Chengyu Ma,Nan Hu,Yingjiu Li

2006-01-01

Abstract:Public key infrastructure provides a promising foundation for verifying the authenticity of communicating parties and transferring trust over the internet. The key issue in public key infrastructure is how to process certificate revocations. Previous research in this aspect has concentrated on the tradeoffs that can be made among different revocation options. No rigorous efforts have been made to understand the probability distribution of certificate revocation requests based on real empirical data. In this study, we first collect real empirical data from VeriSign and derive the probability function for certificate revocation requests. We then prove that a revocation system will become stable after a period of time. Based on these, we show that different certificate authorities should take different strategies for releasing certificate revocation lists for different types of certificate services. We also provide the exact steps by which certificate authorities can derive optimal releasing strategies.

Zhang Manman,Liu Zhiyuan

DOI: https://doi.org/10.3969/j.issn.1008-8245.2007.05.014

2007-01-01

Abstract:Certificate revocation is always a hard problem in the research and application of public key infrastructure(PKI).In this paper,a review of certificate revocation schemes is present.The working principles of all schemes are described,and the advantages and disadvantages of each scheme are analyzed in details.And the future work is outlined in the end.

Chengyu Ma,Nan Hu,Yingjiu Li

2006-01-01

Abstract:Public key infrastructure has been proposed as a promising foundation for verifying the authenticity of communicating parties and transferring trust over the internet. One of the key issues in public key infrastructure is how to manage certificate revocations. Various technical solutions dealing with key revocation have been proposed. However, to the best of our best knowledge, no rigorous efforts have been made to understand the behavior of certificate revocation requests based on empirical data. Furthermore, there is no study on the managerial aspect of Certificate Revocation Release. In this study, based on the empirical data collected from VeriSign, we prove that a revocation system will become stable after a period of time. We show that different certificate authorities should take different strategies for releasing different types of certificate revocations. We also provide the exact steps by which certificate authorities can follow to derive optimal releasing strategies.

张雪琳,马跃,王玮,徐塞虹

DOI: https://doi.org/10.3321/j.issn:1000-6788.2004.03.015

2004-01-01

Abstract:Public Key Infrastructure (PKI) is a infrastructure of asymmetric encryption that delivers strong capabilities for services such as data confidentiality,authentication,integrity and non-repudiation to effectively mitigate various risks involved in a network environment. The PKI infrastructure ensures that the availability of a well conceived combination of services,communications methods and protocols to its constituent applications and programs. It means that the infrastructure provides a blanket to enable the interoperability of its constituent parts for available,reliable,and unobtrusive security services. In this paper,a model of CRL disribution is set up. By analyzing the revocation delay,we get the expression of revocation delay.The simulation result is also given,which proved correctness of our analysis .

Baohong Li,Yinliang Zhao,Yibin Hou

DOI: https://doi.org/10.1109/IPOM.2004.1547598

2005-01-01

Abstract:Certificate revocation is an outstanding problem in PKI. This paper extends Naor's scheme of dynamic hash tree in order to optimize performance. Set of revoked certificates is divided into groups. In each group, proofs for certificate status are computed by using one-way accumulator, while all groups are still organized in hash tree. The main advantage of the proposed scheme is that it can adjust traffic between CA-to-directory and directory-to-user according to certificate update rate and query rate in applications, thus can remarkably reduce overall traffic consumed for certificate revocation, and can efficiently accommodate a wide range of scenarios. Compared with Naor's origin scheme, performance analysis shows it can reduce traffic by about 50% in typical environments.

Wei Ren,Kui Ren,Wenjing Lou,Yanchao Zhang

DOI: https://doi.org/10.4108/icst.qshine2008.3824

2008-01-01

Abstract:Privacy-aware Public Key Infrastructure (PKI) can maintain user access control and yet protect user privacy, which is envisioned as a promising technique in many emerging applications. To justify the applicability of privacy-aware PKI and optimize the performance, it is highly important to ensure the efficiency of handling user revocations. In practice, user revocation can be due to various predictable and unpredictable reasons, e.g., subscription expiration, network access policy violation, group changing, secret key exposure, etc. Both predictable and unpredictable reasons can happen concurrently, which makes the design of efficient user revocation mechanism challenging. In this paper, we study how to achieve optimized user revocation cost with respect to various revocation approaches. We also propose an advanced scheme Delta-RL that ensures an optimized overall performance in terms of communication, computation and storage, as justified by the extensive analysis.

Nan Hu,Giri Kumar Tayi,Chengyu Ma,Yingjiu Li

DOI: https://doi.org/10.3233/jcs-2009-0330

2009-01-01

Journal of Computer Security

Abstract:Public key infrastructure provides a promising foundation for verifying the authenticity of communicating parties and transferring trust over the Internet. The key issue in public key infrastructure is how to process certificate revocations. Previous research in this area has concentrated on the tr adeoffs that can be made among different revocation options. No rigorous efforts have been made to understand the probability distribution of certificate revocation requests based on real empirical data. In this study, we first collect real data from VeriSign and suggest a functional form for the probability density function of certificate revocation requests. Exponential distribution function is chosen as it adequately approximates the real data. We then provide an economic model based on which a certificate authority can choose the optimal Certificate Revocation List (CRL) release interval considering the intrinsic properties among different types of certificate services. To conclude we draw some insights by comparing the performance of four different CRL strategies.

Baohong Li,Y. I B Hou,Yinliang Zhao

DOI: https://doi.org/10.1109/ICMLC.2005.1527611

2005-01-01

Abstract:This paper proposes a scalable scheme for certificate revocation in public key infrastructure. In this scheme, the set of revoked certificates is divided into groups. In each group, proofs for certificate status are computed using one-way accumulators, while all groups are still organized in a hash tree. The main advantage of the proposed scheme is that it can adjust traffic between CA-to-directory and directory-to-user according to certificate update rate and query rate in applications, thus overall traffic for certificate revocation can be remarkably reduced and a wider range of scenarios can be accommodated. Compared with Naor's dynamic hash tree scheme, results show it can reduce traffic by about 50% in typical environments.

Zhichao Ruan,Wei Ye,Yankai Xie,Haixing Li,Chi Zhang,Lingbo Wei

DOI: https://doi.org/10.1109/icc45041.2023.10278733

2023-01-01

Abstract:Blockchain is the most promising technology to tackle the security challenges of certificate revocation schemes, such as vulnerability to the single point of failure and lack of accountability systems. However, current blockchain-based certificate revocation systems suffer from privacy problems as the blockchain nodes can learn which website the client is going to connect with and infer the end-user's private information, such as identity, location, and health condition. In this paper, we propose a decentralized certificate revocation scheme that allows clients to securely and privately verify revocation information. We not only take advantage of blockchain to provide security guarantees but also further craft a novel multi-server offline/online private information retrieval (PIR) protocol named MOO-PIR to preserve query privacy for clients even if a subset of servers collude. Finally, we provide security analysis and performance evaluation, demonstrating that our scheme can protect client privacy without compromising efficiency.

Liu Duan-yang,Pan Xue-zeng,Ping Ling-di

DOI: https://doi.org/10.1631/jzus.2003.0555

2003-01-01

Abstract:Distributed certification via threshold cryptography is much more secure than other ways to protect certification authority (CA)'s private key, and can tolerate some intrusions. As the original system such as ITTC, etc., is unsafe, inefficient and impracitcal in actual network environment, this paper brings up a new distributed certification scheme, which although it generates key shares concentratively, it updates key shares distributedly, and so, avoids single-point failure like ITTC. It not only enhances robustness with Feldman verification and SSL protocol, but can also change the threshold (t, k) flexibly and robustly, and so, is much more practical. In this work, the authors implement the prototype system of the new scheme and test and analyze its performance.

Jing Chen,Shixiong Yao,Quan Yuan,Kun He,Shouling Ji,Ruiying Du

DOI: https://doi.org/10.1109/infocom.2018.8486344

2018-01-01

Abstract:In recent years, real-world attacks against PKI take place frequently. For example, malicious domains' certificates issued by compromised CAs are widespread, and revoked certificates are still trusted by clients. In spite of a lot of research to improve the security of SSL/TLS connections, there are still some problems unsolved. On one hand, although log-based schemes provided certificate audit service to quickly detect CAs' misbehavior, the security and data consistency of log servers are ignored. On the other hand, revoked certificates checking is neglected due to the incomplete, insecure and inefficient certificate revocation mechanisms. Further, existing revoked certificates checking schemes are centralized which would bring safety bottlenecks. In this paper, we propose a blockchain-based public and efficient audit scheme for TLS connections, which is called Certchain. Specially, we propose a dependability-rank based consensus protocol in our blockchain system and a new data structure to support certificate forward traceability. Furthermore, we present a method that utilizes dual counting bloom filter (DCBF) with eliminating false positives to achieve economic space and efficient query for certificate revocation checking. The security analysis and experimental results demonstrate that CertChain is suitable in practice with moderate overhead.

Xinyi Luo,Zhuo Xu,Kaiping Xue,Qiantong Jiang,Ruidong Li,David Wei

DOI: https://doi.org/10.1109/icdcs54860.2022.00121

2022-01-01

Abstract:As the voucher for identity, digital certificates and the public key infrastructure (PKI) system have always played a vital role to provide the authentication services. In recent years, with the increase in attacks on traditional centralized PKIs and the extensive deployment of blockchains, researchers have tried to establish blockchain-based secure decentralized PKIs and have made significant progress. Although blockchain enhances security, it brings new problems in scalability due to the inherent limitations of blockchain’s data structure and consensus mechanism, which become much severe for the massive access in the era of 5G and B5G. In this paper, we propose ScalaCert to mitigate the scalability problems of blockchain-based PKIs by utilizing redactable blockchain for "on-cert" revocation. Specifically, we utilize the redactable blockchain to record revocation information directly on the original certificate ("on-cert") and remove additional data structures such as CRL, significantly reducing storage overhead. Moreover, the combination of redactable and consortium blockchains brings a new kind of attack called deception of versions (DoV) attack. To defend against it, we design a random-block-node-check (RBNC) based freshness check mechanism. Security and performance analyses show that ScalaCert has sufficient security and effectively solves the scalability problem of the blockchain-based PKI system.

王政,赵明,斯雪明,韩文报

DOI: https://doi.org/10.3969/j.issn.1000-3428.2009.01.012

2009-01-01

Abstract:Large scale environment, unreasonable certificate revocation management will bring enormous operations and burden of network transmission. This paper analyzes some kinds of CRL mechanisms, puts forward a maintenance scheme of certificate revocation list named PSHT-CRL, which inherits the character of segment-CRL, redirect-CRL and over issue-CRL. PSHT-CRL uses Hash table, partial signature, and link method to ensure the scheme’s security, to reduce the cost of user request response and certificate updating. PSHT-CRL solves the problems of other revocation schemes. The security and capability of this scheme are analyzed and PSHT-CRL compared with other CRL scheme.

Meng Luo,Bo Feng,Long Lu,Engin Kirda,Kui Ren

DOI: https://doi.org/10.1109/tdsc.2023.3255869

2023-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Digital certificates are frequently used to secure communications between users and web servers. Critical to the Web’s PKI is the secure validation of digital certificates. Nonetheless, certificate validation itself is complex and error-prone. Moreover, it is also undermined by particular constraints of mobile browsers. However, these issues have long been overlooked. In this article, we undertook the first systematic and large-scale study of the certificate validation mechanism within popular mobile browsers to highlight the necessity of reassessing it among all released browsers. To this end, we first compile a comprehensive test suite to identify security flaws in certificate validation from various aspects. By designing and implementing a generic, automated testing pipeline, we effectively evaluate 30 popular browsers on two mobile OS versions and compare them with five representative desktop browsers. We found the latest mobile browsers Accept as many as 33.2% invalid certificates and Reject merely 5.4% invalid ones on average, leaving the majority of them to be decided by users who usually have little expertise. Our findings shed light on the severity and inconsistency of certificate validation flaws across mobile browsers, which are likely to expose users to MITM attacks, spoofing attacks, and so forth.

Nikita Korzhitskii,Matus Nemec,Niklas Carlsson

DOI: https://doi.org/10.48550/arXiv.2203.02280

2022-03-04

Abstract:The modern Internet is highly dependent on trust communicated via certificates. However, in some cases, certificates become untrusted, and it is necessary to revoke them. In practice, the problem of secure revocation is still open. Furthermore, the existing procedures do not leave a transparent and immutable revocation history. We propose and evaluate a new revocation transparency protocol that introduces postcertificates and utilizes the existing Certificate Transparency (CT) logs. The protocol is practical, has a low deployment cost, provides an immutable history of revocations, enables delegation, and helps to detect revocation-related misbehavior by certificate authorities (CAs). With this protocol, a holder of a postcertificate can bypass the issuing CA and autonomously initiate the revocation process via submission of the postcertificate to a CT log. The CAs are required to monitor CT logs and proceed with the revocation upon detection of a postcertificate. Revocation status delivery is performed independently and with an arbitrary status protocol. Postcertificates can increase the accountability of the CAs and empower the certificate owners by giving them additional control over the status of the certificates. We evaluate the protocol, measure log and monitor performance, and conclude that it is possible to provide revocation transparency using existing CT logs.

Cryptography and Security,Computers and Society,Networking and Internet Architecture

Wei Ren,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/icdcs.workshops.2008.95

2008-01-01

Abstract:Privacy-aware Public Key Infrastructure (PKI) can maintain user access control and yet protect user privacy, which is important for many applications. The applicability of privacy-aware PKI highly relies on the performance of user revocation. The requirements of user revocation are various in general, such as subscription expiration, violation of access policy, group changing, and key exposure. To satisfy different requirements, multiple revocation approaches may interact each other. In this paper, we study how to achieve optimized user revocation cost with respect to various revocation approaches. We also propose a practical scheme Delta-RL that can fulfill an optimal overall performance on the base of extensive analysis.

Yaqing Song,Yuan Zhang,Chunxiang Xu,Shiyu Li,Anjia Yang,Nan Cheng

DOI: https://doi.org/10.1109/jiot.2023.3264682

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Certificate revocation checking (CRC) is a fundamental requirement in certificate-based public-key cryptographic systems. Most existing CRC schemes are not tailored for edgecloud computing systems, and directly applying these schemes would cause security and efficiency problems. In this paper, we first propose a two-layer edge-cloud-assisted CRC framework, dubbed ECA-CRC, where edge nodes utilizing a probabilistic checking algorithm serve as a first layer, and the cloud server utilizing a deterministic checking algorithm serves as a second layer. Both the edge nodes and the cloud server collaboratively provide verifiable CRC services for devices. The most prominent manifestations of ECA-CRC are that (1) most CRC requests can be processed with the probabilistic checking layer, which reduces the checking delay significantly while providing an accurate CRC service; (2) devices can detect the irresponsible behavior of the service provider, including using an incorrect revoked certificate set (RCS) to compute checking results or procrastinating on updating the RCS, as soon as possible.We then propose an efficient instantiation of ECA-CRC, dubbed eECACRC, by utilizing a Merkle hash tree (MHT) based homomorphic signature, Cuckoo filter, and Othello. We formally prove the security of eECA-CRC against the irresponsible service provider under the random oracle model. We implement an eECA-CRC prototype and conduct a comprehensive performance evaluation based on a public certificate database. Our results show that 95% of CRC requests are completed on the edge nodes, and only 5% of CRC requests need to be handled by the cloud server.

computer science, information systems,telecommunications,engineering, electrical & electronic

FU Yong-ping,ZHAO Yin-liang,LI Bao-hong,REN Qin-an,ZHONG Sheng-hai

DOI: https://doi.org/10.3969/j.issn.1000-3428.2007.24.065

2007-01-01

Abstract:The proposed certificate revocation schemes restrict algorithm performance because they fail to consider the differences between the probabilities of inquiring certificate.The certificate revocation scheme based on priority skip lists,named CRPSL,can dynamic update the storage structure of certificate revocation dictionary according to the inquiry frequency,and can shorten the enquiry path of inquiring high frequency certificate so that the inquiry speed is accelerated.The test shows that the performance of CRPSL is better than that of CRL and 2-3CRT in the sides of insertion,deletion and enquiry,and the CRPSL conform to the actual situation of certificate inquiry fairly well.

Yiming Zhang,Baojun Liu,Chaoyi Lu,Zhou Li,Haixin Duan,Jiachen Li,Zaifeng Zhang

DOI: https://doi.org/10.1145/3460120.3484768

2021-01-01

Abstract:HTTPS secures communications in the web and heavily relies on the Web PKI for authentication. In the Web PKI, Certificate Authorities (CAs) are organizations that provide trust and issue digital certificates. Web clients rely on public root stores maintained by operating systems or browsers, with hundreds of audited CAs as trust anchors. However, as reported by security incidents, hidden root CAs beyond the public root programs have been imported into local root stores, which allows adversaries to gain trust from web clients. In this paper, we provide the first client-side, nation-wide view of hidden root CAs in the Web PKI ecosystem. Through cooperation with a leading browser vendor, we analyze certificate chains in web visits, together with their verification statuses, from volunteer users in 5 months. In total, over 1.17 million hidden root certificates are captured and they cause a profound impact from the angle of web clients and traffic. Further, we identify around 5 thousand organizations that hold hidden root certificates, including fake root CAs that impersonate large trusted ones. Finally, we highlight that the implementation of hidden root CAs and certificates is highly flawed, and issues such as weak keys and signature algorithms are prevalent. Our findings uncover that the ecosystem of hidden root CAs is massive and dynamic, and shed light on the landscape of Web PKI security. Finally, we call for immediate efforts from the community to review the integrity of local root stores.

王常吉,吴建平,段海新

DOI: https://doi.org/10.3969/j.issn.1000-3428.2004.24.034

2004-01-01

Abstract:In this paper, a new certificate revocation information distribution scheme, called compact CRL is proposed by re-encoding revoked certificate entry in standard certificate revocation list and integrating the idea of segmented certificate revocation list scheme. The size of certificate revocation list is reduced greatly, thus the bandwidth that relying party need to download the CRL is saved greatly.