Efficient fault-tolerant certificate revocation

R. N. Wright, P. D. Lincoln, J. K. Millen

Research output: Contribution to journalConference articlepeer-review

26 Scopus citations

Abstract

We consider scalable certificate revocation in a public-key infrastructure (PKI). We introduce depender graphs, a new class of graphs that support efficient and fault-tolerant revocation. Nodes of a depender graph are participants that agree to forward revocation information to other participants. Our depender graphs are k-redundant, so that revocations are provably guaranteed to be received by all non-failed participants even if up to k-1 participants have failed. We present a protocol for constructing k-redundant depender graphs that has two desirable properties. First, it is load-balanced, in that no participant need have too many dependers. Second, it is localized, in that it avoids the need for any participant to maintain the global state of the depender graph. We also give a localized protocol for restructuring the graph in the event of permanent failures.

Original languageEnglish (US)
Pages (from-to)19-24
Number of pages6
JournalProceedings of the ACM Conference on Computer and Communications Security
DOIs
StatePublished - 2000
Externally publishedYes
Event7th ACM Conference on Computer Communications Security - Athens, Greece
Duration: Nov 1 2000Nov 4 2000

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications

Cite this