A framework toward a self-organizing and self-healing certificate authority group in a Content Addressable Network

Public-key provision in on Internet scale is crucial for securing peer-to-peer (P2P) applications. This paper proposes a framework for a self-organizing and self-healing certificate authority (CA) in a Content Addressable Network (CAN) that can provide certificates without a centralized Trusted Third Party (TTP). In our framework, a CA group is initialized by bootstrapping nodes and then grows to a mature state by itself. Based on our group management policies, the membership in the CA group is dynamic and has a uniform distribution over the P2P community. Meanwhile, the honest majority of the CA group is maintained by a Byzantine agreement algorithm, and all shares of the CA group are refreshed gradually and continuously. A security analysis shows that the framework enables key registration and certificate issue with resistance to man-in-the-middle (MITM), collusion, and node impersonation attacks.

[1]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.

[2]  Josh Benaloh,et al.  Secret Sharing Homomorphisms: Keeping Shares of A Secret Sharing , 1986, CRYPTO.

[3]  Mark Handley,et al.  Application-Level Multicast Using Content-Addressable Networks , 2001, Networked Group Communication.

[4]  Mark Handley,et al.  A scalable content-addressable network , 2001, SIGCOMM '01.

[5]  Valérie Viet Triem Tong,et al.  An efficient distributed PKI for structured P2P networks , 2009, 2009 IEEE Ninth International Conference on Peer-to-Peer Computing.

[6]  Matthew K. Franklin,et al.  Efficient generation of shared RSA keys , 2001, JACM.

[7]  Flaviu Cristian,et al.  The Timed Asynchronous Distributed System Model , 1999, IEEE Trans. Parallel Distributed Syst..

[8]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[9]  Mark Handley,et al.  A scalable content-addressable network , 2001, SIGCOMM 2001.

[10]  Panayiotis Kotzanikolaou,et al.  Chord-PKI: Embedding a Public Key Infrastructure into the Chord Overlay Network , 2007, EuroPKI.

[11]  Burton S. Kaliski,et al.  PKCS #10: Certification Request Syntax Specification Version 1.7 , 2000, RFC.

[12]  Liviu Iftode,et al.  Byzantine fault tolerant public key authentication in peer-to-peer systems , 2006, Comput. Networks.

[13]  Tetsuo Kinoshita,et al.  A New Authentication Method with Distributed Hash Table for P2P Network , 2008, 22nd International Conference on Advanced Information Networking and Applications - Workshops (aina workshops 2008).

[14]  Valérie Viet Triem Tong,et al.  A Distributed Certification System for Structured P2P Networks , 2008, AIMS.