New adaptive trust models against DDoS: Back-up CA and Mesh PKI

Jaeil Lee; Minsoo Lee; Jabeom Gu; Seoklae Lee; Sehyun Park; Jooseok Song

New adaptive trust models against DDoS: Back-up CA and Mesh PKI

Jaeil Lee, Minsoo Lee, Jabeom Gu, Seoklae Lee, Sehyun Park, Jooseok Song

Department of Computer Science

Research output: Contribution to journal › Article

1 Citation (Scopus)

Abstract

Most of Public Key Infrastructures (PKIs) are based on the ITU-T X.509, and the top-down hierarchical structure is extensively employed for the PKI community. However, the prominent drawback of the hierarchical PKI structure is that the CAs can be the target of serious attacks such as Distributed Denial-of-Service (DDoS). In this paper, we present two new models, Back-up CA and Mesh PKI, to cope with such Internet attacks. The proposed Back-up CA sets up an alternative path when an original CA is under attack, consequently improving availability and flexibility. Mesh PKI is a collection of CAs dynamically linked by multiple peer-to-peer cross-certifications. The Mesh PKI is very attractive, not only because they are robust to attacks but also because they help to reduce overall certificate validation time and to balance the load across multiple CAs.

Original language	English
Pages (from-to)	731-737
Number of pages	7
Journal	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	2713
Publication status	Published - 2003 Dec 1

Fingerprint

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
Computer Science(all)

Cite this

Lee, J., Lee, M., Gu, J., Lee, S., Park, S., & Song, J. (2003). New adaptive trust models against DDoS: Back-up CA and Mesh PKI. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2713, 731-737.

@article{e16f4f1607b24ee7869b395af220ff7c,

title = "New adaptive trust models against DDoS: Back-up CA and Mesh PKI",

abstract = "Most of Public Key Infrastructures (PKIs) are based on the ITU-T X.509, and the top-down hierarchical structure is extensively employed for the PKI community. However, the prominent drawback of the hierarchical PKI structure is that the CAs can be the target of serious attacks such as Distributed Denial-of-Service (DDoS). In this paper, we present two new models, Back-up CA and Mesh PKI, to cope with such Internet attacks. The proposed Back-up CA sets up an alternative path when an original CA is under attack, consequently improving availability and flexibility. Mesh PKI is a collection of CAs dynamically linked by multiple peer-to-peer cross-certifications. The Mesh PKI is very attractive, not only because they are robust to attacks but also because they help to reduce overall certificate validation time and to balance the load across multiple CAs.",

author = "Jaeil Lee and Minsoo Lee and Jabeom Gu and Seoklae Lee and Sehyun Park and Jooseok Song",

year = "2003",

month = dec

day = "1",

language = "English",

volume = "2713",

pages = "731--737",

journal = "Lecture Notes in Computer Science",

issn = "0302-9743",

publisher = "Springer Verlag",

}

New adaptive trust models against DDoS : Back-up CA and Mesh PKI. / Lee, Jaeil; Lee, Minsoo; Gu, Jabeom; Lee, Seoklae; Park, Sehyun; Song, Jooseok.

In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Vol. 2713, 01.12.2003, p. 731-737.

Research output: Contribution to journal › Article

TY - JOUR

T1 - New adaptive trust models against DDoS

T2 - Back-up CA and Mesh PKI

AU - Lee, Jaeil

AU - Lee, Minsoo

AU - Gu, Jabeom

AU - Lee, Seoklae

AU - Park, Sehyun

AU - Song, Jooseok

PY - 2003/12/1

Y1 - 2003/12/1

N2 - Most of Public Key Infrastructures (PKIs) are based on the ITU-T X.509, and the top-down hierarchical structure is extensively employed for the PKI community. However, the prominent drawback of the hierarchical PKI structure is that the CAs can be the target of serious attacks such as Distributed Denial-of-Service (DDoS). In this paper, we present two new models, Back-up CA and Mesh PKI, to cope with such Internet attacks. The proposed Back-up CA sets up an alternative path when an original CA is under attack, consequently improving availability and flexibility. Mesh PKI is a collection of CAs dynamically linked by multiple peer-to-peer cross-certifications. The Mesh PKI is very attractive, not only because they are robust to attacks but also because they help to reduce overall certificate validation time and to balance the load across multiple CAs.

AB - Most of Public Key Infrastructures (PKIs) are based on the ITU-T X.509, and the top-down hierarchical structure is extensively employed for the PKI community. However, the prominent drawback of the hierarchical PKI structure is that the CAs can be the target of serious attacks such as Distributed Denial-of-Service (DDoS). In this paper, we present two new models, Back-up CA and Mesh PKI, to cope with such Internet attacks. The proposed Back-up CA sets up an alternative path when an original CA is under attack, consequently improving availability and flexibility. Mesh PKI is a collection of CAs dynamically linked by multiple peer-to-peer cross-certifications. The Mesh PKI is very attractive, not only because they are robust to attacks but also because they help to reduce overall certificate validation time and to balance the load across multiple CAs.

UR - http://www.scopus.com/inward/record.url?scp=26444621174&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=26444621174&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:26444621174

VL - 2713

SP - 731

EP - 737

JO - Lecture Notes in Computer Science

JF - Lecture Notes in Computer Science

SN - 0302-9743

ER -

New adaptive trust models against DDoS: Back-up CA and Mesh PKI

Abstract

Fingerprint

All Science Journal Classification (ASJC) codes

Cite this

Access to Document