Abstract
Digital certificates signed by trusted certification authorities (CAs) are used for multiple purposes, most commonly for secure binding of public keys to names and other attributes of their owners. Although a certificate usually includes an expiration time, it is not uncommon that a certificate needs to be revoked prematurely. For this reason, whenever a client (user or program) needs to assert the validity of another party’s certificate, it performs revocation checking. There are many revocation techniques varying in both the operational model and underlying data structures. One common feature is that a client typically contacts an on-line third party (trusted, untrusted or semi-trusted), identifies the certificate of interest and obtains some form of a proof of either revocation or validity (non-revocation) for the certificate in question.
While useful, revocation checking can leak potentially sensitive information. In particular, third parties of dubious trustworthiness discover two things: (1) the identity of the party posing the query, as well as (2) the target of the query. The former can be easily remedied with techniques such as onion routing or anonymous web browsing. Whereas, hiding the target of the query is not as obvious. Arguably, a more important loss of privacy results from the third party’s ability to tie the source of the revocation check with the query’s target. (Since, most likely, the two are about to communicate.) This paper is concerned with the problem of privacy in revocation checking and its contribution is two-fold: it identifies and explores the loss of privacy inherent in current revocation checking, and, it constructs a simple, efficient and flexible privacy-preserving component for one well-known revocation method.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Aiello, W., Lodha, S., Ostrovsky, R.: Fast digital identity revocation. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, Springer, Heidelberg (1998)
The OpenPGP Alliance. Openpgp: Open pretty good privacy, http://www.openpgp.org/
Berkovits, S., Chokhani, S., Furlong, J., Geiter, J., Guild, J.: Public key infrastructure study: Final report, Produced by the MITRE Corporation for NIST (April 1994)
Cachin, C., Micali, S., Stadler, M.: Computationally private information retrieval with polylog communication. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, Springer, Heidelberg (1999)
Verisign Corporation. Compare all ssl certificates from verisign, inc., http://www.verisign.com/products-services/security-services/ssl/buy-ssl-certificates/compare/index.html
Verisign Corporation. Corporate overview: Fact sheet from verisign, inc., http://www.verisign.com/verisign-inc/corporate-overview/fact-sheet/index.html
Verisign Corporation. Public online crl repository, http://crl.verisign.com/
Inc. Free Software Foundation. Gnu privacy guard, http://www.gnupg.org/
Goodrich, M., Tamassia, R., Schwerin, A.: Implementation of an authenticated dictionary with skip lists and commutative hashing. In: Proceedings of DARPA DISCEX II (2001)
OpenSSL User Group. The openssl project web page, http://www.openssl.org
Hackerson, J.: Rethinking department of defense public key infrastructure. In: Proceedings of 23rd National Information Systems Security Conference (October 2000)
Kent, S., Atkinson, R.: Security architecture for the internet protocol. Internet Request for Comments: RFC 2401. Network Working Group (November 1998)
Kikuchi, H.: Privacy-preserving revocation check in pki. In: 2nd US-Japan Workshop on Critical Information Infrastructure Protection, July 2005, pp. 480–494 (2005)
Klensin, J.: Role of the domain name system (dns). Internet Request for Comments: RFC 3467. Network Working Group (February 2003)
Kocher, P.: On certificate revocation and validation. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 172–177. Springer, Heidelberg (1998)
Kushilevitz, E., Ostrovsky, R.: Computationally private information retrieval with polylog communication. In: Proceedings of IEEE Symposium on Foundation of Computer Science, pp. 364–373 (1997)
US Army Research Laboratory. Using the cac with pki - faqs, http://www.usaarl.army.mil/CBT/EndUser/chapter_06b/chapter06b.html
Lenstra, A., Wang, X., de Weger, B.: Colliding x.509 certificates. Cryptology ePrint Archive, Report 2005/067 (2005), http://eprint.iacr.org/
Merkle, R.: Secrecy, Authentication, and Public-Key Systems. PhD thesis, Stanford University, PH.D Dissertation, Department of Electrical Engineering (1979)
Micali, S.: Certificate revocation system. United States Patent 5666416 (September 1997)
Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: Internet public key infrastructure online certificate status protocol - OCSP. Internet Request for Comments: RFC 2560. Network Working Group (1999)
Naor, M., Nissim, K.: Certificate revocation and certificate update. IEEE Journal on Selected Areas in Communications (JSAC) 18(4), 561–570 (2000)
National Institute of Standards and Technology. Federal information processing standards (fips), publication 180-2, secure hash standard (shs) (February 2004)
International Telecommunication Union. Recommendation x.509 (1997 e): Information technology open systems interconnection - the directory: Authentication framework, 6-1997 (1997) Also published as ISO/IEC International Standard 9594-8
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Solis, J., Tsudik, G. (2006). Simple and Flexible Revocation Checking with Privacy. In: Danezis, G., Golle, P. (eds) Privacy Enhancing Technologies. PET 2006. Lecture Notes in Computer Science, vol 4258. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11957454_20
Download citation
DOI: https://doi.org/10.1007/11957454_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-68790-0
Online ISBN: 978-3-540-68793-1
eBook Packages: Computer ScienceComputer Science (R0)