【摘要】：公鑰基礎(chǔ)設(shè)施(PKI)系統(tǒng)中,認(rèn)證機(jī)構(gòu)(CA)簽名不易偽造,對(duì)基于證書撤銷列表(CRL)的證書撤銷系統(tǒng)的入侵通常是破壞系統(tǒng)的可用性和數(shù)據(jù)的完整性,針對(duì)這一特點(diǎn),設(shè)計(jì)了入侵容忍CRL服務(wù)系統(tǒng)。系統(tǒng)利用冗余的多臺(tái)服務(wù)器存儲(chǔ)CRL,在進(jìn)行多機(jī)之間的數(shù)據(jù)復(fù)制和使用時(shí),采取隨機(jī)選擇主服務(wù)器的被動(dòng)復(fù)制算法及選擇最近更新的CRL簡單表決算法。在實(shí)驗(yàn)給定的入侵攻擊條件下,入侵容忍的CRL系統(tǒng)比無容忍系統(tǒng)的證書撤銷查詢正確率提高了近20%,但也增加了系統(tǒng)的開銷。實(shí)驗(yàn)結(jié)果表明,適當(dāng)?shù)卦黾覥RL服務(wù)器的數(shù)量能夠提高證書撤銷查詢的正確率且控制系統(tǒng)的開銷。
[Abstract]:In public key infrastructure (PKI) system, (CA) signature is not easy to forge. The intrusion of certificate revocation system based on certificate revocation list (CRL) is usually to destroy the usability of the system and the integrity of data. An intrusion tolerant CRL service system is designed. The system uses redundant multiple servers to store CRLs. In the process of data replication and usage between multiple computers, the passive replication algorithm of random selection of primary servers and the recently updated CRL simple voting algorithm are adopted. Under the given intrusion attack conditions, the correct rate of certificate revocation query in the intrusion tolerant CRL system is increased by nearly 20%, but the system overhead is also increased. The experimental results show that properly increasing the number of CRL servers can improve the correct rate of certificate revocation query and control the overhead of the system.
【作者單位】： 沈陽航空航天大學(xué)計(jì)算機(jī)學(xué)院;
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前1條

1 劉海蛟;荊繼武;林t燂，

本文編號(hào)：2152291