DocumentCode
1897711
Title
Framework for Intrusion Tolerant Certification Authority System Evaluation
Author
Lin, Jingqiang ; Jing, Jiwu ; Liu, Peng
Author_Institution
Chinese Acad. of Sci., Beijing
fYear
2007
fDate
10-12 Oct. 2007
Firstpage
231
Lastpage
241
Abstract
Various intrusion tolerant certification authority (CA) systems have been recently proposed to provide attack resistant certificate update/query services. However, it is difficult to compare them against each other directly due to diversity in system organizations, threshold cryptography schemes, protocols and usage scenarios. We present a framework for intrusion tolerant CA system evaluation, which consists of three components, namely, an intrusion tolerant CA model, a threat model and a metric for comparative evaluation. The framework covers system organizations, protocols, usage scenarios, period of certificate validity, revocation rate and mean time to recovery (MTTR). Based on the framework, four representative CA systems are evaluated and compared in three typical usage scenarios, producing reasonable and insightful results. The inter-dependency between usage scenarios and system characteristics is investigated, providing a guideline to design better systems for different usage scenarios. The proposed framework provides an effective method to evaluate intrusion tolerant CA systems quantitatively. Moreover, the comparison results offer valuable insights to further improve the attack resilience of intrusion tolerant CA systems.
Keywords
certification; security of data; intrusion tolerant certification authority system evaluation; mean time; protocols; revocation rate; system organization; usage scenario; Certification; Content addressable storage; Cryptographic protocols; Data security; Guidelines; Hardware; Information security; Public key; Public key cryptography; Resilience;
fLanguage
English
Publisher
ieee
Conference_Titel
Reliable Distributed Systems, 2007. SRDS 2007. 26th IEEE International Symposium on
Conference_Location
Beijing
ISSN
1060-9857
Print_ISBN
0-7695-2995-X
Type
conf
DOI
10.1109/SRDS.2007.14
Filename
4365699
Link To Document