Software rejuvenation on a PKI

Abstract

One of the major issues for PKI-based mechanisms is the validity of user's certificate. In order to examine whether a certificate is valid or not, the PKI Certificate Authority (CA) has to check the most recent Certificate Revocation List (CRL) that maintains. But the CRL is not always available when is needed. In such a case the problem to be solved is whether to proceed to a transaction or abandon it. One of the main reasons for CRL's unavailability is the CA's server unavailability. In this paper we innovatively propose to adopt software rejuvenation to reduce the probability that CA's cannot issue the CRL. Using a Markovbased model, an indicator is derived, concerning the cost of security incidents and abandoned transactions The aim of the present work consists firstly in defining a threshold under which a transaction can be accomplished even without checking the CRL and secondly in scheduling software rejuvenation on CA's server such that the total operational cost is minimized)