A framework for intrusion tolerant certification authority system evaluation

Jingqiang Lin, Jiwu Jing, Peng Liu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Scopus citations

Abstract

Various intrusion tolerant certification authority (CA) systems have been recently proposed to provide attack resistant certificate update/query services. However, it is difficult to compare them against each other directly due to diversity in system organizations, threshold cryptography schemes, protocols and usage scenarios. We present a framework for intrusion tolerant CA system evaluation, which consists of three components, namely, an intrusion tolerant CA model, a threat model and a metric for comparative evaluation. The framework covers system organizations, protocols, usage scenarios, period of certificate validity, revocation rate and mean time to recovery (MTTR). Based on the framework, four representative CA systems are evaluated and compared in three typical usage scenarios, producing reasonable and insightful results. The inter-dependency between usage scenarios and system characteristics is investigated, providing a guideline to design better systems for different usage scenarios. The proposed framework provides an effective method to evaluate intrusion tolerant CA systems quantitatively. Moreover, the comparison results offer valuable insights to further improve the attack resilience of intrusion tolerant CA systems.

Original languageEnglish (US)
Title of host publicationProceedings - 26th IEEE International Symposium on Reliable Distributed Systems, SRDS 2007
Pages231-241
Number of pages11
DOIs
Publication statusPublished - Dec 1 2007
Event26th IEEE International Symposium on Reliable Distributed Systems, SRDS 2007 - Beijing, China
Duration: Oct 10 2007Oct 12 2007

Publication series

NameProceedings of the IEEE Symposium on Reliable Distributed Systems
ISSN (Print)1060-9857

Other

Other26th IEEE International Symposium on Reliable Distributed Systems, SRDS 2007
CountryChina
CityBeijing
Period10/10/0710/12/07

    Fingerprint

All Science Journal Classification (ASJC) codes

  • Software
  • Theoretical Computer Science
  • Hardware and Architecture
  • Computer Networks and Communications

Cite this

Lin, J., Jing, J., & Liu, P. (2007). A framework for intrusion tolerant certification authority system evaluation. In Proceedings - 26th IEEE International Symposium on Reliable Distributed Systems, SRDS 2007 (pp. 231-241). [4365699] (Proceedings of the IEEE Symposium on Reliable Distributed Systems). https://doi.org/10.1109/SRDS.2007.4365699