Skip to main content
SpringerLink
Log in

New Adaptive Trust Models against DDoS: Back-Up CA and Mesh PKI

  • Conference paper
  • First Online:
Book cover Web and Communication Technologies and Internet-Related Social Issues — HSI 2003 (HSI 2003)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2713))

Included in the following conference series:

Abstract

Most of Public Key Infrastructures (PKIs) are based on the ITU-T X.509, and the top-down hierarchical structure is extensively employed for the PKI community. However, the prominent drawback of the hierarchical PKI structure is that the CAs can be the target of serious attacks such as Distributed Denial-of-Service (DDoS). In this paper, we present two new models, Back-up CA and Mesh PKI, to cope with such Internet attacks. The proposed Back-up CA sets up an alternative path when an original CA is under attack, consequently improving availability and flexibility. Mesh PKI is a collection of CAs dynamically linked by multiple peer-to-peer cross-certifications. The Mesh PKI is very attractive, not only because they are robust to attacks but also because they help to reduce overall certificate validation time and to balance the load across multiple CAs.

This work was supported by grant No.R01-2001-00303 from the Basic Research Program of the Korea Science & Engineering Foundation and KISA 2001.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. ITU-T Recommendation X.509, “Information Technology-Open systems interconnection-The directory: public-key and attribute certificate frameworks”, 2002.

    Google Scholar 

  2. R. Housley, et. al, “Internet X.509 Public Key Infrastructure Certificate and CRL Profile”, RFC3280, April 2002.

    Google Scholar 

  3. R. Perlman, “An overview of PKI Trust Models”, IEEE Network, Volume 13, issue 6, 1999.

    Google Scholar 

  4. G. Caronni, “Walking the Web of trust”, Proceedings of IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, 2000.

    Google Scholar 

  5. A. Levi, M. U. Caglayan, “An efficient, dynamic and trust preserving public key infrastructure”, Proceedings of IEEE Symposium on Security and Privacy, 2000.

    Google Scholar 

  6. B. A. Forouzan, TCP/IP Protocol Suite, McGRAW-HILL, 2000.

    Google Scholar 

  7. A. Malpani, et. al., “Simple Certificate Validation Protocol (SCVP)”, Internet Draft <http://draft-ietf-pkix-scvp-11.txt>, December 2002.

Download references

Author information

Authors and Affiliations

  1. Korea Information Security Agency, 78, Karak dong, Songpa-Gu, Seoul, Korea

    Jaeil Lee & Seoklae Lee

  2. School of Electrical and Electronic Engineering, Chung-Ang University, 221, HukSuk-Dong, DongJak-Gu, Seoul, Korea

    Minsoo Lee, Jabeom Gu & Sehyun Park

  3. Department of Computer Science, Yonsei University, 134, ShinChon-Dong, SoeDaeMun-Gu, Seoul, Korea

    JooSeok Song

Authors
  1. Jaeil Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Minsoo Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jabeom Gu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Seoklae Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Sehyun Park
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. JooSeok Song
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Division of Computer Science, Korea Advanced Institute of Science and Technology, 373-1 Guseong-Dong, Yuseong-Gu, Daejeon, 305-701, Korea

    Chin-Wan Chung

  2. Dept. of Computer Engineering, Seoul National University, San 56-1, Shillim-Dong, Gwanak-Gu, Seoul, 151-742, Korea

    Chong-Kwon Kim

  3. Cyber Database Solutions, Inc., 3445 Executive Center Drive, Suite 256, TX, 78731, USA

    Won Kim

  4. Dept. of Computer Science, National University of Singapore, 3 Science Drive 2, Singapore, 117543

    Tok-Wang Ling

  5. Korea Network Information Center, 11F, KTF B/D 1321-11, Seocho2-Dong, Seocho-Gu, Seoul, 137-857, Korea

    Kwan-Ho Song

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Lee, J., Lee, M., Gu, J., Lee, S., Park, S., Song, J. (2003). New Adaptive Trust Models against DDoS: Back-Up CA and Mesh PKI. In: Chung, CW., Kim, CK., Kim, W., Ling, TW., Song, KH. (eds) Web and Communication Technologies and Internet-Related Social Issues — HSI 2003. HSI 2003. Lecture Notes in Computer Science, vol 2713. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45036-X_83

Download citation

  • DOI: https://doi.org/10.1007/3-540-45036-X_83

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-40456-9

  • Online ISBN: 978-3-540-45036-8

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation