|
|||||
|
|
Geographic server distribution model for key revocation |
|
| Authors: | Sudip Misra Sumit Goswami Gyan Prakash Pathak Nirav Shah Isaac Woungang |
| Affiliation: | 1. School of Information Technology, Indian Institute of Technology, Kharagpur, India, 721302 2. Department of Computer Science and Engineering, Indian Institute of Technology, Kharagpur, India, 721302 3. Department of Computer Science, Ryerson University, Toronto, ON, Canada, M5B 2K3 |
| Abstract: | Key management is one of the important issues in ensuring the security of network services. The aim of key management is to ensure availability of the keys at both the receiver’s and the sender’s ends. Key management involves two aspects: key distribution and key revocation. Key distribution involves the distribution of keys to various nodes with secrecy to provide authenticity and privacy. Key revocation involves securely and efficiently managing the information about the keys which have been compromised. This paper presents the geographic server distributed model for key revocation which concerns about the security and performance of the system. The concept presented in this paper is more reliable, faster and scalable than the existing Public Key Infrastructure (PKI) framework in various countries, as it provides optimization of key authentication in a network. It proposes auto-seeking of a geographically distributed certifying authority’s key revocation server, which holds the revocation lists by the client, based on the best service availability. The network is divided itself into the strongest availability zones (SAZ), which automatically allows the new receiver to update the address of the authentication server and replace the old address with the new address of the SAZ, in case it moves to another location in the zone, or in case the server becomes unavailable in the same zone. In this way, it reduces the time to gain information about the revocation list and ensures availability and, thus, improvement of the system as a whole. Hence, the proposed system results in scalable, reliable and faster PKI infrastructure and will be attractive for the users who frequently change their location in the network. Our scheme eases out the revocation mechanism and enables key revocation in the legacy systems. It discusses the architecture as well as the performance of our scheme as compared to the existing scheme. However, our scheme does not call for the entire change in PKI, but is compatible with the existing scheme. Our simulations show that the proposed scheme is better for key revocation. |
| Keywords: | |
| 本文献已被 SpringerLink 等数据库收录! | |