Depender graphs: A method of fault-tolerant certificate distribution

R. N. Wright; P. D. Lincoln; J. K. Millen

doi:10.3233/JCS-2001-9403

Depender graphs: A method of fault-tolerant certificate distribution

R. N. Wright, P. D. Lincoln, J. K. Millen

Research output: Contribution to journal › Article › peer-review

5 Scopus citations

Abstract

We consider scalable certificate revocation in a public-key infrastructure (PKI). We introduce depender graphs, a new class of graphs that support efficient and fault-tolerant revocation. Nodes of a depender graph are participants that agree to forward revocation information to other participants. Our depender graphs are k-redundant, so that revocations are provably guaranteed to be received by all non-failed participants even if up to k - 1 participants have failed. We present a protocol for constructing k-redundant depender graphs that has two desirable properties. First, it is load-balanced, in that no participant need have too many dependers. Second, it is localized, in that it avoids the need for any participant to maintain the global state of the depender graph. We also give a localized protocol for restructuring the graph in the event of permanent failures.

Original language	English (US)
Pages (from-to)	323-338
Number of pages	16
Journal	Journal of Computer Security
Volume	9
Issue number	4
DOIs	https://doi.org/10.3233/JCS-2001-9403
State	Published - 2001
Externally published	Yes

All Science Journal Classification (ASJC) codes

Software
Safety, Risk, Reliability and Quality
Hardware and Architecture
Computer Networks and Communications

Keywords

Fault tolerance
Public key infrastructures (PKI)
Revocation

Access to Document

10.3233/JCS-2001-9403

Cite this

@article{4b8681735cab4a0a8ea204d2bc0c3e68,

title = "Depender graphs: A method of fault-tolerant certificate distribution",

abstract = "We consider scalable certificate revocation in a public-key infrastructure (PKI). We introduce depender graphs, a new class of graphs that support efficient and fault-tolerant revocation. Nodes of a depender graph are participants that agree to forward revocation information to other participants. Our depender graphs are k-redundant, so that revocations are provably guaranteed to be received by all non-failed participants even if up to k - 1 participants have failed. We present a protocol for constructing k-redundant depender graphs that has two desirable properties. First, it is load-balanced, in that no participant need have too many dependers. Second, it is localized, in that it avoids the need for any participant to maintain the global state of the depender graph. We also give a localized protocol for restructuring the graph in the event of permanent failures.",

keywords = "Fault tolerance, Public key infrastructures (PKI), Revocation",

author = "Wright, {R. N.} and Lincoln, {P. D.} and Millen, {J. K.}",

year = "2001",

doi = "10.3233/JCS-2001-9403",

language = "English (US)",

volume = "9",

pages = "323--338",

journal = "Journal of Computer Security",

issn = "0926-227X",

publisher = "SAGE Publications Ltd",

number = "4",

}

TY - JOUR

T1 - Depender graphs

T2 - A method of fault-tolerant certificate distribution

AU - Wright, R. N.

AU - Lincoln, P. D.

AU - Millen, J. K.

PY - 2001

Y1 - 2001

N2 - We consider scalable certificate revocation in a public-key infrastructure (PKI). We introduce depender graphs, a new class of graphs that support efficient and fault-tolerant revocation. Nodes of a depender graph are participants that agree to forward revocation information to other participants. Our depender graphs are k-redundant, so that revocations are provably guaranteed to be received by all non-failed participants even if up to k - 1 participants have failed. We present a protocol for constructing k-redundant depender graphs that has two desirable properties. First, it is load-balanced, in that no participant need have too many dependers. Second, it is localized, in that it avoids the need for any participant to maintain the global state of the depender graph. We also give a localized protocol for restructuring the graph in the event of permanent failures.

AB - We consider scalable certificate revocation in a public-key infrastructure (PKI). We introduce depender graphs, a new class of graphs that support efficient and fault-tolerant revocation. Nodes of a depender graph are participants that agree to forward revocation information to other participants. Our depender graphs are k-redundant, so that revocations are provably guaranteed to be received by all non-failed participants even if up to k - 1 participants have failed. We present a protocol for constructing k-redundant depender graphs that has two desirable properties. First, it is load-balanced, in that no participant need have too many dependers. Second, it is localized, in that it avoids the need for any participant to maintain the global state of the depender graph. We also give a localized protocol for restructuring the graph in the event of permanent failures.

KW - Fault tolerance

KW - Public key infrastructures (PKI)

KW - Revocation

UR - http://www.scopus.com/inward/record.url?scp=0035683523&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0035683523&partnerID=8YFLogxK

U2 - 10.3233/JCS-2001-9403

DO - 10.3233/JCS-2001-9403

M3 - Article

AN - SCOPUS:0035683523

SN - 0926-227X

VL - 9

SP - 323

EP - 338

JO - Journal of Computer Security

JF - Journal of Computer Security

IS - 4

ER -

Depender graphs: A method of fault-tolerant certificate distribution

Abstract

All Science Journal Classification (ASJC) codes

Keywords

Access to Document

Other files and links

Fingerprint

Cite this