedings of the VLDB Endowment10.14778/2336664.23366665:10(920-931)Online publication date: 1-Jun-2012
https://dl.acm.org/doi/10.14778/2336664.2336666
Show More Cited By

View Options

View options

Figures

Tables

Media

View Table of Conten