基于入侵容忍的证书撤销列表机制研究
发布时间:2018-07-29 09:48
【摘要】:公钥基础设施(PKI)系统中,认证机构(CA)签名不易伪造,对基于证书撤销列表(CRL)的证书撤销系统的入侵通常是破坏系统的可用性和数据的完整性,针对这一特点,设计了入侵容忍CRL服务系统。系统利用冗余的多台服务器存储CRL,在进行多机之间的数据复制和使用时,采取随机选择主服务器的被动复制算法及选择最近更新的CRL简单表决算法。在实验给定的入侵攻击条件下,入侵容忍的CRL系统比无容忍系统的证书撤销查询正确率提高了近20%,但也增加了系统的开销。实验结果表明,适当地增加CRL服务器的数量能够提高证书撤销查询的正确率且控制系统的开销。
[Abstract]:In public key infrastructure (PKI) system, (CA) signature is not easy to forge. The intrusion of certificate revocation system based on certificate revocation list (CRL) is usually to destroy the usability of the system and the integrity of data. An intrusion tolerant CRL service system is designed. The system uses redundant multiple servers to store CRLs. In the process of data replication and usage between multiple computers, the passive replication algorithm of random selection of primary servers and the recently updated CRL simple voting algorithm are adopted. Under the given intrusion attack conditions, the correct rate of certificate revocation query in the intrusion tolerant CRL system is increased by nearly 20%, but the system overhead is also increased. The experimental results show that properly increasing the number of CRL servers can improve the correct rate of certificate revocation query and control the overhead of the system.
【作者单位】: 沈阳航空航天大学计算机学院;
【分类号】:TP393.08
[Abstract]:In public key infrastructure (PKI) system, (CA) signature is not easy to forge. The intrusion of certificate revocation system based on certificate revocation list (CRL) is usually to destroy the usability of the system and the integrity of data. An intrusion tolerant CRL service system is designed. The system uses redundant multiple servers to store CRLs. In the process of data replication and usage between multiple computers, the passive replication algorithm of random selection of primary servers and the recently updated CRL simple voting algorithm are adopted. Under the given intrusion attack conditions, the correct rate of certificate revocation query in the intrusion tolerant CRL system is increased by nearly 20%, but the system overhead is also increased. The experimental results show that properly increasing the number of CRL servers can improve the correct rate of certificate revocation query and control the overhead of the system.
【作者单位】: 沈阳航空航天大学计算机学院;
【分类号】:TP393.08
【参考文献】
相关期刊论文 前1条
1 刘海蛟;荆继武;林t燂,
本文编号:2152291
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2152291.html
