| The Department of National Defence (DND) plans to deploy an Entrust ® based Public Key Infrastructure (PKI) by the middle of the year 2000. The infrastructure will be deployed on the Defence Wide Area Network (DWAN), a common data communications backbone network interconnecting the heterogeneous Local Area Networks (LANs) and Metropolitan Area Networks (MANs) within the DND.; A PKI uses several cryptographic mechanisms to achieve the following security services: secrecy, authentication, integrity and non-repudiation. These mechanisms include public and secret key cryptography, digital signatures, hash functions, time-stamps, and network security solutions. To effectively examine the impact of the PKI deployment on the DWAN, an operational model of this network was specified. This model was developed using the ComNet network simulation package, and represents a realistic baseline system upon which various PKI configurations are specified.; There are several possible topologies for a PKI, and three have been chosen for detailed analysis. To realize optimal network performance of PKI applications, two variations of these schemes are also presented, combining features that provide the best results during simulations. Each deployment scheme is specified in a different model and PKI message traffic is introduced at increasing levels, representing an increase in the number of applications that use the PKI mechanisms. (Abstract shortened by UMI.)... |
