Top

Knowledge and Information Systems

Published in:

01-05-2015 | Regular Paper

A model for revocation forecasting in public-key infrastructures

Authors: Carlos Gañán, Jorge Mata-Díaz, Jose L. Muñoz, Oscar Esparza, Juanjo Alins

Published in: Knowledge and Information Systems | Issue 2/2015

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

One of the hardest tasks of a certification infrastructure is to manage revocation. This process consists in collecting and making the revocation status of certificates available to users. Research on this topic has focused on the trade-offs that different revocation mechanisms offer. Much less effort has been conducted to understand and model real-world revocation processes. For this reason, in this paper, we present a novel analysis of real-world collected revocation data and we propose a revocation prediction model. The model uses an autoregressive integrated moving average model. Our prediction model enables certification authorities to forecast the number of revoked certificates in short term.

previous article Fast and scalable support vector clustering for large-scale data analysis

next article STenSr: Spatio-temporal tensor streams for anomaly detection and pattern discovery

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Note that this survey mainly operates a crawler finding, and reporting on the SSL certificates it locates in the wild. Hence, we only use these data to corroborate that we are covering most of the SSL market.

Housley R, Polk W, Ford W, Solo D (2002) Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile. RFC 3280, Internet Engineering Task Force

Narasimha M, Tsudik G (2007) Privacy-preserving revocation checking with modified crls. In: Lopez J, Samarati P, Ferrer J (eds) Public key infrastructure, vol 4582, lecture notes in computer science. Springer, Berlin, pp 18–33

Lippert M, Karatsiolis V, Wiesmaier A, Buchmann J (2006) Life-cycle management of x.509 certificates based on ldap directories. J Comput Secur 14:419–439

Gañán C, Muñoz JL, Esparza O, Mata-Díaz J, Hernández-Serrano J, Alins J (2013) COACH: cOllaborative certificate stAtus CHecking mechanism for VANETs. J Netw Comput Appl 36(5):1337–1357CrossRef

Tsang PP, Au MH, Kapadia A, Smith SW (2010) Blac: revoking repeatedly misbehaving anonymous users without relying on TTPs. ACM Trans Inf Syst Secur 13:39:1–39:33CrossRef

Solis J, Tsudik G (2006) Simple and flexible revocation checking with privacy. In: Danezis G, Golle P (eds) Privacy enhancing technologies, vol 4258, lecture notes in computer science. Springer, Berlin, pp 351–367

Caubet J, Gañán C, Esparza O, Muñoz JL, Mata-Díaz J, Alins J (2014) Certificate revocation list distribution system for the KAD network. Comput J 57(2):273–280

Walleck D, Li Y, Xu S (2008) Empirical analysis of certificate revocation lists. In: Proceedings of the 22nd annual IFIP WG 11.3 working conference on data and applications security, pp 159–174

Ma C, Hu N, Li Y (2006) On the release of CRLs in public key infrastructure. In: Proceedings of the 15th conference on USENIX security symposium, vol 15. Berkeley, CA, USA

10.

Hu N, Tayi GK, Ma C, Li Y (2009) Certificate revocation release policies. J Comput Secur 17:127–157

11.

Gañán C, Mata-Diaz J, Munoz JL, Hernandez-Serrano J, Esparza O, Alins J (2012) A modeling of certificate revocation and its application to synthesis of revocation traces. IEEE Trans Inf Forensics Secur 7(6):1673–1686CrossRef

12.

Box GEP, Jenkins G (1990) Time series analysis: forecasting and control. Holden-Day, Incorporated

13.

Cooper D, Santesson S, Farrell S, Boeyen S, Housley R, Polk W (2008) Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile. RFC 5280, Internet Engineering Task Force

14.

Micali S (1996) Efficient certificate revocation. Technical Report TM-542b. MIT Laboratory for Computer Science

15.

Naor M, Nissim K (2000) Certificate revocation and certificate update. IEEE J Sel Areas Commun 18(4):561–560CrossRef

16.

Myers M, Ankney R, Malpani A, Galperin S, Adams C (1999) X.509 internet public key infrastructure online certificate status protocol—OCSP. RFC 2560

17.

Kocher PC (1998) On certificate revocation and validation. In: International conference on financial cryptography (FC98), number 1465 in lecture notes in computer science, pp 172–177

18.

Merkle RC (1989), A certified digital signature. In: Advances in cryptology (CRYPTO89), number 435 in lecture notes in computer science, pp 234–246

19.

W\(^3\)Techs—Web technology surveys. Usage of SSL certificate authorities, December 2012 [Online] http://w3techs.com/technologies/overview/ssl_certificate/all

20.

Jeon TJ, Park SJ (1988) Multiple time series model identification using concatenated sample cross-correlations. Commun Stat Theory Methods 17(1):1–16CrossRefMathSciNet

21.

Zhang B-L, Coggins R, Jabri MA, Dersch D, Flower B (2001) Multiresolution forecasting for futures trading using wavelet decompositions. Neural Netw IEEE Trans 12(4):765–775CrossRef

22.

Kang S, Lee S, Won Y, Seong B (2010) On-line prediction of nonstationary variable-bit-rate video traffic. Signal Process IEEE Trans 58(3):1219–1237CrossRefMathSciNet

23.

Proakis JG (1983) Digital communications / John G. Proakis. McGraw-Hill, New York

24.

Kwiatkowski D, Phillips PCB, Schmidt P (1991) Testing the null hypothesis of stationarity against the alternative of a unit root. Technical Report 979. Cowles Foundation for Research in Economics, Yale University

25.

Makridakis S, Hibon M (2000) The M3-Competition: results, conclusions and implications. Int J Forecast 16(4):451–476CrossRef

26.

Meade N (2000) A note on the robust trend and ararma methodologies used in the M3 competition. Int J Forecast 16(4):517–519CrossRef

27.

US Department of the Treasury. Treasury Public Key Infrastructure (PKI) and Shared Service Provider (SSP) Portal, December 2012. [Online] https://pki.treas.gov/crl_certs.htm

28.

Catalan Certification Agency. Certificate Revocation List Repository, December 2012. [Online] http://www.catcert.cat/esl/RECURSOS/Comproveu-el-vostre-certificat/Llista-de-certificats-revocats

29.

Gañán C, Munoz JL, Esparza O, Mata-Diaz J, Alins J, Silva-Cardenas C, Bartra-Gardini G (2012) RAR: risk aware revocation mechanism for vehicular networks. In: 2012 IEEE 75th vehicular technology conference (VTC Spring), vol 7. IEEE, Yokohama, pp 1–5

30.

Spyropoulos T, Turletti T, Obraczka K (2008) Routing in delay-tolerant networks comprising heterogeneous node populations. IEEE Trans Mobile Comput, 1132–1147

31.

Bhutta N, Ansa G, Johnson E, Ahmad N, Alsiyabi M, Cruickshank H (2009) Security analysis for delay/disruption tolerant satellite and sensor networks. In: Satellite and space communications. IWSSC 2009. International Workshop on, pp 385–389

32.

Farrell S, Symington S, Weiss H, Lovell P (2009) Delay-tolerant networking security overview. IRTF, DTN research group, March 2009. Draft version-06

33.

Symington S, Farrell S, Weiss H (2009) Bundle security protocol specification. IRTF, DTN research group, November 2009. Draft version-12

34.

Gañán C, Muñoz JL, Esparza O, Mata-Día J, Alins J (2014) PPREM: privacy preserving REvocation mechanism for vehicular ad hoc networks. Comput Stand Interfaces 36(3):513–523CrossRef

35.

Gañán C, Muñoz JL, Esparza O, Loo J, Mata-Día J, Alins J (2013) BECSI: bandwidth efficient certificate status information distribution mechanism for VANETs. Mobile Inf Syst 9(4):347–370CrossRef

36.

Gañán C, Muñoz JL, Esparza O, Mata-Día J, Alins J (2014) EPA: an efficient and privacy-aware revocation mechanism for vehicular ad hoc networks. Pervasive Mobile Comput, ISSN 1574-1192, doi:10.1016/j.pmcj.2014.01.002

37.

Chadwick D (2007) Dynamic delegation of authority in web services. In: Periorellis P (eds) Securing web services: practical usage of standards and specifications. Idea Group Inc, pp 111–137

38.

She W, Yen I-L, Thuraisingham B (2008) Enhancing security modeling for web services using delegation and pass-on. In: IEEE international conference on web services (ICWS), pp 545–552

39.

Hinarejos MF, Muñoz JL, Forné J, Esparza O (2010) PREON: an efficient cascade revocation mechanism for delegation paths. Comput Secur 29(6):697–711CrossRef

40.

W3C Working Group. Web Services Architecture. http://www.w3.org/TR/ws-arch/

41.

Tuecke S, Welch V, Engert D, Pearlman L, Thompson M (2004) Internet X.509 public key infrastructure (PKI) proxy certificate profile. RFC 3820, Internet Engineering Task Force

42.

Luna J, Medina M, Manso O (2005) Towards a unified authentication and authorization infrastructure for grid services: implementing an enhanced OCSP service provider into GT4. In: Public key infrastructure, LNCS. Springer, Berlin, pp 36–54

Title: A model for revocation forecasting in public-key infrastructures
Authors: Carlos Gañán
Jorge Mata-Díaz
Jose L. Muñoz
Oscar Esparza
Juanjo Alins
Publication date: 01-05-2015
Publisher: Springer London
Published in: Knowledge and Information Systems / Issue 2/2015
Print ISSN: 0219-1377
Electronic ISSN: 0219-3116
DOI: https://doi.org/10.1007/s10115-014-0735-1

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Other articles of this Issue 2/2015

Efficient clustering-based source code plagiarism detection using PIY

CloudRec: a framework for personalized service Recommendation in the Cloud

STenSr: Spatio-temporal tensor streams for anomaly detection and pattern discovery

Finding top--cliques for keyword search from graphs in polynomial delay

Learning to suggest questions in social media

Fast and scalable support vector clustering for large-scale data analysis

Premium Partner