Abstract
Most of Public Key Infrastructures (PKIs) are based on the ITU-T X.509, and the top-down hierarchical structure is extensively employed for the PKI community. However, the prominent drawback of the hierarchical PKI structure is that the CAs can be the target of serious attacks such as Distributed Denial-of-Service (DDoS). In this paper, we present two new models, Back-up CA and Mesh PKI, to cope with such Internet attacks. The proposed Back-up CA sets up an alternative path when an original CA is under attack, consequently improving availability and flexibility. Mesh PKI is a collection of CAs dynamically linked by multiple peer-to-peer cross-certifications. The Mesh PKI is very attractive, not only because they are robust to attacks but also because they help to reduce overall certificate validation time and to balance the load across multiple CAs.
This work was supported by grant No.R01-2001-00303 from the Basic Research Program of the Korea Science & Engineering Foundation and KISA 2001.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
ITU-T Recommendation X.509, “Information Technology-Open systems interconnection-The directory: public-key and attribute certificate frameworks”, 2002.
R. Housley, et. al, “Internet X.509 Public Key Infrastructure Certificate and CRL Profile”, RFC3280, April 2002.
R. Perlman, “An overview of PKI Trust Models”, IEEE Network, Volume 13, issue 6, 1999.
G. Caronni, “Walking the Web of trust”, Proceedings of IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, 2000.
A. Levi, M. U. Caglayan, “An efficient, dynamic and trust preserving public key infrastructure”, Proceedings of IEEE Symposium on Security and Privacy, 2000.
B. A. Forouzan, TCP/IP Protocol Suite, McGRAW-HILL, 2000.
A. Malpani, et. al., “Simple Certificate Validation Protocol (SCVP)”, Internet Draft <http://draft-ietf-pkix-scvp-11.txt>, December 2002.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lee, J., Lee, M., Gu, J., Lee, S., Park, S., Song, J. (2003). New Adaptive Trust Models against DDoS: Back-Up CA and Mesh PKI. In: Chung, CW., Kim, CK., Kim, W., Ling, TW., Song, KH. (eds) Web and Communication Technologies and Internet-Related Social Issues — HSI 2003. HSI 2003. Lecture Notes in Computer Science, vol 2713. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45036-X_83
Download citation
DOI: https://doi.org/10.1007/3-540-45036-X_83
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40456-9
Online ISBN: 978-3-540-45036-8
eBook Packages: Springer Book Archive