On the self-similarity nature of the revocation data
Document typeConference report
Rights accessRestricted access - publisher's policy
One of the hardest tasks of a Public Key Infrastructure (PKI) is to manage revocation. Different revocation mechanisms have been proposed to invalidate the credentials of compromised or misbe- having users. All these mechanisms aim to optimize the transmission of revocation data to avoid unnecessary network overhead. To that end, they establish release policies bas ed on the assumption that the revoca- tion data follows uniform or Poisson distribution. Temporal distribution of the revocation data has a significant influence on the performance and scalability of the revocation service. In this paper, we demonstrate that the temporal distribution of the daily number of revoked certificates is statistically self-similar, and that the currently assumed Poisson distribu- tion does not capture the statistical properties of the distribution. None of the commonly used revocation models takes into account this fractal behavior, though such behavior has serious implications for the design, control, and analysis of revocation protocols such as CRL or delta-CRL.
CitationGañán, C. [et al.]. On the self-similarity nature of the revocation data. A: International Conference on Information Security. "Information Security and Cryptology: ICISC 2012: 15th International Conference, Seoul, Korea, November 28-30, 2012: revised selected papers". Seoul: Springer, 2012, p. 387-400.
|On the Self-similarity Nature.pdf||478.1Kb||Restricted access|