ARECA: A highly attack resilient Certification Authority

Jiwu Jing, Peng Liu, Dengguo Feng, Ji Xiang, Neng Gao, Lin Jingqiang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

8 Scopus citations

Abstract

Certification Authorities (CA) are a critical component of a PKI. All the certificates issued by a CA will become invalid when the (signing) private key of the CA is compromised. Hence it is a very important issue to protect the private key of an online CA. ARECA systems, built on top of threshold cryptography, ensure the security of a CA through a series of defense-in-depth protections. ARECA systems won't be compromised when a few system components are compromised or some system administrators betray. The private key of a CA is protected by distributing different shares of the key to different (signing) components and by ensuring that any component of the CA is unable to reconstruct the private key. In addition, the multi-layer system architecture of ARECA makes it very difficult to attack from outside. Several threshold-cryptography- based methods are proposed in the literature to construct an intrusion tolerant CA, and the uniqueness of ARECA is that it engineers a novel two phase signature composition scheme and a multi-layer CA protection architecture. As a result, ARECA is (a) practical, (b) highly resilient to both insider and outsider attacks that compromise one or more components, and (c) can prevent a variety of outside attacks.

Original languageEnglish (US)
Title of host publicationProceedings of the ACM Workshop on Survivable and Self-Regenerative Systems (In Association with 10th ACM Conference on Computer Communications Security)
EditorsP. Liu, P. Pal
Pages53-63
Number of pages11
StatePublished - Dec 1 2003
EventProceedings of the ACM Workshop on Survivable and Self-Regenerative Systems (In Association with 10th ACM Conference on Computer Communications Security) - Fairfax, VA, United States
Duration: Oct 31 2003Oct 31 2003

Publication series

NameProceedings of the ACM Workshop on Survivable and Self-Regenerative Systems

Other

OtherProceedings of the ACM Workshop on Survivable and Self-Regenerative Systems (In Association with 10th ACM Conference on Computer Communications Security)
Country/TerritoryUnited States
CityFairfax, VA
Period10/31/0310/31/03

All Science Journal Classification (ASJC) codes

  • General Engineering

Fingerprint

Dive into the research topics of 'ARECA: A highly attack resilient Certification Authority'. Together they form a unique fingerprint.

Cite this