Efficient CRL distribution using multicasting and unicasting
Communication costs in providing certificate status information to those who wish to validate public key certificates have been cited as the most expensive component of operating a large scale Public Key Infrastructure. One mechanism for providing certificate status information is a Certificate R...
| Main Author: | |
|---|---|
| Language: | English |
| Published: |
2009
|
| Online Access: | http://hdl.handle.net/2429/12737 |
| Summary: | Communication costs in providing certificate status information to those who wish to
validate public key certificates have been cited as the most expensive component of operating a
large scale Public Key Infrastructure. One mechanism for providing certificate status information
is a Certificate Revocation List (CRL). This thesis proposes a system for cost effective distribution
of CRLs using a combination of multicasting and unicasting. The proposed system for CRL
distribution calls for periodic and aperiodic multicasting of Delta CRLs to reduce network
bandwidth requirements and peak CRL request rates in unreliable networks. An analytical model
and a simulation model are used to compare the network bandwidth requirements of the proposed
system against a system which uses only unicasting for CRL distribution. Results show that the
proposed MCA system which multicasts Delta CRLs aperiodically requires significantly less
network bandwidth and reduces peak CRL request rates. For an example network, the communication
cost of the MCA system is 89% less than that of the system which only uses unicasting.
The communication costs for the MCA system is also less sensitive to the location of the CRL
Repository. The MCA system may be retrofitted to legacy client programs which may only obtain
CRLs using unicasting. |
|---|