TY - GEN
T1 - A framework for intrusion tolerant certification authority system evaluation
AU - Lin, Jingqiang
AU - Jing, Jiwu
AU - Liu, Peng
PY - 2007
Y1 - 2007
N2 - Various intrusion tolerant certification authority (CA) systems have been recently proposed to provide attack resistant certificate update/query services. However, it is difficult to compare them against each other directly due to diversity in system organizations, threshold cryptography schemes, protocols and usage scenarios. We present a framework for intrusion tolerant CA system evaluation, which consists of three components, namely, an intrusion tolerant CA model, a threat model and a metric for comparative evaluation. The framework covers system organizations, protocols, usage scenarios, period of certificate validity, revocation rate and mean time to recovery (MTTR). Based on the framework, four representative CA systems are evaluated and compared in three typical usage scenarios, producing reasonable and insightful results. The inter-dependency between usage scenarios and system characteristics is investigated, providing a guideline to design better systems for different usage scenarios. The proposed framework provides an effective method to evaluate intrusion tolerant CA systems quantitatively. Moreover, the comparison results offer valuable insights to further improve the attack resilience of intrusion tolerant CA systems.
AB - Various intrusion tolerant certification authority (CA) systems have been recently proposed to provide attack resistant certificate update/query services. However, it is difficult to compare them against each other directly due to diversity in system organizations, threshold cryptography schemes, protocols and usage scenarios. We present a framework for intrusion tolerant CA system evaluation, which consists of three components, namely, an intrusion tolerant CA model, a threat model and a metric for comparative evaluation. The framework covers system organizations, protocols, usage scenarios, period of certificate validity, revocation rate and mean time to recovery (MTTR). Based on the framework, four representative CA systems are evaluated and compared in three typical usage scenarios, producing reasonable and insightful results. The inter-dependency between usage scenarios and system characteristics is investigated, providing a guideline to design better systems for different usage scenarios. The proposed framework provides an effective method to evaluate intrusion tolerant CA systems quantitatively. Moreover, the comparison results offer valuable insights to further improve the attack resilience of intrusion tolerant CA systems.
UR - http://www.scopus.com/inward/record.url?scp=47249141633&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=47249141633&partnerID=8YFLogxK
U2 - 10.1109/SRDS.2007.4365699
DO - 10.1109/SRDS.2007.4365699
M3 - Conference contribution
AN - SCOPUS:47249141633
SN - 076952995X
SN - 9780769529950
T3 - Proceedings of the IEEE Symposium on Reliable Distributed Systems
SP - 231
EP - 241
BT - Proceedings - 26th IEEE International Symposium on Reliable Distributed Systems, SRDS 2007
T2 - 26th IEEE International Symposium on Reliable Distributed Systems, SRDS 2007
Y2 - 10 October 2007 through 12 October 2007
ER -