PKI Scalability Issues

نویسندگان

  • Adam J. Slagell
  • Rafael Bonilla
چکیده

We spend much of our time trying to communicate with each other. Wide-spread use of the Internet has increased the number of ways and the amount we communicate with each other. For example, we may now spend many hours per day simply writing and replying to e-mails. Like normal communication, there is information that can be publicly known (or at least we do not care if someone else knows it), and there are critical messages that we prefer only to be in the possession of the intended recipient(s). Going into a dark alley to send an e-mail does not mean that it was delivered to the right person and that the information remains confidential. Encryption helps solve problems of confidentiality. Private key or symmetric encryption systems transform, by applying complex mathematical functions, our secret message written in plain language to something that will look like gibberish. In order to reverse the transformation you need to know the correct key. Any two users trying to communicate securely can agree on a shared secret key and use symmetric encryption systems to protect their information. If the same user wants to talk with a third user, they need to agree on another key. In the end, symmetric encryption systems that wish to support communication between members of arbitrary subgroups need Θ(n) private keys, where n is the number of users (one key for each pair of users). This is quite impractical. Public key or asymmetric cryptography allows individuals to define two keys: a public one for encryption, and a private one for decryption. Now, instead of agreeing on one private key, Alice can encrypt a message for Bob using his public key and send it. Bob, knowing the corresponding private key will decrypt the message and read it. Eve, a malicious user listening to Alice and Bob’s communications, will not be able decrypt the messages because she does not know the private keys. The total number of secret keys per user is reduced from n−1 to just 1. A problem with asymmetric encryption is that it is significantly slower than symmetric encryption systems. We can solve this problem using asymmetric systems to agree on a per-session symmetric key to be used for the bulk of the encryption workload. Still, a major problem remains. How can be Alice sure that the key is actually Bob’s public key and not Eve’s public key? Public Key Infrastructures (PKIs) help solve this problem. The purpose of a PKI is two-fold: (1) to help Alice retrieve Bob’s public key and (2) to give Alice confidence that the key really belongs to Bob. There are several PKI implementations. The lack of standards and the need to have a solution that can be easily used, even for large environments, have delayed the global adoption of a PKI. We have been studying the scalability of PKIs, and in this report we present several current PKI implementations and discuss the most important issues related to them. In section 2 we present an overview discussion of different PKIs. Section 3 describes different problems with traditional PKIs during enrollment and certificate issuance along with three different PKI solutions to those problems. Section 4 discusses several certificate revocation systems and discusses scalability issues with each. People are now trying to enhance PKI by providing real-time services; section 5 reviews some of those services. Then, in section 6 we discuss PKI issues that are

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Grid Cryptographic Simulation: A Simulator to Evaluate the Scalability of the X.509 Standard in the Smart Grid

PKI may be pushed beyond known limits when scaled to some visions of the smart grid; our research developed a simulation, Grid Cryptographic Simulation (GCS), to evaluate these potential issues, identify cryptographic bottlenecks, and evaluate tradeoffs between performance and security. Ultimately, GCS can be used to identify scalability challenges and suggest improvements to make PKI more effi...

متن کامل

Design of an enhanced PKI for ubiquitous networks

This paper deals with security issues in ubiquitous networks as defined in the UBISEC project. The main challenges arise from network heterogeneity (WiFi, UMTS, Bluetooth, etc.) and dynamic population of nomadic users and limited devices. PKI presents a number of drawbacks: scalability, static trust model, high administrative costs, and global agreements are needed. Besides, it is not suited fo...

متن کامل

A Practical Approach to Expose the Public Key Infrastructure Features through Webservices

The Public Key Infrastructure (PKI) provides services that permit users to communicate in a secure manner on an unsecure network by means of digital certificates and cryptography primitives. However, in order to secure an application through cryptography and PKI, cryptographic primitives need to be implemented in the programming language used to develop the application. This raises scalability ...

متن کامل

PKI Implementation Issues: A Comparative Study of Pakistan with some Asian Countries

The paper includes Public Key Infrastructure (PKI), its need and requirements and introduction of some renowned PKI products. However, the major thrust of this work is that how PKI can enhance security of various systems. The paper is intended to serve as a guide on how to adequately prepare for some of the challenges that may be encountered especially in developing countries like Pakistan. The...

متن کامل

A New Level 3 Trust Hierarchal Certificateless Public Key Cryptography Scheme in the Random Oracle Model

Despite the fact that the traditional public key infrastructure provides Level 3 trusted authority, but its two major problems of scalability and certificate management raised the need to an alternative security infrastructure. That motivated the appearance of new technologies to replace the traditional PKI, such as the Identity based encryption, the certificateless encryption, etc. But all tho...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • CoRR

دوره cs.CR/0409018  شماره 

صفحات  -

تاریخ انتشار 2004