Skip to main content
Springer Nature Link
Log in

Geographic server distribution model for key revocation

  • Published:
Telecommunication Systems Aims and scope Submit manuscript

Abstract

Key management is one of the important issues in ensuring the security of network services. The aim of key management is to ensure availability of the keys at both the receiver’s and the sender’s ends. Key management involves two aspects: key distribution and key revocation. Key distribution involves the distribution of keys to various nodes with secrecy to provide authenticity and privacy. Key revocation involves securely and efficiently managing the information about the keys which have been compromised. This paper presents the geographic server distributed model for key revocation which concerns about the security and performance of the system. The concept presented in this paper is more reliable, faster and scalable than the existing Public Key Infrastructure (PKI) framework in various countries, as it provides optimization of key authentication in a network. It proposes auto-seeking of a geographically distributed certifying authority’s key revocation server, which holds the revocation lists by the client, based on the best service availability. The network is divided itself into the strongest availability zones (SAZ), which automatically allows the new receiver to update the address of the authentication server and replace the old address with the new address of the SAZ, in case it moves to another location in the zone, or in case the server becomes unavailable in the same zone. In this way, it reduces the time to gain information about the revocation list and ensures availability and, thus, improvement of the system as a whole. Hence, the proposed system results in scalable, reliable and faster PKI infrastructure and will be attractive for the users who frequently change their location in the network. Our scheme eases out the revocation mechanism and enables key revocation in the legacy systems. It discusses the architecture as well as the performance of our scheme as compared to the existing scheme. However, our scheme does not call for the entire change in PKI, but is compatible with the existing scheme. Our simulations show that the proposed scheme is better for key revocation.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

Explore related subjects

Discover the latest articles, news and stories from top researchers in related subjects.

References

  1. Maurer, U. (2004). New approaches to digital evidence. Proceedings of the IEEE, 92(6), 933–947.

    Article  Google Scholar 

  2. The World Internet Security Company (2008). http://www1.wisekey.com/products/. Last accessed 16th August (2008).

  3. The Controller of Certifying Authority (2008). http://www.cca.gov.in. Last accessed 21st August (2008).

  4. The National Informatics Centre (2008). Certifying Authority, http://nicca.nic.in/index.jsp. Last accessed 21st August (2008).

  5. The Tata Consultancy Services (2008). Certifying Authority, http://www.tcs-ca.tcs.co.in. Last accessed 21st August (2008).

  6. Hong, D., & Kang, J. (2005). An efficient key distribution scheme with self-healing property. IEEE Communications Letters, 9(8), 759–761.

    Article  Google Scholar 

  7. Vanrenen, G., & Smith, S. (2004). Distributing security-mediated PKI. In LNCS : Vol. 3093. Proc. 1st European PKI workshop (EuroPKI 2004) (pp. 218–231). Berlin: Springer.

    Google Scholar 

  8. Wohlmacher, P. (2000). Digital certificates: a survey of revocation methods. In Proceedings of the 2000 ACM workshops on multimedia 2000 (pp. 111–114). Los Angeles, California, United States.

  9. Kocher, P. (1998). On certificate revocation and validation. In LNCS. Proc. Int. Conf. Financial Cryptography. Berlin: Springer.

    Google Scholar 

  10. Zheng, P. (2003). Tradeoffs in certificate revocation schemes. ACM SIGCOMM Computer Communication Review, 33(2), 103–112.

    Article  Google Scholar 

  11. Myer, M. (1998). Revocation: options and challenges. In Lecture Notes in Computer Science. Proc. financial cryptography: second international conference, FC’98, British West Indies, 23–25 February 1998 (pp. 165–171). Berlin: Springer.

    Google Scholar 

  12. Lo, C. M., Hwang, T., & Li, C. M. (2007). Revocation-free public-key encryption based on security-mediated public-key infrastructure. IET Information Security, 1(3), 134–141.

    Article  Google Scholar 

  13. Boneh, D., Ding, X., Tsudik, G., & Wong, M. (2001). A method for fast revocation of public key certificates and security capabilities. In Proc. 10th USENIX security symposium (pp. 297–308).

  14. Al-Riyami, S. S., & Paterson, K. G. (2003). Certificateless public key cryptography. In LNCS : Vol. 2894. Advances in cryptology—Asiacrypt’2003 (pp. 452–473). Berlin: Springer.

    Google Scholar 

  15. Gentry, C. (2003). Certificate-based encryption and the certificate revocation problem. In LNCS : Vol. 2656. Proc. Eurocrypt 2003 (pp. 272–293). Berlin: Springer.

    Chapter  Google Scholar 

  16. Critchlow, D., & Zhang, N. (2004). Revocation invocation for accountable anonymous PKI certificate trees, computers and communications. In Proceedings of ISCC 2004, 28 June–1 July 2004 (Vol. 1, pp. 386–392).

  17. Chow, S. S. M., Boyd, C., & Nieto, J. M. G. (2006). Security-mediated certificate-less cryptography. In Public key cryptography (pp. 508–524).

  18. Cooper, D. (1999). A model of certificate revocation. In Proc. fifteenth annual computer security applications conf. (pp. 256–264).

  19. Cooper, D. (2000). A more efficient use of delta-CRLs. In IEEE proceedings of the IEEE symposium on security and privacy (pp. 190–202).

  20. Naor, M., & Nissim, K. (2000). Certificate revocation and certificate update. IEEE Journal on Selected Areas in Communications, 18(4), 561–570.

    Article  Google Scholar 

  21. McDaniel, P., & Jamin, S. (1998). Key distribution hierarchy. (Technical Report CSE-TR-366-98, EECS). University of Michigan, Ann Arbor.

  22. Berta, I. Z., Buttya, L., & Vajda, I. (2005). A framework for the revocation of unintended digital signatures initiated by malicious terminals. IEEE Transactions on Dependable and Secure Computing, 2(3), 268–272.

    Article  Google Scholar 

  23. Dini, G., & Savino, I. M. (2006). An efficient key revocation protocol for wireless sensor networks. In Proceedings of the 2006 international symposium on a world of wireless, mobile and multimedia networks (WoWMoM’06) (pp. 3–5). Buffalo, New York, 26–29 June 2006.

  24. Narten, T., Nordmark, E., & Simpson, W. (1998). Neighbour discovery for IP version 6. RFC 2461, December 1998.

  25. Libert, B., & Quisquater, J. J. (2003). Efficient revocation and threshold pairing based cryptosystems. In Proc. symp. principles of distributed computing (PODC’2003) (pp. 163–171).

  26. Pinkas, B. (2004). Efficient state updates for key management. Proceedings of the IEEE, 92(6), 910–917.

    Article  Google Scholar 

  27. Millen, J. K., & Wright, R. N. (1998). Certificate revocation the responsible way. In Proceedings of computer security, dependability and assurance: from needs to solutions (CSDA’98) (pp. 196–203). Los Alamitos: IEEE Comput. Soc.

    Google Scholar 

  28. Jeong, J., Lee, K., Park, J., Lee, H., & Kim, H. (2003). The auto configuration of recursive DNS server and the optimization of DNS name resolution in hierarchical mobile IPv6. In Proc. vehicular technology conference (VTC 2003), Fall 2003 (Vol. 5, pp. 3439–3442).

  29. The OPNET IT Guru Academic Edition (2008). http://www.opnet.com/university_program/itguru_academic_edition/. Last accessed 21st August 2008.

  30. Narten, T., Nordmark, E., & Simpson, W. (1998). Neighbour discovery for IP version 6. RFC 2461, December 1998.

  31. Shi, M., Shen, X., Jiang, Y., & Lin, C. (2007). Self-healing group-wise key distribution schemes with time-limited node revocation for wireless sensor networks. IEEE Wireless Communications, 14(5), 38–46.

    Article  Google Scholar 

  32. Clifford, B., Neuman, O., & Theodore, T. (1994). Kerberos: an authentication service for computer networks. IEEE Communications, 32(9), 33–38.

    Article  Google Scholar 

  33. Callas, J., Donnerhacke, L., Finney, H., Shaw, D., & Thayer, R. (2007). OpenPGP message format. RFC 4880, November 2007.

  34. Dierks, T., & Allen, C. (1999). The TLS protocol version 1.0. Request for comments: 2246, January 1999.

  35. Hunter, B. (2002). Simplifying PKI usage through a client-server architecture and dynamic propagation of certificate paths and repository addresses. In Proceedings of 13th international workshop on database and expert systems applications (pp. 505–510). University of Marseille, France, 2–6 Sept.

  36. Finseth, C. (1993). An access control protocol, sometimes called TACACS. RFC1492, July 1993.

  37. McDaniel, P., & Jamin, S. (2008) A key scalable distribution hierarchy. http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.50.316. Last accessed 21st August 2008.

  38. Kent, S., & Atkinson, R. (1998). IP authentication header. Request for comments: 2402, November 1998.

  39. Kent, S., & Atkinson, R. (1998). IP encapsulating security payload (ESP). RFC240, November 1998.

  40. Shi, M., Shen, X.S., Yixin, J., & Lin, C. (2007). Self-healing group-wise key distribution schemes with time-limited node revocation for wireless sensor networks. In IEEE Wireless Communications, October 2007 (pp. 38–46).

  41. Mealling, M. (2002). Dynamic delegation discovery system (DDDS): the domain name system (DNS) database. RFC 3403, October 2002.

Download references

Author information

Authors and Affiliations

  1. School of Information Technology, Indian Institute of Technology, Kharagpur, India, 721302

    Sudip Misra

  2. Department of Computer Science and Engineering, Indian Institute of Technology, Kharagpur, India, 721302

    Sumit Goswami, Gyan Prakash Pathak & Nirav Shah

  3. Department of Computer Science, Ryerson University, Toronto, ON, Canada, M5B 2K3

    Isaac Woungang

Authors
  1. Sudip Misra
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Sumit Goswami
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Gyan Prakash Pathak
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. Nirav Shah
    View author publications

    You can also search for this author inPubMed Google Scholar

  5. Isaac Woungang
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Isaac Woungang.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Misra, S., Goswami, S., Pathak, G.P. et al. Geographic server distribution model for key revocation. Telecommun Syst 44, 281–295 (2010). https://doi.org/10.1007/s11235-009-9254-x

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11235-009-9254-x