Skip to main content
SpringerLink
Log in

ConChord: Cooperative SDSI Certificate Storage and Name Resolution

  • Conference paper
  • First Online:
Book cover Peer-to-Peer Systems (IPTPS 2002)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2429))

Included in the following conference series:

Abstract

We present ConChord, a large-scale certificate distribution system built on a peer-to-peer distributed hash table. ConChord provides load-balanced storage while eliminating many of the administrative difficulties of traditional, hierarchical server architectures. ConChord is specifically designed to support SDSI, a fully-decentralized public key infrastructure that allows principals to define local names and link their namespaces to delegate trust. We discuss the particular challenges ConChord must address to support SDSI efficiently, and we present novel algorithms and distributed data structures to address them. Experiments show that our techniques are effiective and practical for large SDSI name hierarchies.

Authors in alphabetical order.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. S. Ajmani. A Trusted Execution Platform for multiparty computation. Master’s thesis, MIT, 2000. App A: Certificate Chain Algorithms.

    Google Scholar 

  2. M. Blaze, J. Feigenbaum, and A. D. Keromytis. Keynote: Trust management for public-key infrastructures (position paper). In Security Protocols Workshop, pages 59–63, 1998.

    Google Scholar 

  3. M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized trust management. Technical Report 96-17, 28, 1996.

    Google Scholar 

  4. D. Clarke, J. Elien, C. Ellison, M. Fredette, A. Morcos, and R. L. Rivest. Certificate chain discovery in SPKI/SDSI. Journal of Computer Security, 2001.

    Google Scholar 

  5. R. Cox and A. Muthitacharoen. Serving DNS using Chord. In Proc. IPTPS, 2002.

    Google Scholar 

  6. F. Dabek, M. F. Kaashoek, D. Karger, R. Morris, and I. Stoica. Wide-area cooperative storage with CFS. In Proc. ACM SOSP, Oct. 2001.

    Google Scholar 

  7. P. Druschel and A. Rowstron. PAST a large-scale, persistent peer-to-peer storage utility. In HotOS VIII, May 2001.

    Google Scholar 

  8. C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen. SPKI certificate theory. RFC 2693, Sept. 1999.

    Google Scholar 

  9. C. M. Ellison and D. E. Clarke. High speed TUPLE reduction. Memo, Intel, 1999.

    Google Scholar 

  10. C. A. Gunter and T. Jim. Policy-directed certificate retreival. Technical Report MS-CIS-99-07, U. Penn., Sept. 1998.

    Google Scholar 

  11. J. Y. Halpern and R. van der Meyden. A logic for SDSI’s linked local name spaces. Journal of Computer Security, 9(1,2):47–74, 2000.

    Google Scholar 

  12. T. Jim. SD3: A trust management system with certified evaluation. In Proc. 2001 IEEE Symposium on Security and Privacy, May 2001.

    Google Scholar 

  13. J. Jung, E. Sit, H. Balakrishnan, and R. Morris. DNS performance and the effiectiveness of caching. In Proc. ACM SIGCOMM Internet Measurement Workshop, 2001.

    Google Scholar 

  14. N. Li, W. H. Winsborough, and J. C. Mitchell. Distributed credential chain discovery in trust management. In Proc. 8th ACM CCS, Nov. 2001.

    Google Scholar 

  15. P. Nikander and L. Viljanen. Storing and retrieving internet certificates. In Proc. 3rd Nordic Workshop on Secure IT Systems, 1998.

    Google Scholar 

  16. S. Ratnasamy, P. Francis, M. Handley, R. Karp, and S. Shenker. A scalable content-addressable network. In Proc. ACM SIGCOMM, 2001.

    Google Scholar 

  17. R. L. Rivest and B. Lampson. SDSI-A simple distributed security infrastructure. Apr. 1996.

    Google Scholar 

  18. A. Rowstron and P. Druschel. Pastry: Scalable, distributed object location and routing for large-scale peer-to-peer systems. In Proc. IFIP/ACM Middleware, 2001.

    Google Scholar 

  19. I. Stoica, R. Morris, D. Karger, M. Kaashoek, and H. Balakrishnan. Chord: A scalable peer-to-peer lookup service for Internet applications. In Proc. ACM SIGCOMM, Aug. 2001.

    Google Scholar 

  20. B. Y. Zhao, J. Kubiatowicz, and A. Joseph. Tapestry: An infrastructure for faulttolerant wide-area location and routing. Technical Report UCB/CSD-01-1141, UC Berkeley, Apr. 2001.

    Google Scholar 

  21. P. R. Zimmermann. The Official PGP User’s Guide. MIT Press, 1995.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. MIT Laboratory for Computer Science, 200 Technology Square, 02139, Cambridge, MA, USA

    Sameer Ajmani, Dwaine E. Clarke, Chuang-Hue Moh & Steven Richman

Authors
  1. Sameer Ajmani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dwaine E. Clarke
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Chuang-Hue Moh
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Steven Richman
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Rice University, MS 132, 88005, Houston, TX, USA

    Peter Druschel

  2. MIT Laboratory of Computer Science, 200 Technology Square, Cambridge, MA, USA

    Frans Kaashoek

  3. Microsoft Research Ltd., 7 J J Thomson Avenue, CB3 0FB, Cambridge, UK

    Antony Rowstron

Rights and permissions

Reprints and permissions

Copyright information

© 2002 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ajmani, S., Clarke, D.E., Moh, CH., Richman, S. (2002). ConChord: Cooperative SDSI Certificate Storage and Name Resolution. In: Druschel, P., Kaashoek, F., Rowstron, A. (eds) Peer-to-Peer Systems. IPTPS 2002. Lecture Notes in Computer Science, vol 2429. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45748-8_14

Download citation

  • DOI: https://doi.org/10.1007/3-540-45748-8_14

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-44179-3

  • Online ISBN: 978-3-540-45748-0

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation