Michael Reiter, Matthew Franklin, John Lacy, and Rebecca Wright. The key management service. Journal of Computer Security, 4(4):267-287, 1996.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....should be gossip based in nature. The idea is rather to explore the feasibility of such a probabilistic approach along with a prediction of its performance in a highly dynamic setting, useful for many critical applications such as security services (e.g. distributed key management services [20], 21] certificate distribution and revocation for self organized public key infrastructures [22] The rest of this paper is organized as follows: Section II describes the network model and specifies more precisely the problem solved. Section III presents our RDG protocol. A formal analysis and ....

M.K. Reiter, "The # key management service," in Proc. of the 3rd ACM Conference on Computer and Communications Security (CCS), January 1996, pp. 38--47.

....should be probabilistic in nature. The idea is rather to explore the feasibility of such a probabilistic approach along with a prediction of its performance in a highly dynamic setting, useful for many critical applications such as security services (e.g. distributed key management services [20], 21] certificate distribution and revocation for self organized public key infrastructures [22] The rest of this paper is organized as follows: Section II describes the network model and more precisely specifies the problem solved. Section III presents our RDG protocol. A formal analysis and ....

M.K. Reiter, "The# key management service," in Proc. of the 3rd ACM Conference on Computer and Communications Security (CCS), January 1996, pp. 38--47.

....delay for all servers. 6 Related Work Systems. A fault tolerant authentication substrate [73] for supporting secure groups in the Horus system appears to be the first use of threshold cryptography along with replication for implementing a CA. That led to the design and implementation of# [74], a stand alone general purpose CA having more ambitious functionality, performance, and robustness goals. Unlike COCA, none of this early work was intended to resist denial of service attacks or mobile adversaries. On the other hand,# does provide clients with key escrow operations, something ....

M. K. Reiter, M. K. Franklin, J. B. Lacy, and R. N. Wright. The# key management service. Journal of Computer Security, 4(4):267--297, 1996.

....too many concurrent requests. 3.4 Related Work Systems. A fault tolerant authentication service [92] for supporting secure groups in the Horus system appears to be the first use of threshold cryptography along with replication for implementing a CA. That led to the design and implementation of# [93], a stand alone general purpose CA having more ambitious functionality, performance, and robustness goals. Unlike COCA, this early work was not intended to resist denial of service attacks or mobile adversaries. And, as discussed below, some vulnerability to denial of service attacks seems to be ....

M. K. Reiter, M. K. Franklin, J. B. Lacy, and R. N. Wright. The# key management service. Journal of Computer Security, 4(4):267--297, 1996.

....involves 6 message delays. 6 Related Work Systems. A fault tolerant authentication substrate [65] for supporting secure groups in the Horus system appears to be the rst use of threshold cryptography along with replication for implementing a CA. That led to the design and implementation of# [66], a stand alone general purpose CA having more ambitious functionality, performance, and robustness goals. Unlike COCA, none of this early work was intended to resist denial of service attacks or mobile adversaries. And, as discussed below, some vulnerability to 34 0 2 4 6 8 10 12 14 16 18 20 0 ....

M. K. Reiter, M. K. Franklin, J. B. Lacy, and R. N. Wright. The# key management service. Journal of Computer Security, 4(4):267297, 1996.

....The technical approach is based upon a distributed RSA key, such that k share servers generate a private RSA key that is shared among them from the moment of creation, and any t of the share serves can be used to apply the key. Another related system is the Omega Key Management Service system [27], designed and developed at Bell Labs. The W system is a distributed public key management system. It employs threshold techniques which can tolerate a number of server failures (via the implementation of the Rampart toolkit [25] but not recovering (proactive) techniques. The e Vault ....

M. Reiter, M. Franklin, J. Lacy and R. Wright, The W Key Management Service, Proc. of the 3rd ACM Conference on Computer and Communication Security, 1996.

....[30] because routers on networks such as the Internet are usually well protected and rarely compromised. 4. 2 Replicated secure services The concept of distributing trust to a group of servers is investigated by Reiter [39] This is the foundation of the Rampart toolkit [38] Reiter and others [40] have successfully used the toolkit in building a replicated key management service# which also employs threshold cryptography. One drawback of Rampart is that it may remove correct but slow servers from the group. Such removal renders the system at least temporarily more vulnerable. Membership ....

M. K. Reiter, M. K. Franklin, J. B. Lacy, and R. N. Wright. The# key management service. Journal of Computer Security, 4(4):267--297, 1996.

....1.503s 6.03 s 1.543s 5.66 s web server 2048 2 0.389s 5.05 s 1.527s 1.31 s 1.484s 1.34 s 1.509s 1.32 s CA 1024 2 0.067s 29.2 s 0.411s 4.86 s 0.403s 4.95 s 0.532s 3.72 s CA 2048 2 0.370s 5.38 s 1.434s 1.38 s 1.268s 1.55 s 1.749s 1. 12 s Table 6: Usage of ITTC in a CA and web server The system [12], built at AT T, also uses threshold cryptography to protect private keys. supported a Certi cation Authority (CA) used at AT T. It was the rst system to demonstrate the practicality of threshold cryptography. We note that does not support distributed key generation, detection of corrupt servers ....

M. Reiter, M. Franklin, J. Lacy, R. Wright, \The key management service", Proceedings of the 3rd ACM conference on Computer and Communication Security, 1996.

....for the user s password. 5 Discussion Since the password management scheme is the first step to authorise users in the UNIX system, it has been studied constantly. Sometimes it is dealt with a part of a new large framework for secure communications like in Kerberos [11,12] or the# service [14] using the Rampart toolkit [13] Also as an independent topic, many schemes for the password management have been suggested in various viewpoints such as one time password challengeresponse [1,4,7,9,15] weak password protection [2,3,6,16] or password hash encryption methods [5,8] The above ....

M. K. Reiter, M. K. Franklin, J. B. Lacy, and R. N. Wright. The# key management service. Journal of Computer Security, 4(4):267--287, 1996.

....This is a pre print of a paper to appear in proceedings of the 9th Computer Security Foundations Workshop, Ireland, June, 1996. behavior of some components [7] Practical examples of this can be found in W, a distributed, penetrationtolerant key management service that we are developing at AT T [14]. W makes use of distributed computations to perform key backup, recovery, and other functions in a way that ensures the correctness and availability of these functions, while hiding sensitive information from any sufficiently small coalition of penetrated servers. Reliable multicast underpins the ....

M. K. Reiter, M. K. Franklin, J. B. Lacy, and R. N. Wright. The W key management service. In Proceedings of the 3rd ACM Conference on Computer and Communications Security, pages 38--47, March 1996.

....which private keys are managed using ITTC. It is worth noting that previously [8] and [5] described an encrypted le system where le keys are distributed using Shamir secret sharing across several key servers. Unlike our system, the keys are reconstructed every time a le is accessed. The system [12] is another system that uses threshold cryptography to protect private keys. However, unlike ITTC, does not support distributed key generation, detection of corrupt servers or the ability to refresh shares in case the share servers are compromised. Our performance gures show that the cost of ....

M. Reiter, M. Franklin, J. Lacy, R. Wright, \The key management service", Proceedings of the 3rd ACM conference on Computer and Communication Security, 1996.

No context found.

Michael Reiter, Matthew Franklin, John Lacy, and Rebecca Wright. The key management service. Journal of Computer Security, 4(4):267-287, 1996.

No context found.

M. K. Reiter, M. K. Franklin, J. B. Lacy, and R. N. Wright. The# key management service. Journal of Computer Security, 4(4):267--297, 1996.

No context found.

M. Reiter, M. Franklin, J. Lacy, R. Wright. The # key management service. Journal of Computer Security 4(4):267--297, 1996.

No context found.

M. K. Reiter, M. K. Franklin, J. B. Lacy, and R. N. Wright. The # key management service. Journal of Computer Security, 4(4):267--297, 1996.

No context found.

M. K. Reiter, M. K. Franklin, J. B. Lacy, and R. N. Wright. The# key management service. Journal of Computer Security, 4(4):267297, 1996.

No context found.

M. K. Reiter, M. K. Franklin, J. B. Lacy, and R. N. Wright. The # key management service. Journal of Computer Security, 4(4):267--297, 1996.

No context found.

M. K. Reiter, M. K. Franklin, J. B. Lacy, and R. N. Wright. The# key management service. Journal of Computer Security, 4(4):267--297, 1996.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC