PREON: An efficient cascade revocation mechanism for delegation paths

Abstract

In decentralized network-based environments, resource sharing occurs more frequently as computing becomes more pervasive. Access to shared resources must be protected allowing access only to authorized entities. Delegation is a powerful mechanism to provide flexible and distributed access control when a user acts on another user’s behalf. User’s rights/ attributes are contained in digital certificates and successive delegations generate chains of certificates.When an access control decision related to a delegation path has to be taken, its corresponding certificate chain has to be validated. Validation of long delegation paths is a costly process that might be critical when constrained devices are involved. In this article, we propose a mechanism called PREON (Prefix Revocation) which is based on prefix codes. PREON allows a privilege verifier to efficiently check a delegation chain when cascade revocation is enabled. We show by statistical analysis that our proposal outperforms delegation systems without prefix coding especially for long delegation paths and high revocation probabilities.