A quantitative study of Public Key Infrastructures

A quantitative study of Public Key Infrastructures

Public Key Infrastructures have not reached the widespread diffusion expected of them, although they are well understood from a security point of view, because, like many say, the killer application has not been found yet. The lack of a clear understanding of the performance of these systems also co...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Computers & security 2003, Vol.22 (1), p.56-67
Hauptverfasser: Bruschi, D, Curti, A, Rosti, E
Format: Artikel
Sprache:eng
Schlagworte:
Computer networks
Public Key Infrastructure
Queuing
Studies
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 67
container_issue 1
container_start_page 56
container_title Computers & security
container_volume 22
creator Bruschi, D
Curti, A
Rosti, E
description Public Key Infrastructures have not reached the widespread diffusion expected of them, although they are well understood from a security point of view, because, like many say, the killer application has not been found yet. The lack of a clear understanding of the performance of these systems also contributes significantly to their limited diffusion. Studies have appeared of specific aspects of the operations of PKIs, but no complete studies of the overall system are known. In this paper we present an evaluation study of X.509-compliant Public Key Infrastructures using queuing network models. We focus our analysis on the performance of the subsystem in charge of generating and managing digital certificates, under a variety of load conditions, both in terms of the type of requests and their number. We also investigate the impact on the performance of the system of some implementation choices such as revocation mechanisms and auditing activities. The main result of our analysis is that the system we consider, given the current state of technology, can guarantee acceptable response time in steady state even in the presence of PKI with a consistent number of users. However, in order to guarantee such a performance level, throughput must not exceed 3.5 requests per second, where a request can be a certificate generation or revocation request. Such a limitation hinders the deployment of PKIs with large numbers of users, since recovering after a system compromise may require an unacceptable amount of time.
doi_str_mv 10.1016/S0167-4048(03)00113-5
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_27930135</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S0167404803001135</els_id><sourcerecordid>303951961</sourcerecordid><originalsourceid>FETCH-LOGICAL-c365t-98ab1df3eeb012caebed612b5770ea7ddd09b2678558b875e71868ce3e33c54e3</originalsourceid><addsrcrecordid>eNqFkMtKAzEUhoMoWKuPIAwuRBejuTSTzEpK8VIsKKjrkEnOQMp0ps2l0Ld3phUXbtycs_n-n3M-hC4JviOYFPcf_RD5BE_kDWa3GBPCcn6ERkQKmhcUy2M0-kVO0VkIyx4ShZQjRKfZJuk2uqij20IWYrK7rKuz91Q1zmSvsMvmbe11iD6ZmDyEc3RS6ybAxc8eo6-nx8_ZS754e57PpovcsILHvJS6IrZmABUm1GiowBaEVlwIDFpYa3FZ0UJIzmUlBQdBZCENMGDM8AmwMbo-9K59t0kQolq5YKBpdAtdCoqKkmHCeA9e_QGXXfJtf5uiWLBSSjJA_AAZ34XgoVZr71ba7xTBatCo9hrV4EhhpvYa1ZB7OOSgf3XrwKtgHLQGrPNgorKd-6fhG-2yeMY</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>207398815</pqid></control><display><type>article</type><title>A quantitative study of Public Key Infrastructures</title><source>Elsevier ScienceDirect Journals Complete</source><creator>Bruschi, D ; Curti, A ; Rosti, E</creator><creatorcontrib>Bruschi, D ; Curti, A ; Rosti, E</creatorcontrib><description>Public Key Infrastructures have not reached the widespread diffusion expected of them, although they are well understood from a security point of view, because, like many say, the killer application has not been found yet. The lack of a clear understanding of the performance of these systems also contributes significantly to their limited diffusion. Studies have appeared of specific aspects of the operations of PKIs, but no complete studies of the overall system are known. In this paper we present an evaluation study of X.509-compliant Public Key Infrastructures using queuing network models. We focus our analysis on the performance of the subsystem in charge of generating and managing digital certificates, under a variety of load conditions, both in terms of the type of requests and their number. We also investigate the impact on the performance of the system of some implementation choices such as revocation mechanisms and auditing activities. The main result of our analysis is that the system we consider, given the current state of technology, can guarantee acceptable response time in steady state even in the presence of PKI with a consistent number of users. However, in order to guarantee such a performance level, throughput must not exceed 3.5 requests per second, where a request can be a certificate generation or revocation request. Such a limitation hinders the deployment of PKIs with large numbers of users, since recovering after a system compromise may require an unacceptable amount of time.</description><identifier>ISSN: 0167-4048</identifier><identifier>EISSN: 1872-6208</identifier><identifier>DOI: 10.1016/S0167-4048(03)00113-5</identifier><identifier>CODEN: CPSEDU</identifier><language>eng</language><publisher>Amsterdam: Elsevier Ltd</publisher><subject>Computer networks ; Public Key Infrastructure ; Queuing ; Studies</subject><ispartof>Computers &amp; security, 2003, Vol.22 (1), p.56-67</ispartof><rights>2003 Elsevier Science Ltd</rights><rights>Copyright Elsevier Sequoia S.A. 2003</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c365t-98ab1df3eeb012caebed612b5770ea7ddd09b2678558b875e71868ce3e33c54e3</citedby><cites>FETCH-LOGICAL-c365t-98ab1df3eeb012caebed612b5770ea7ddd09b2678558b875e71868ce3e33c54e3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://www.sciencedirect.com/science/article/pii/S0167404803001135$$EHTML$$P50$$Gelsevier$$H</linktohtml><link.rule.ids>314,776,780,3537,4010,27900,27901,27902,65306</link.rule.ids></links><search><creatorcontrib>Bruschi, D</creatorcontrib><creatorcontrib>Curti, A</creatorcontrib><creatorcontrib>Rosti, E</creatorcontrib><title>A quantitative study of Public Key Infrastructures</title><title>Computers &amp; security</title><description>Public Key Infrastructures have not reached the widespread diffusion expected of them, although they are well understood from a security point of view, because, like many say, the killer application has not been found yet. The lack of a clear understanding of the performance of these systems also contributes significantly to their limited diffusion. Studies have appeared of specific aspects of the operations of PKIs, but no complete studies of the overall system are known. In this paper we present an evaluation study of X.509-compliant Public Key Infrastructures using queuing network models. We focus our analysis on the performance of the subsystem in charge of generating and managing digital certificates, under a variety of load conditions, both in terms of the type of requests and their number. We also investigate the impact on the performance of the system of some implementation choices such as revocation mechanisms and auditing activities. The main result of our analysis is that the system we consider, given the current state of technology, can guarantee acceptable response time in steady state even in the presence of PKI with a consistent number of users. However, in order to guarantee such a performance level, throughput must not exceed 3.5 requests per second, where a request can be a certificate generation or revocation request. Such a limitation hinders the deployment of PKIs with large numbers of users, since recovering after a system compromise may require an unacceptable amount of time.</description><subject>Computer networks</subject><subject>Public Key Infrastructure</subject><subject>Queuing</subject><subject>Studies</subject><issn>0167-4048</issn><issn>1872-6208</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2003</creationdate><recordtype>article</recordtype><recordid>eNqFkMtKAzEUhoMoWKuPIAwuRBejuTSTzEpK8VIsKKjrkEnOQMp0ps2l0Ld3phUXbtycs_n-n3M-hC4JviOYFPcf_RD5BE_kDWa3GBPCcn6ERkQKmhcUy2M0-kVO0VkIyx4ShZQjRKfZJuk2uqij20IWYrK7rKuz91Q1zmSvsMvmbe11iD6ZmDyEc3RS6ybAxc8eo6-nx8_ZS754e57PpovcsILHvJS6IrZmABUm1GiowBaEVlwIDFpYa3FZ0UJIzmUlBQdBZCENMGDM8AmwMbo-9K59t0kQolq5YKBpdAtdCoqKkmHCeA9e_QGXXfJtf5uiWLBSSjJA_AAZ34XgoVZr71ba7xTBatCo9hrV4EhhpvYa1ZB7OOSgf3XrwKtgHLQGrPNgorKd-6fhG-2yeMY</recordid><startdate>2003</startdate><enddate>2003</enddate><creator>Bruschi, D</creator><creator>Curti, A</creator><creator>Rosti, E</creator><general>Elsevier Ltd</general><general>Elsevier Sequoia S.A</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>K7.</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>2003</creationdate><title>A quantitative study of Public Key Infrastructures</title><author>Bruschi, D ; Curti, A ; Rosti, E</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c365t-98ab1df3eeb012caebed612b5770ea7ddd09b2678558b875e71868ce3e33c54e3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2003</creationdate><topic>Computer networks</topic><topic>Public Key Infrastructure</topic><topic>Queuing</topic><topic>Studies</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Bruschi, D</creatorcontrib><creatorcontrib>Curti, A</creatorcontrib><creatorcontrib>Rosti, E</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>ProQuest Criminal Justice (Alumni)</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Computers &amp; security</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Bruschi, D</au><au>Curti, A</au><au>Rosti, E</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A quantitative study of Public Key Infrastructures</atitle><jtitle>Computers &amp; security</jtitle><date>2003</date><risdate>2003</risdate><volume>22</volume><issue>1</issue><spage>56</spage><epage>67</epage><pages>56-67</pages><issn>0167-4048</issn><eissn>1872-6208</eissn><coden>CPSEDU</coden><abstract>Public Key Infrastructures have not reached the widespread diffusion expected of them, although they are well understood from a security point of view, because, like many say, the killer application has not been found yet. The lack of a clear understanding of the performance of these systems also contributes significantly to their limited diffusion. Studies have appeared of specific aspects of the operations of PKIs, but no complete studies of the overall system are known. In this paper we present an evaluation study of X.509-compliant Public Key Infrastructures using queuing network models. We focus our analysis on the performance of the subsystem in charge of generating and managing digital certificates, under a variety of load conditions, both in terms of the type of requests and their number. We also investigate the impact on the performance of the system of some implementation choices such as revocation mechanisms and auditing activities. The main result of our analysis is that the system we consider, given the current state of technology, can guarantee acceptable response time in steady state even in the presence of PKI with a consistent number of users. However, in order to guarantee such a performance level, throughput must not exceed 3.5 requests per second, where a request can be a certificate generation or revocation request. Such a limitation hinders the deployment of PKIs with large numbers of users, since recovering after a system compromise may require an unacceptable amount of time.</abstract><cop>Amsterdam</cop><pub>Elsevier Ltd</pub><doi>10.1016/S0167-4048(03)00113-5</doi><tpages>12</tpages></addata></record>
fulltext fulltext
identifier ISSN: 0167-4048
ispartof Computers & security, 2003, Vol.22 (1), p.56-67
issn 0167-4048
1872-6208
language eng
recordid cdi_proquest_miscellaneous_27930135
source Elsevier ScienceDirect Journals Complete
subjects Computer networks
Public Key Infrastructure
Queuing
Studies
title A quantitative study of Public Key Infrastructures
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-12T10%3A35%3A07IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20quantitative%20study%20of%20Public%20Key%20Infrastructures&rft.jtitle=Computers%20&%20security&rft.au=Bruschi,%20D&rft.date=2003&rft.volume=22&rft.issue=1&rft.spage=56&rft.epage=67&rft.pages=56-67&rft.issn=0167-4048&rft.eissn=1872-6208&rft.coden=CPSEDU&rft_id=info:doi/10.1016/S0167-4048(03)00113-5&rft_dat=%3Cproquest_cross%3E303951961%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=207398815&rft_id=info:pmid/&rft_els_id=S0167404803001135&rfr_iscdi=true