CryptoRevocate: A Cryptographic Accumulator based Distributed Certificate Revocation List


ÖZÇELİK İ. , Skjellum A.

11th IEEE Annual Computing and Communication Workshop and Conference, CCWC 2021, Nevada, United States Of America, 27 - 30 January 2021, pp.865-872 identifier

  • Publication Type: Conference Paper / Full Text
  • Volume:
  • Doi Number: 10.1109/ccwc51732.2021.9376112
  • City: Nevada
  • Country: United States Of America
  • Page Numbers: pp.865-872

Abstract

© 2021 IEEE.Verification of the certificate revocation status is a crucial process for Public Key Infrastructure (PKI) system reliability. Failing to detect a revoked certificate may lead to catastrophic system compromises. Existing verification systems use slow and centralized approaches like Certificate Revocation Lists (CRLs) and Online Certificate Status Protocol (OCSP). These systems are known to cause verification failures (soft fails) because of system and network delays. Additionally, the availability of these systems are a major concern. Recent developments in distributed ledger (blockchain) technologies enable this information to be reliably published on the Internet, in a distributed manner. However in a distributed system, synchronizing large amounts of data among the nodes is an expensive task. One way to combat this issue is to use cryptographic accumulators, a tool that can be used to reduce data size; when only membership test statuses are necessary from a set of data. In this study, we focus on the reliable and effective distribution of certificate revocation information. We present a design of an asymmetric cryptographic accumulator based effective certificate revocation system. To the best of our knowledge, this is the first study using asymmetric cryptographic accumulators to distribute certificate revocation data via blockchain.