{"title":"证书撤销的性能优化","authors":"Bao-Hong Li, Yinliang Zhao, Yi-Bin Hou","doi":"10.1109/IPOM.2004.1547598","DOIUrl":null,"url":null,"abstract":"Certificate revocation is an outstanding problem in PKI. This paper extends Naor's scheme of dynamic hash tree in order to optimize performance. Set of revoked certificates is divided into groups. In each group, proofs for certificate status are computed by using one-way accumulator, while all groups are still organized in hash tree. The main advantage of the proposed scheme is that it can adjust traffic between CA-to-directory and directory-to-user according to certificate update rate and query rate in applications, thus can remarkably reduce overall traffic consumed for certificate revocation, and can efficiently accommodate a wide range of scenarios. Compared with Naor's origin scheme, performance analysis shows it can reduce traffic by about 50% in typical environments.","PeriodicalId":197627,"journal":{"name":"2004 IEEE International Workshop on IP Operations and Management","volume":"91 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2004-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Performance optimizations for certificate revocation\",\"authors\":\"Bao-Hong Li, Yinliang Zhao, Yi-Bin Hou\",\"doi\":\"10.1109/IPOM.2004.1547598\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Certificate revocation is an outstanding problem in PKI. This paper extends Naor's scheme of dynamic hash tree in order to optimize performance. Set of revoked certificates is divided into groups. In each group, proofs for certificate status are computed by using one-way accumulator, while all groups are still organized in hash tree. The main advantage of the proposed scheme is that it can adjust traffic between CA-to-directory and directory-to-user according to certificate update rate and query rate in applications, thus can remarkably reduce overall traffic consumed for certificate revocation, and can efficiently accommodate a wide range of scenarios. Compared with Naor's origin scheme, performance analysis shows it can reduce traffic by about 50% in typical environments.\",\"PeriodicalId\":197627,\"journal\":{\"name\":\"2004 IEEE International Workshop on IP Operations and Management\",\"volume\":\"91 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2004-10-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2004 IEEE International Workshop on IP Operations and Management\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IPOM.2004.1547598\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2004 IEEE International Workshop on IP Operations and Management","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IPOM.2004.1547598","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Performance optimizations for certificate revocation
Certificate revocation is an outstanding problem in PKI. This paper extends Naor's scheme of dynamic hash tree in order to optimize performance. Set of revoked certificates is divided into groups. In each group, proofs for certificate status are computed by using one-way accumulator, while all groups are still organized in hash tree. The main advantage of the proposed scheme is that it can adjust traffic between CA-to-directory and directory-to-user according to certificate update rate and query rate in applications, thus can remarkably reduce overall traffic consumed for certificate revocation, and can efficiently accommodate a wide range of scenarios. Compared with Naor's origin scheme, performance analysis shows it can reduce traffic by about 50% in typical environments.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
