Litcius/Paper detail

Let's Revoke: Scalable Global Certificate Revocation

Trevor Smith, Luke Dickinson, Kent Seamons

202040 citationsDOIOpen Access PDF

Abstract

Current revocation strategies have numerous issues that prevent their widespread adoption and use, including scalability, privacy, and new infrastructure requirements. Consequently, revocation is often ignored, leaving clients vulnerable to man-in-the-middle attacks. This paper presents Let's Revoke, a scalable global revocation strategy that addresses the concerns of current revocation checking. Let's Revoke introduces a new unique identifier to each certificate that serves as an index to a dynamically-sized bit vector containing revocation status information. The bit vector approach enables significantly more efficient revocation checking for both clients and certificate authorities. We compare Let's Revoke to existing revocation schemes and show that it requires less storage and network bandwidth than other systems, including those that cover only a fraction of the global certificate space. We further demonstrate through simulations that Let's Revoke scales linearly up to ten billion certificates, even during mass revocation events.

Topics & Concepts

Revocation listRevocationComputer scienceComputer securityCertificateScalabilityCertificate authorityComputer networkPublic-key cryptographyProgramming languageDatabaseTheoretical computer scienceEncryptionOverhead (engineering)Constraint Satisfaction and Optimization