报告题目:Certificate Revocation Guard (CRG): An Efficient Mechanism for Checking Certificate
报告时间:2016年9月8日上午10:30-11:00
报告地点: 计算机学院学院B405
报告人: Qinwen Hu (胡勤文) 博士
报告人单位:Computer Science from The University of Auckland(新西兰奥克兰大学)
报告人简介:
Qinwen Hu is a network researcher and has a PhD in Computer Science from The University of Auckland. His primary research uses network measurement models to assess the security attacks on current IPv6 networks. He also conducts network measurement analyses on an array of topics, including IPv6 QoS, network security and traffic measurement in the IPv6 network, both in New Zealand and internationally. During his PhD study, Qinwen Hu has three publications in top-ranking international conferences, one journal paper, one RFC Internet standard and a NZ Patent (Application number 722960)
报告摘要:
In the Public Key infrastructure (PKI) model, digital certificates play a vital role in securing online communication. Communicating parties exchange and validate these certificates, the validation fails if a certificate has been revoked. In this paper we propose the Certificate Revocation Guard (CRG) to efficiently check certificate revocation while minimising bandwidth, latency and storage overheads. CRG is based on OCSP, which caches the status of certificates locally. CRG could be installed on the user’s machine, at the organisational proxy or even at the ISP level. Compared to a naive approach (where a client checks the revocation status of all certificates in the chain on every request), CRG decreases the bandwidth overheads and network latencies by 95%. Using CRG incurs 69% lower storage overheads compared to the CRL method. Our results demonstrate the effectiveness of our approach to improve certificate revocation.
邀请人: 王鹃 陈晶
