Rights accessRestricted access - publisher's policy
One of the hardest tasks of a public key infrastructure (PKI) is to manage revocation. New
communication paradigms push the revocation system to the limit and an accurate resource assessment
is necessary before implementing a particular revocation distribution system. In this context, a precise
modeling of certificate revocation is necessary. In this article, we analyze empirical data from real
CAs to develop an accurate and rigorous model for certificate revocation. One of the key findings of
our analysis is that the certificate revocation process is statistically self-similar. The proposed model
is based on an autoregressive fractionally integrated moving average (ARFIMA) process. Then, using
this model, we show how to build a synthetic revocation generator that can be used in simulations
for resource assessment. Finally, we also show that our model produces synthetic revocation traces
that are indistinguishable for practical purposes from those corresponding to actual revocations.
CitationGañán, C. [et al.]. A modeling of certificate revocation and its application to synthesis of revocation traces. "IEEE transactions on information forensics and security", 2012.
All rights reserved. This work is protected by the corresponding intellectual and industrial property rights. Without prejudice to any existing legal exemptions, reproduction, distribution, public communication or transformation of this work are prohibited without permission of the copyright holder. If you wish to make any use of the work not provided for in the law, please contact: firstname.lastname@example.org