We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byRiley McKinnon
Modified over 2 years ago
© Rosti/DSI NPS - 02/22/01 1 A Performance Evaluation Study of an X.509 Compliant Public Key Infrastructure Emilia Rosti Joint work with Danilo Bruschi and Arianna Curti Dipartimento di Scienze dellInformazione Università degli Studi di Milano
© Rosti/DSI NPS - 02/22/01 2 Outline PKI: what it is X.509: what it means Certificate revocation protocols Modeling a PKI Results Future work
© Rosti/DSI NPS - 02/22/01 3 Public Key Infrastructure A system comprising policies, software and hardware components that realize a trusted third party that guarantees –authenticity, –ownership, –validity, of keys and information related to them. –implements organized trust relationships
© Rosti/DSI NPS - 02/22/01 4 PKI - Certificates End users generate public-private key pairs Certificate associated with public component of each key pair –information about owner, certifier entity, certificate validity, algorithm used for signature, digital signature of the certifier entity
© Rosti/DSI NPS - 02/22/01 5 PKI - Certificates Certificate authenticity –issued by PKI Certificate ownership –binding between certificate and organization (person) indicated on it Certificate validity –not revoked
© Rosti/DSI NPS - 02/22/01 6 PKI - Components Registration Authority –authenticates users, distributes keys and certificates, requests certificates Certification Authority –digitally signs, distributes, and revokes certificates, issues lists of revoked certificates trusted third party Directory –stores certificates for public access –X.500 directory with LDAP access protocol
© Rosti/DSI NPS - 02/22/01 7 PKI – End users People and/or software applications –request ceritificate from CA or via RA, access Directory to download lists of revoked certificates and certificates of other party –may have SW or HW devices for signature/encryption (smart card)
© Rosti/DSI NPS - 02/22/01 8 PKI - Functionalities Issueing certificates Distributing certificates Distributing certificate status information –certificate revocation lists (CRLs) Distributing policies adopted when issueing certificates
© Rosti/DSI NPS - 02/22/01 9 Public Key Infrastructure CA Certification Authority Registration Authority (optional) end user Directory certificates and CRL certificate and CRL retrieval certificate requests/ revocations certificate and CRL distribution certificate and CRL retrieval certificate issueing RA
© Rosti/DSI NPS - 02/22/01 10 X.509 Standard protocol for authentication services in X.500 Directory Service –part of X.500 Directory Recommendation –adopted by Visa, Mastercard, Netscape, Entrust, TimeStep
© Rosti/DSI NPS - 02/22/01 11 X.509v3 Current standard –extension of X.509 –more flexible structure from hierarchical structure with three levels Internet Policy Registration Authority (root) Policy Certification Authorities (level 2) Certification Authorities (level 3 to flat structure with cross certification among CAs –no need to traverse the tree up to IPRA
© Rosti/DSI NPS - 02/22/01 12 X.509v3 certificate (X.509) Information about –version and serial number –subject (key owner) –issuer (CA that issued certificate) –validity (not before, not after) –subject public key info (key and algorithm to be used with) –algorithm used for signing –signature of certificate
© Rosti/DSI NPS - 02/22/01 13 X.509v3 certificate v3 extensions –authority key ID (if CA has multiple signature keys) –subject key info (if subject has multiple keys) –key usage restrictions –certificate policies –CA and subject attributes –certification constraints –CRL distribution points
© Rosti/DSI NPS - 02/22/01 14 Certificate revocation Certificates may be revoked before their natural expiration date –private key compromised/lost –canceled account Certificate status information must be published for end user to be able to verify certificates they handle
© Rosti/DSI NPS - 02/22/01 15 Certificate revocation Certificate Revocation List –serial numbers of revoked certificates –time of revocation –CA signature –CRL issuance time –next CRL issuance time Size –51B + 9B*#revoked_certificates [MITRE 94] –entries deleted after certificate expiration
© Rosti/DSI NPS - 02/22/01 16 Certificate revocation protocols Periodic publication of CRL –possibly outdated information overissued CRL periodic publication of updates (delta-CRL) On demand status verification via OCSP (On-line Certificate Status Protocol) –timely status information Revocation policies performance analysis [Cooper1999, 2000]
© Rosti/DSI NPS - 02/22/01 17 Modeling a PKI Who CA, RA, Directory, end users –does what transaction identification service demands –and how different policies for revocation information management
© Rosti/DSI NPS - 02/22/01 18 Modeling a PKI CA transactions –certificate issuance self-signed, RA-generated, renewal –cross-certification –certificate revocation –CRL publication
© Rosti/DSI NPS - 02/22/01 19 Modeling a PKI RA transactions –certificate issuance request –certificate revocation request Directory transactions –search, modify, add, delete End users transactions –certificate issuance/revocation request –certificate status verification
© Rosti/DSI NPS - 02/22/01 20 Modeling a PKI - Transactions Self-signed certificate requests –user generates request and protects it with shared secret –CA authenticates sender and shared secret, generates certificate, inserts it in local DB, signs reply and sends it to user –user verifies CA signature, sends ack to CA –CA publishes certificate in Directory
© Rosti/DSI NPS - 02/22/01 21 Modeling a PKI - Transactions RA-generated certificate requests –RA verifies user request, signs it and sends it to CA –CA verifies RA signature, generates certificate, inserts it in local DB, signs and sends it to RA –RA verifies CA signature, sends certificate to user, ack to CA –CA publishes the certificate in Directory
© Rosti/DSI NPS - 02/22/01 22 Modeling a PKI - Transactions Self-signed revocation requests –user generates revocation request, signs it and sends it to CA –CA verifies users signature, adds serial number and revocation time to local DB, sends signed reply to user –user verifies CA signature
© Rosti/DSI NPS - 02/22/01 23 Modeling a PKI - Transactions RA-generated revocation requests –RA generates revocation request, signs it and sends it to CA –CA verifies RA signature, adds serial number and revocation time to local DB, sends signed reply to RA –RA verifies CA signature and informs user
© Rosti/DSI NPS - 02/22/01 24 Modeling a PKI - Transactions CRL generation –CA reads revocation list, last full CRL and delta-CRL from local DB –CA generates new delta-CRL and signs it –CA updates local DB –CA publishes delta-CRL in Directory
© Rosti/DSI NPS - 02/22/01 25 Modeling a PKI - Methodology Queueing network model –hierarchical analysis components in isolation complete model enhancements –analytic and simulation exponentially distributed service times and customers interarrival times –single and multiclass customer population different resource usage by various transactions –closed and open models
© Rosti/DSI NPS - 02/22/01 26 Modeling a PKI - Objectives Bottleneck analysis Impact of population mix on response time Maximum arrival rate for an acceptable response time What if analysis
© Rosti/DSI NPS - 02/22/01 27 Modeling a PKI - Assumptions 2048 RSA bit signature key for CA –dedicated cryptographic coprocessor MD5 hash Simple queries by CA to local certificate DB Certificates for signature keys only Delta-CRL Off-line full CRL generation Signed messages Network communication services ignored
© Rosti/DSI NPS - 02/22/01 28 Modeling a PKI - Assumptions Multiclass customer population –class 1: self-signed certificate request –class 2: self-signed revocation request –class 3: delta-CRL generation –class 4: RA-generated certificate request –class 5: RA-generated revocation request –class 6: cross-certification request
© Rosti/DSI NPS - 02/22/01 29 RARepCA PKI complete model
© Rosti/DSI NPS - 02/22/01 30 Basic models CA model in isolation RA model in isolation CPU DISK CrytoCoP
© Rosti/DSI NPS - 02/22/01 31 Basic models parameters Number of users/certificates: 50,000 Avg. number of revoked certificates: 20% Service demands estimation (ms) –time to sign 166 ms, to verify signature 4 ms cl1: self-sig. req. cl2: self-sig. rev. cl3: delta-CRL cl4: RA-gen req. cl5: RA-gen rev. cl6: cross-cert.
© Rosti/DSI NPS - 02/22/01 32 Basic model results Signature is the bottleneck operation CA and RA can be modeled as load independent servers –service rates are throughputs obtained –service times in complete model (ms) cl1: self-sig. req. cl2: self-sig. rev. cl3: delta-CRL cl4: RA-gen req. cl5: RA-gen rev. cl6: cross-cert.
© Rosti/DSI NPS - 02/22/01 33 Complete model Only 5 classes –class 6 accounts for less than 0.02% Directory –certificate publication: 6ms –CRL publication: 12ms RADirCA
© Rosti/DSI NPS - 02/22/01 34 Complete model assumptions Variable population mixes on classes 1, 2, 3, 4, 5 –class 3 arrival rate is fixed generation of delta-CRL every 10 minutes 3 = req/s –variable splits of total arrival rate among classes 1 = 1 ( - 3 ) 2 = 2 ( - 3 ) 4 = 4 ( - 3 ) 5 = 5 ( - 3 ) = 1
© Rosti/DSI NPS - 02/22/01 35 Model results Certificate requests rate larger than revocation requests rate –very unbalanced: total request fraction 82% 1 = 4 = 41% 2 = 5 = 9% –less unbalanced: total request fraction 66% 1 = 4 = 33% 2 = 5 = 17%
© Rosti/DSI NPS - 02/22/ % new certificate requests 3 < max < % new certificate requests 3 < max < 3.5 More certificate requests
© Rosti/DSI NPS - 02/22/01 37 Model results Only RA-generated certificate and revocation requests – 4 = 82% – 5 = 18% Only self-signed certificate and revocation requests – 1 = 82% – 2 = 18%
© Rosti/DSI NPS - 02/22/01 38 Unique request source RA-generated only requests 2.5 < max < 3 self-signed only requests 2.5 < max < 3.5
© Rosti/DSI NPS - 02/22/01 39 Model results Revocation requests rate larger than certificate requests rate –very unbalanced: tot. revocation fraction 82% 1 = 4 = 9% 2 = 5 = 41% –less unbalanced: tot. revocation fraction 66% 1 = 4 = 17% 2 = 5 = 33%
© Rosti/DSI NPS - 02/22/01 40 More revocation requests 82% revocation requests 4.5 < max < 5 66% revocation requests 4 < max < 4.5
© Rosti/DSI NPS - 02/22/01 41 Model results Balanced load – 1 = 2 = 4 = 5 = 25% –with - 3 such that response time is less than 5s, N 755,000 C rev = 151,000 S CRL = 1.3MB, average size of a full CRL –S CRL = *C rev B T CRL = s, time to generate a full CRL –T CRL = T disk + T hash + T sig irrelevant since performed every 4 hours
© Rosti/DSI NPS - 02/22/01 42 Balanced load 3.5 < max < 4
© Rosti/DSI NPS - 02/22/01 43 Model results Balanced load – 1 = 2 = 4 = 5 = 25% – max = 3.5 req/s, Resp-Time < 5s Limit frequency of full CRL publication without affecting performance –5 minutes Limit frequency of delta-CRL publication without affecting performance –1 minute
© Rosti/DSI NPS - 02/22/01 44 Impact of full CRL generation 6 = once every 4 hours variable 6
© Rosti/DSI NPS - 02/22/01 45 Model results Signed log files –each operation performed by CA logged –CA signs each file entry –service times per class (s) cl1: self-sig. req. cl2: self-sig. rev. cl3: delta-CRL cl4: RA-gen req. cl5: RA-gen rev.
© Rosti/DSI NPS - 02/22/01 46 Signed log file Unbalanced load – 1 = 4 = 41%, 2 = 5 = 9% max 0.4 req/s – 1 = 4 = 17%, 2 = 5 = 33% max 0.66 req/s Balanced load – 1 = 4 = 2 = 5 = 25% max 0.5 req/s
© Rosti/DSI NPS - 02/22/01 47 Plain vs signed log files sat 0.5 vs 3.7 req/s
© Rosti/DSI NPS - 02/22/01 48 Enhancements Directory requests according to [Cooper2000] –sliding window over-issued delta-CRL full CRL every 20 hours delta-CRL every ten minutes, valid for 4 hours –directory utilization increases – max not affected
© Rosti/DSI NPS - 02/22/01 49 Enhancements Revocations are signed and immediately published –users query the repository directly – no CRL –2.5 < max < 3 req/s with balanced and unbalanced load
© Rosti/DSI NPS - 02/22/01 50 Over-issued CRL vs no CRL Over-issued CRL w/ balanced load revocations signed individually balanced load
© Rosti/DSI NPS - 02/22/01 51 Enhancements Online Certificate Status Protocol –users query OCSP responder –only OCSP responder downloads CRL –OCSP signs replies to users – max_OCSP 5.67 query/s –3.5 < max < 4 req/s with balanced load
© Rosti/DSI NPS - 02/22/01 52 OCSP single OCSP 11 OCSP server
© Rosti/DSI NPS - 02/22/01 53 Future work Compare results with software-only systems –no cryptographic coprocessor used Include communication time –bottleneck might switch Add Timestamp Authority Estimate total number of users for a given performance level
© Rosti/DSI NPS - 02/22/01 54 Bibliography Cooper1999: D.A. Cooper, A model of certificate revocation, 15th Annual Computer Security Application Conference, pp , Cooper2000: D.A. Cooper, A more efficient use of delta-CRL, 2000 IEEE Symposium of Security and Privacy, pp , 2000.
Authentication Nick Feamster CS 6262 Spring 2009.
Introduction to Protocols: Entity Authentication, Key Establishment, Integrity/Message Authentication, Confidentiality INFSCI 1075: Network Security –
June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #10-1 Chapter 10: Key Management Session and Interchange Keys Key Exchange.
1 Advanced Database Application Development Performance Tuning Performance Benchmarks Standardization E-Commerce Legacy Systems.
1 A Tutorial on Web Security for E-Commerce. 2 Web Concepts for E-Commerce Client/Server Applications Communication Channels TCP/IP.
Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 0 Lezione 5a - 17 Novembre 2009 Il materiale didattico usato in questo corso è stato mutuato.
The Architecture of Transaction Processing Systems Chapter 26.
©Silberschatz, Korth and Sudarshan8.1Database System Concepts, 5 th Ed, slide version 5.0, August Chapter 8: Application Design and Development.
Database Controls 2012 National State Auditors Association Information Technology Conference September 2012.
Public Key Infrastructures Gene Itkis Based on “Understanding PKI” by Adams & Lloyd.
1 IETF Security Tutorial Radia Perlman Intel Labs July 2010
© SafeNet Confidential and Proprietary Administering SafeNet StorageSecure Smart Card Module 3: Lesson 5 SafeNet StorageSecure Storage Security Course.
1 Process Description and Control Chapter 2. 2 Process A program in execution An instance of a program running on a computer The entity that can be assigned.
RMS and Scheduling for Future Generation Grids Ramin Yahyapour University Dortmund Leader CoreGRID Institute on Resource Management and Scheduling CoreGRID.
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America CA DEPLOYMENT Considerations about the certification.
1 Chapter 12 File Management Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
Database System Concepts, 6 th Ed. ©Silberschatz, Korth and Sudarshan See for conditions on re-usewww.db-book.com Chapter 26: Advanced.
©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 10Slide 1 Chapter 10 Architectural Design.
SAML basics A technical introduction to the Security Assertion Markup Language Eve Maler XML Standards Architect XML Technology Center Sun Microsystems,
Database Application Lifecycle Lecture Lectures Objectives Put all the previous lectures into context (Conceptual and Logical Design, Normalisation.
Copyright 2011 John Wiley & Sons, Inc Business Data Communications and Networking 11th Edition Jerry Fitzgerald and Alan Dennis John Wiley & Sons, Inc.
1 Pretty Good Privacy (PGP) Security for Electronic .
6/2/ DEBIT CARD & CREDIT CARD PRESENTED BY:- Ravi Kumar Gupta.
DISTRIBUTED FILE SYSTEM 1 DISTRIBUTED FILE SYSTEMS From Chapter 8 of Distributed Systems Concepts and Design,4 th Edition, By G. Coulouris, J. Dollimore.
1 SYSTEM MODEL From Chapter 2 of Distributed Systems Concepts and Design,4 th Edition, By G. Coulouris, J. Dollimore and T. Kindberg Published by Addison.
GroupWise ® Messenger Installation, Configuration, and Operation Jason Williams Product Manager Kevin Crutchfield Team Lead
Mr. Deven Patel, AITS, Rajkot. 1 Process Description and Control Chapter 3.
Systems Analysis and Design 8 th Edition Chapter 7 Development Strategies.
© 2016 SlidePlayer.com Inc. All rights reserved.