Abstract
Current revocation strategies have numerous issues that prevent their widespread adoption and use, including scalability, privacy, and new infrastructure requirements. Consequently, revocation is often ignored, leaving clients vulnerable to man-in-the-middle attacks. This paper presents Let's Revoke, a scalable global revocation strategy that addresses the concerns of current revocation checking. Let's Revoke introduces a new unique identifier to each certificate that serves as an index to a dynamically-sized bit vector containing revocation status information. The bit vector approach enables significantly more efficient revocation checking for both clients and certificate authorities. We compare Let's Revoke to existing revocation schemes and show that it requires less storage and network bandwidth than other systems, including those that cover only a fraction of the global certificate space. We further demonstrate through simulations that Let's Revoke scales linearly up to ten billion certificates, even during mass revocation events.
Cite
CITATION STYLE
Smith, T., Dickinson, L., & Seamons, K. (2020). Let’s Revoke: Scalable Global Certificate Revocation. In 27th Annual Network and Distributed System Security Symposium, NDSS 2020. The Internet Society. https://doi.org/10.14722/ndss.2020.24084
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
