Abstract
We present ConChord, a large-scale certificate distribution system built on a peer-to-peer distributed hash table. ConChord provides load-balanced storage while eliminating many of the administrative difficulties of traditional, hierarchical server architectures. ConChord is specifically designed to support SDSI, a fully-decentralized public key infrastructure that allows principals to define local names and link their namespaces to delegate trust. We discuss the particular challenges ConChord must address to support SDSI efficiently, and we present novel algorithms and distributed data structures to address them. Experiments show that our techniques are effiective and practical for large SDSI name hierarchies.
Authors in alphabetical order.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
S. Ajmani. A Trusted Execution Platform for multiparty computation. Master’s thesis, MIT, 2000. App A: Certificate Chain Algorithms.
M. Blaze, J. Feigenbaum, and A. D. Keromytis. Keynote: Trust management for public-key infrastructures (position paper). In Security Protocols Workshop, pages 59–63, 1998.
M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized trust management. Technical Report 96-17, 28, 1996.
D. Clarke, J. Elien, C. Ellison, M. Fredette, A. Morcos, and R. L. Rivest. Certificate chain discovery in SPKI/SDSI. Journal of Computer Security, 2001.
R. Cox and A. Muthitacharoen. Serving DNS using Chord. In Proc. IPTPS, 2002.
F. Dabek, M. F. Kaashoek, D. Karger, R. Morris, and I. Stoica. Wide-area cooperative storage with CFS. In Proc. ACM SOSP, Oct. 2001.
P. Druschel and A. Rowstron. PAST a large-scale, persistent peer-to-peer storage utility. In HotOS VIII, May 2001.
C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen. SPKI certificate theory. RFC 2693, Sept. 1999.
C. M. Ellison and D. E. Clarke. High speed TUPLE reduction. Memo, Intel, 1999.
C. A. Gunter and T. Jim. Policy-directed certificate retreival. Technical Report MS-CIS-99-07, U. Penn., Sept. 1998.
J. Y. Halpern and R. van der Meyden. A logic for SDSI’s linked local name spaces. Journal of Computer Security, 9(1,2):47–74, 2000.
T. Jim. SD3: A trust management system with certified evaluation. In Proc. 2001 IEEE Symposium on Security and Privacy, May 2001.
J. Jung, E. Sit, H. Balakrishnan, and R. Morris. DNS performance and the effiectiveness of caching. In Proc. ACM SIGCOMM Internet Measurement Workshop, 2001.
N. Li, W. H. Winsborough, and J. C. Mitchell. Distributed credential chain discovery in trust management. In Proc. 8th ACM CCS, Nov. 2001.
P. Nikander and L. Viljanen. Storing and retrieving internet certificates. In Proc. 3rd Nordic Workshop on Secure IT Systems, 1998.
S. Ratnasamy, P. Francis, M. Handley, R. Karp, and S. Shenker. A scalable content-addressable network. In Proc. ACM SIGCOMM, 2001.
R. L. Rivest and B. Lampson. SDSI-A simple distributed security infrastructure. Apr. 1996.
A. Rowstron and P. Druschel. Pastry: Scalable, distributed object location and routing for large-scale peer-to-peer systems. In Proc. IFIP/ACM Middleware, 2001.
I. Stoica, R. Morris, D. Karger, M. Kaashoek, and H. Balakrishnan. Chord: A scalable peer-to-peer lookup service for Internet applications. In Proc. ACM SIGCOMM, Aug. 2001.
B. Y. Zhao, J. Kubiatowicz, and A. Joseph. Tapestry: An infrastructure for faulttolerant wide-area location and routing. Technical Report UCB/CSD-01-1141, UC Berkeley, Apr. 2001.
P. R. Zimmermann. The Official PGP User’s Guide. MIT Press, 1995.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ajmani, S., Clarke, D.E., Moh, CH., Richman, S. (2002). ConChord: Cooperative SDSI Certificate Storage and Name Resolution. In: Druschel, P., Kaashoek, F., Rowstron, A. (eds) Peer-to-Peer Systems. IPTPS 2002. Lecture Notes in Computer Science, vol 2429. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45748-8_14
Download citation
DOI: https://doi.org/10.1007/3-540-45748-8_14
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44179-3
Online ISBN: 978-3-540-45748-0
eBook Packages: Springer Book Archive