• DocumentCode
    1897711
  • Title

    Framework for Intrusion Tolerant Certification Authority System Evaluation

  • Author

    Lin, Jingqiang ; Jing, Jiwu ; Liu, Peng

  • Author_Institution
    Chinese Acad. of Sci., Beijing
  • fYear
    2007
  • fDate
    10-12 Oct. 2007
  • Firstpage
    231
  • Lastpage
    241
  • Abstract
    Various intrusion tolerant certification authority (CA) systems have been recently proposed to provide attack resistant certificate update/query services. However, it is difficult to compare them against each other directly due to diversity in system organizations, threshold cryptography schemes, protocols and usage scenarios. We present a framework for intrusion tolerant CA system evaluation, which consists of three components, namely, an intrusion tolerant CA model, a threat model and a metric for comparative evaluation. The framework covers system organizations, protocols, usage scenarios, period of certificate validity, revocation rate and mean time to recovery (MTTR). Based on the framework, four representative CA systems are evaluated and compared in three typical usage scenarios, producing reasonable and insightful results. The inter-dependency between usage scenarios and system characteristics is investigated, providing a guideline to design better systems for different usage scenarios. The proposed framework provides an effective method to evaluate intrusion tolerant CA systems quantitatively. Moreover, the comparison results offer valuable insights to further improve the attack resilience of intrusion tolerant CA systems.
  • Keywords
    certification; security of data; intrusion tolerant certification authority system evaluation; mean time; protocols; revocation rate; system organization; usage scenario; Certification; Content addressable storage; Cryptographic protocols; Data security; Guidelines; Hardware; Information security; Public key; Public key cryptography; Resilience;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Reliable Distributed Systems, 2007. SRDS 2007. 26th IEEE International Symposium on
  • Conference_Location
    Beijing
  • ISSN
    1060-9857
  • Print_ISBN
    0-7695-2995-X
  • Type

    conf

  • DOI
    10.1109/SRDS.2007.14
  • Filename
    4365699