SecureGuard: A Certificate Validation System in Public Key Infrastructure

Alrawais Arwa; Alhothaily Abdulrahman; Cheng Xiuzhen; Hu Chunqiang; Yu Jiguo

首页> 外文期刊>Fortschritte der Physik >SecureGuard: A Certificate Validation System in Public Key Infrastructure

【24h】

SecureGuard: A Certificate Validation System in Public Key Infrastructure

机译：SecureGuard：公钥基础架构中的证书验证系统

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

Certificate validation in public key infrastructure (PKI) is a vital phase of establishing secure connections on any network. There has been a great deal of speculation on how to efficiently validate digital certificates in PKI on which the security of network communications rests. Developing such a system is challenging because digital certificates need to be quickly and securely validated for a large number of clients in a short period of time at a low cost. On the other hand, our analysis on the TLS handshakes of the Alexa Top 1 Million domains dataset indicates that the current popular certificate validation systems cannot deliver certificate validation information to the clients in a timely fashion and suffer from high overhead at the client side, making them susceptible to a number of attacks. Motivated by these observations, we present SecureGuard, a certificate validation system that can effectively handle certificate validation during TLS handshakes. Our system utilizes Internet service providers (ISPs) as the primary entity for certificate validation exploiting the fact that any Internet access request must pass through the ISP proxy-cache servers. We provide an extensive evaluation on SecureGuard and illustrate its efficiency. Moreover, we introduce a quantitative analysis method that can investigate the costs incurred by our system and other certificate validation approaches under the same evaluation scenarios. Our implementation results demonstrate that SecureGuard is able to validate the digital certificates within a short period of time, in a secure manner, with less network overhead.

机译：公钥基础架构（PKI）中的证书验证是在任何网络上建立安全连接的重要阶段。有很多关于如何有效地验证PKI中的数字证书的大量猜测，其中网络通信的安全性休息。开发这样的系统是具有挑战性的，因为在短时间内需要快速和安全地验证数字证书，以低成本。另一方面，我们对Alexa前100万个域的TLS握手的分析表明当前流行的证书验证系统无法及时向客户提供证书验证信息，并在客户端的高度开销，制作他们容易受到许多攻击。通过这些观察结果，我们呈现SecureGuard，这是一个可以在TLS握手期间有效处理证书验证的证书验证系统。我们的系统利用Internet服务提供商（ISP）作为证书验证的主要实体，利用任何Internet访问请求必须通过ISP代理缓存服务器的事实。我们对SecureGuard提供了广泛的评估，并说明了其效率。此外，我们介绍了一种定量分析方法，可以调查我们的系统和其他证书验证方法在同一评估方案下的成本。我们的实现结果表明，SecureGuard能够以安全的方式在短时间内验证数字证书，并且网络开销较少。

著录项

来源
《Fortschritte der Physik》 |2018年第6期|共10页
作者
Alrawais Arwa; Alhothaily Abdulrahman; Cheng Xiuzhen; Hu Chunqiang; Yu Jiguo;
展开▼
作者单位

George Washington Univ Dept Comp Sci Washington DC 20052 USA;

George Washington Univ Dept Comp Sci Washington DC 20052 USA;

George Washington Univ Dept Comp Sci Washington DC 20052 USA;

Chongqing Univ Key Lab Dependable Serv Comp Cyber Phys Soc Minist Educ Chongqing 400044 Peoples R China;

Qufu Normal Univ Sch Informat Sci &

Engn Rizhao 276826 Peoples R China;

展开▼
收录信息
原文格式 PDF
正文语种 eng
中图分类物理学;
关键词
Network security; public key infrastructure (PKI); certificate validation system;

机译：网络安全;公钥基础设施（PKI）;证书验证系统;

相似文献

外文文献
中文文献
专利

1. SecureGuard: A Certificate Validation System in Public Key Infrastructure [J] . Alrawais Arwa, Alhothaily Abdulrahman, Cheng Xiuzhen, Fortschritte der Physik . 2018,第6期

机译：SecureGuard：公钥基础架构中的证书验证系统
2. Proposal of certificate validation model at government public key infrastructure (GPKI) [J] . Takahiro Fujishiro, Hironobu Goshima, Satoru Tezuka 電子情報通信学会技術研究報告. オフィスシステム . 2001,第664期

机译：政府公共关键基础设施证书验证模式的提案（GPKI）
3. Evaluation Level of Trust on Implementing Public Key Infrastructure in Procurement System Certificate Authority Which is Held by National Crypto Agency [J] . Advanced Science Letters . 2018,第7期

机译：国家加密机构举办的采购系统证书颁发机构公共关键基础设施的信任评价水平
4. ECPV: EFFICIENT CERTIFICATE PATH VALIDATION IN PUBLIC-KEY INFRASTRUCTURE [C] . M. Halappanavar, R. Mukkamala, International Federation for Information Processing(IFIP) IFIP TC11/WG11.3 Annual Working Conference on Data and Applications Security . 2004

机译：ECPV：公共关键基础架构中有效的证书路径验证
5. A feasibility study: Secure public key infrastructure with quantum key distributions in grid computing. [D] . Chiang, Borming. 2007

机译：可行性研究：使用网格计算中的量子密钥分布来保护公钥基础结构。
6. The public health workforce: key to public health infrastructure. [O] . K M Gebbie 1999

机译：公共卫生人力：公共卫生基础设施的关键。
7. Validation of Route Origination Using the Resource Certificate Public Key Infrastructure (PKI) and Route Origin Authorizations (ROAs) [O] . G. Huston, G. Michaelson 2012

机译：使用资源证书公钥基础结构（PKI）和路由授权（ROAS）验证路由发起的验证

SecureGuard: A Certificate Validation System in Public Key Infrastructure

摘要

著录项

相似文献

相关主题

期刊订阅