| We are using Internet for an increasing spectrum of applications. Doing so requires that we confront the issues of user authentication, confidentiality and integrity of data transferred, and the ability to hold transacting parties accountable when necessary.While there are many technologies which meet some of these requirements, only one provides the tools for meeting all of them: public key technology, implemented in the form of a Public Key Infrastructure (PKI).Many governments and many organizations are participated in building PKI. Many institutes are engaged to do research on PKI technologies. Utilizing PKI technology remains a serious challenge. The concepts of PKI are difficult to grasp. Several significant issues must be addressed before the technology can be widely and effectively deployed, including interoperability, operational experience, affordability, trained personnel, well-defined and enforced policies and procedures. Security of PKI system is also very important for building an accepted PKI. When PKI provides services, PKI system will be the target of Internet hackers. Any computers supporting PKI may have vulnerabilities. Operators or administrators may misuse they rights.Despite our best efforts, any sufficiently complex computer system has vulnerabilities. It is safe to assume that such vulnerabilities can be exploited by attackers who will be able to penetrate the system. Intrusion tolerance attempts to maintain confidentiality and acceptable service despite such intrusions. There are many research projects on intrusion tolerance technologies now. Lots of researchers are working for them.Response to the challenges of full PKI implementation, we developed a PKI entity model. For the security of PKI, we introduce a component model of secure PKI system. For easy implementation we designed an object relationship model for PKI entity. These models make PKI implementation easier and PKI system more secure.After discuss the intrusion tolerance CA schemes now available, we put forward an intrusion tolerance CA scheme. Our scheme uses a structure of two level secret shares to provide security and manageability. An implementation of such CA is discussed in this paper.The PKI architectures and their properties are also discussed. |
PDF Full Text Request