A framework for intrusion tolerant certification authority system evaluation

Jingqiang Lin, Jiwu Jing, Peng Liu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

Various intrusion tolerant certification authority (CA) systems have been recently proposed to provide attack resistant certificate update/query services. However, it is difficult to compare them against each other directly due to diversity in system organizations, threshold cryptography schemes, protocols and usage scenarios. We present a framework for intrusion tolerant CA system evaluation, which consists of three components, namely, an intrusion tolerant CA model, a threat model and a metric for comparative evaluation. The framework covers system organizations, protocols, usage scenarios, period of certificate validity, revocation rate and mean time to recovery (MTTR). Based on the framework, four representative CA systems are evaluated and compared in three typical usage scenarios, producing reasonable and insightful results. The inter-dependency between usage scenarios and system characteristics is investigated, providing a guideline to design better systems for different usage scenarios. The proposed framework provides an effective method to evaluate intrusion tolerant CA systems quantitatively. Moreover, the comparison results offer valuable insights to further improve the attack resilience of intrusion tolerant CA systems.

Original languageEnglish (US)
Title of host publicationProceedings - 26th IEEE International Symposium on Reliable Distributed Systems, SRDS 2007
Pages231-241
Number of pages11
DOIs
StatePublished - Dec 1 2007
Event26th IEEE International Symposium on Reliable Distributed Systems, SRDS 2007 - Beijing, China
Duration: Oct 10 2007Oct 12 2007

Publication series

NameProceedings of the IEEE Symposium on Reliable Distributed Systems
ISSN (Print)1060-9857

Other

Other26th IEEE International Symposium on Reliable Distributed Systems, SRDS 2007
CountryChina
CityBeijing
Period10/10/0710/12/07

Fingerprint

Certification
Evaluation
Cryptography
Scenarios
Recovery
Certificate
Threshold Cryptography
Attack
Revocation
Framework
Interdependencies
Resilience
Comparison Result
System Design
Update
Cover
Query
Metric
Evaluate
Model

All Science Journal Classification (ASJC) codes

  • Software
  • Theoretical Computer Science
  • Hardware and Architecture
  • Computer Networks and Communications

Cite this

Lin, J., Jing, J., & Liu, P. (2007). A framework for intrusion tolerant certification authority system evaluation. In Proceedings - 26th IEEE International Symposium on Reliable Distributed Systems, SRDS 2007 (pp. 231-241). [4365699] (Proceedings of the IEEE Symposium on Reliable Distributed Systems). https://doi.org/10.1109/SRDS.2007.4365699
Lin, Jingqiang ; Jing, Jiwu ; Liu, Peng. / A framework for intrusion tolerant certification authority system evaluation. Proceedings - 26th IEEE International Symposium on Reliable Distributed Systems, SRDS 2007. 2007. pp. 231-241 (Proceedings of the IEEE Symposium on Reliable Distributed Systems).
@inproceedings{9101932cff314c2d9838e2d388553b9b,
title = "A framework for intrusion tolerant certification authority system evaluation",
abstract = "Various intrusion tolerant certification authority (CA) systems have been recently proposed to provide attack resistant certificate update/query services. However, it is difficult to compare them against each other directly due to diversity in system organizations, threshold cryptography schemes, protocols and usage scenarios. We present a framework for intrusion tolerant CA system evaluation, which consists of three components, namely, an intrusion tolerant CA model, a threat model and a metric for comparative evaluation. The framework covers system organizations, protocols, usage scenarios, period of certificate validity, revocation rate and mean time to recovery (MTTR). Based on the framework, four representative CA systems are evaluated and compared in three typical usage scenarios, producing reasonable and insightful results. The inter-dependency between usage scenarios and system characteristics is investigated, providing a guideline to design better systems for different usage scenarios. The proposed framework provides an effective method to evaluate intrusion tolerant CA systems quantitatively. Moreover, the comparison results offer valuable insights to further improve the attack resilience of intrusion tolerant CA systems.",
author = "Jingqiang Lin and Jiwu Jing and Peng Liu",
year = "2007",
month = "12",
day = "1",
doi = "10.1109/SRDS.2007.4365699",
language = "English (US)",
isbn = "076952995X",
series = "Proceedings of the IEEE Symposium on Reliable Distributed Systems",
pages = "231--241",
booktitle = "Proceedings - 26th IEEE International Symposium on Reliable Distributed Systems, SRDS 2007",

}

Lin, J, Jing, J & Liu, P 2007, A framework for intrusion tolerant certification authority system evaluation. in Proceedings - 26th IEEE International Symposium on Reliable Distributed Systems, SRDS 2007., 4365699, Proceedings of the IEEE Symposium on Reliable Distributed Systems, pp. 231-241, 26th IEEE International Symposium on Reliable Distributed Systems, SRDS 2007, Beijing, China, 10/10/07. https://doi.org/10.1109/SRDS.2007.4365699

A framework for intrusion tolerant certification authority system evaluation. / Lin, Jingqiang; Jing, Jiwu; Liu, Peng.

Proceedings - 26th IEEE International Symposium on Reliable Distributed Systems, SRDS 2007. 2007. p. 231-241 4365699 (Proceedings of the IEEE Symposium on Reliable Distributed Systems).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - A framework for intrusion tolerant certification authority system evaluation

AU - Lin, Jingqiang

AU - Jing, Jiwu

AU - Liu, Peng

PY - 2007/12/1

Y1 - 2007/12/1

N2 - Various intrusion tolerant certification authority (CA) systems have been recently proposed to provide attack resistant certificate update/query services. However, it is difficult to compare them against each other directly due to diversity in system organizations, threshold cryptography schemes, protocols and usage scenarios. We present a framework for intrusion tolerant CA system evaluation, which consists of three components, namely, an intrusion tolerant CA model, a threat model and a metric for comparative evaluation. The framework covers system organizations, protocols, usage scenarios, period of certificate validity, revocation rate and mean time to recovery (MTTR). Based on the framework, four representative CA systems are evaluated and compared in three typical usage scenarios, producing reasonable and insightful results. The inter-dependency between usage scenarios and system characteristics is investigated, providing a guideline to design better systems for different usage scenarios. The proposed framework provides an effective method to evaluate intrusion tolerant CA systems quantitatively. Moreover, the comparison results offer valuable insights to further improve the attack resilience of intrusion tolerant CA systems.

AB - Various intrusion tolerant certification authority (CA) systems have been recently proposed to provide attack resistant certificate update/query services. However, it is difficult to compare them against each other directly due to diversity in system organizations, threshold cryptography schemes, protocols and usage scenarios. We present a framework for intrusion tolerant CA system evaluation, which consists of three components, namely, an intrusion tolerant CA model, a threat model and a metric for comparative evaluation. The framework covers system organizations, protocols, usage scenarios, period of certificate validity, revocation rate and mean time to recovery (MTTR). Based on the framework, four representative CA systems are evaluated and compared in three typical usage scenarios, producing reasonable and insightful results. The inter-dependency between usage scenarios and system characteristics is investigated, providing a guideline to design better systems for different usage scenarios. The proposed framework provides an effective method to evaluate intrusion tolerant CA systems quantitatively. Moreover, the comparison results offer valuable insights to further improve the attack resilience of intrusion tolerant CA systems.

UR - http://www.scopus.com/inward/record.url?scp=47249141633&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=47249141633&partnerID=8YFLogxK

U2 - 10.1109/SRDS.2007.4365699

DO - 10.1109/SRDS.2007.4365699

M3 - Conference contribution

AN - SCOPUS:47249141633

SN - 076952995X

SN - 9780769529950

T3 - Proceedings of the IEEE Symposium on Reliable Distributed Systems

SP - 231

EP - 241

BT - Proceedings - 26th IEEE International Symposium on Reliable Distributed Systems, SRDS 2007

ER -

Lin J, Jing J, Liu P. A framework for intrusion tolerant certification authority system evaluation. In Proceedings - 26th IEEE International Symposium on Reliable Distributed Systems, SRDS 2007. 2007. p. 231-241. 4365699. (Proceedings of the IEEE Symposium on Reliable Distributed Systems). https://doi.org/10.1109/SRDS.2007.4365699