Most of Public Key Infrastructures (PKIs) are based on the ITU-T X.509, and the top-down hierarchical structure is extensively employed for the PKI community. However, the prominent drawback of the hierarchical PKI structure is that the CAs can be the target of serious attacks such as Distributed Denial-of-Service (DDoS). In this paper, we present two new models, Back-up CA and Mesh PKI, to cope with such Internet attacks. The proposed Back-up CA sets up an alternative path when an original CA is under attack, consequently improving availability and flexibility. Mesh PKI is a collection of CAs dynamically linked by multiple peer-to-peer cross-certifications. The Mesh PKI is very attractive, not only because they are robust to attacks but also because they help to reduce overall certificate validation time and to balance the load across multiple CAs.
[1]
Behrouz A. Forouzan.
TCP/IP Protocol Suite
,
1999
.
[2]
M. Ufuk Çaglayan,et al.
An efficient, dynamic and trust preserving public key infrastructure
,
2000,
Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.
[3]
Germano Caronni,et al.
Walking the Web of trust
,
2000,
Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000).
[4]
Russ Housley,et al.
Internet X.509 Public Key Infrastructure Certificate and CRL Profile
,
1999,
RFC.
[5]
R. Perlman,et al.
An overview of PKI trust models
,
1999,
IEEE Netw..