Modeling and Evaluation of Certification Path Discovery in the Emerging Global PKI
نویسندگان
چکیده
Establishing trust on certificates across multiple domains requires an efficient certification path discovery algorithm. Previously, small exmaples are used to analyze the performance of certification path discovery. In this work, we propose and implement a simulation framework and a probability search tree model for systematic performance evaluation. Built from measurement data collected from current PKI systems in development and deployment over more than 10 countries, our model is (to the best of our knowledge) the largest simulated PKI architecture to-date.
منابع مشابه
Building a Virtual Hierarchy for Managing Trust Relationships in a Hybrid Architecture
Trust models provide a framework to create and manage trust relationships among the different entities of a Public Key Infrastructure (PKI). These trust relationships are verified through the certification path validation process, which involves: path discovery, signature verification and revocation status checking. When trust relationships are bidirectional, multiple paths can exist between tw...
متن کاملPerformance Evaluation of Distributed Security Protocols Using Discrete Event Simulation
The Border Gateway Protocol (BGP) that manages inter-domain routing on the Internet lacks security. Protective measures using public key cryptography introduce complexities and costs. To support authentication and other security functionality in large networks, we need public key infrastructures (PKIs). Protocols that distribute and validate certificates introduce additional complexities and co...
متن کاملGlobal PKI Interoperability: Korean Endeavour
Digital Signature Act has been put into force since July 1999 to prepare a Infrastructure of secure and reliable electronic transaction in Korea. Korea Information Security Agency is the Root Certification Authority, which has four Licensed Certification Authorities subordinately, as of August 2001, approximately 900,000 certificates has been issued to be used in the area of internet banking, e...
متن کاملAn Efficient, Dynamic and Trust Preserving Public Key Infrastructure
Nested certification is a methodology for efficient certificate path verification. Nested certificates can be used together with classical certificates in the Public Key Infrastructures (PKIs). Such a PKI, which is called Nested certificate based PKI (NPKI), is proposed in this paper as alternative to classical PKI. The NPKI formation model is a transition from an existing PKI by issuing nested...
متن کاملA QSAR Study of HIV Protease Inhibitors Using Computational Descriptors to Prediction of pki of Cycle Derivatives of Urea
Preventing and reducing the spread of HIV (HIV) has always been a concern in medical science. One of the most common ways to control the virus is using enzyme-blocking drugs. In this study, we attempted to predict the biological activity (PKi) of organic urea derivatives in protease inhibitor compounds using molecular modeling using QSAR (Quantitative Structure Activity Relation), which is the ...
متن کامل