UBC Theses and Dissertations

UBC Theses Logo

UBC Theses and Dissertations

Efficient CRL distribution using multicasting and unicasting Wang, Hansen Min Heng

Abstract

Communication costs in providing certificate status information to those who wish to validate public key certificates have been cited as the most expensive component of operating a large scale Public Key Infrastructure. One mechanism for providing certificate status information is a Certificate Revocation List (CRL). This thesis proposes a system for cost effective distribution of CRLs using a combination of multicasting and unicasting. The proposed system for CRL distribution calls for periodic and aperiodic multicasting of Delta CRLs to reduce network bandwidth requirements and peak CRL request rates in unreliable networks. An analytical model and a simulation model are used to compare the network bandwidth requirements of the proposed system against a system which uses only unicasting for CRL distribution. Results show that the proposed MCA system which multicasts Delta CRLs aperiodically requires significantly less network bandwidth and reduces peak CRL request rates. For an example network, the communication cost of the MCA system is 89% less than that of the system which only uses unicasting. The communication costs for the MCA system is also less sensitive to the location of the CRL Repository. The MCA system may be retrofitted to legacy client programs which may only obtain CRLs using unicasting.

Item Media

Item Citations and Data

Rights

For non-commercial purposes only, such as research, private study and education. Additional conditions apply, see Terms of Use https://open.library.ubc.ca/terms_of_use.

Usage Statistics