• No results found

Conclusion and Future Directions

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Conclusion and Future Directions"

Copied!
7
0
0

Loading.... (view fulltext now)

Download now ( 7 Page )

Full text

(1)

Chapter 9

Conclusion and Future Directions

The success of e-commerce and e-business applications depends upon the trusted

users. Masqueraders use their intelligence to challenge the security during

transac-tion over the Internet. Since millions of users are involved in business transactransac-tions

over the Internet and they need to interoperate, it is difficult to eradicate

im-personation. Thus it is necessary to take proper security measures that allow

authentication of business partners, consumers and suppliers, prior to the

inter-change of information, goods and services. Public Key Infrastructure provides the

required trust between users during transactions over the Internet. Trust models

are used to establish trust relationship between the users. Hierarchical PKI is one

of the most popular PKI trust models that the companies deploy as their security

infrastructure.

One of the important needs of current PKI is interoperability, which makes

possible secure interconnection and co-operation between different PKI structures.

In electronic commerce, different PKIs need to be interoperated. So there is a

need for efficient methods to merge PKIs so as to achieve interoperability between

them. In order to merge PKIs, one has to consider different cases such as whether

the merging of companies is permanent or temporary. Depending upon the case,

appropriate merging method is to be used.

(2)

e-business transactions. This can be done by verifying user certificates in PKI. For

quick and easy verification of certificates in PKIs, efficient certificate verification

algorithms are to be built since there is enough requirement for such methods.

For verification of certificates, a user builds a chain of certificates from its

trusted CA to the other user’s certificate known as certification path. The

pro-cessing of certificate paths may be a very complicated and time demanding

oper-ation, depending on the length of the certificate path and the possible inclusion of

relations using cross-certification. Certificate path construction in a Hierarchical

PKI is a straightforward process that simply requires the relying party to

succes-sively retrieve issuer certificates until a certificate is located that was issued by the

trusted root.

Peer-to-Peer(also called Mesh PKI) architecture is one of the most popular PKI

trust models that is widely used in automated business transactions, but certificate

path verification is very complex since there are multiple paths between users, and

the certification path is bidirectional.

9.1

Major Contributions

• A general method to unify Hierarchical PKIs has been developed that takes a different approach from cross-certification technique. The method is to unify

the multiple CAs without using cross-certification. By using this method,

the trust model with an efficient path processing is built in comparison with

the traditional merging methods with cross-certification. A certificate

veri-fier should construct and validate the certification path. If there are

cross-certifications, the path construction process is very complex.

• Cross-certification at the root is the most common solution to merge PKIs for their interoperability. But during acquisition of companies, cross-certification

(3)

acquired company becomes a part of the acquiring company. In order to

reduce the cost of maintaining Root CAs and to reduce the runtime for

cer-tificate path processing, a merging method of CAs without cross-certification

has been developed. The Root CA of the company to be acquired is not

necessary after merging and can be discarded. In the method, there is no

cross-certification and the Root CAs of the acquired PKIs are ignored. So

certificate path verification time and the employment cost of Root CAs is

reduced significantly as compared to the methods already existing. The

merging process is of low-cost. It can be easily constructed and is flexible. A

strict hierarchical model is constructed by performing this merging process,

so certification path processing is more efficient than other methods.

Certifi-cate path length is reduced which in turn reduces the verification time. All

the Root CAs except the New Root CA can be ignored and so maintenance

cost is reduced.

• The unification of PKIs for interoperability is possible only if their certificate policies are similar. In case of acquisition of companies, the acquired PKI

has to adapt to the certificate policy of the acquiring PKI. However, for

other cases, merging of PKIs is possible only if the compatibility score of the

certificate policies of the PKIs to be merged, satisfies the final acceptance

rule. So one of the contributions of the research work is a method developed

to compare and assess certificate policies during merger and acquisition of

companies. The method is applicable for merging PKIs with or without

cross-certification.

• In Hierarchical PKI, certificate path is unidirectional, so certificate path de-velopment and validation is simple and straight forward. To reduce time

required for certificate path verification, an efficient method for path

pro-cessing in Hierarchical PKIs has been developed. The method uses a local

(4)

it gives better performance than that of the normal Forward path verification

technique for certificate path verification.

• Path construction in a mesh environment is significantly more complicated than in a subordinated hierarchy, requiring the ability to iteratively obtain

and combine sets of cross-certificates issued by various CAs. In this research

work, an efficient method to convert a mesh or Peer-to-Peer PKI to its

equiva-lent DFS spanning tree to simplify the certificate path construction has been

developed. This reduces the complexity of certificate path verification in

Peer-to-Peer PKIs by avoiding multiple paths between the users. A novel

method to simplify the Certification Path Discovery in Peer-to-Peer PKI by

establishing a Virtual hierarchy has also been developed. The resultant

hi-erarchy may be a single rooted or a multi-rooted one. This eliminates the

complexity of path verification in Mesh PKI because the path verification in

Hierarchical PKI is simple and straightforward.

The research contributions are summarized in Table 9.1 and Table 9.2.

Table 9.1: Summary of research contributions Contribution Purpose

Merging Hierarchical

PKIs-Solution1

When the merging of companies is temporary

and the companies dynamically change their

collaborators.

Merging Hierarchical

PKIs-Solution2

During acquisition of companies, the merging

of companies is permanent and the acquired

company becomes a part of the acquiring

(5)

Table 9.2: Summary of research contributions continued. . . Contribution Purpose

A method to compare

and assess Certificate

Poli-cies(CPs) during merger and

acquisition of companies

In order to merge PKIs, the CPs of both the

PKIs should match. Merging is possible only

if the compatibility score of the CPs is satisfies

the final acceptance rule.

Certificate path verification

method in Hierarchical PKIs

The existing certificate verification methods in

Hierarchical PKI are not optimized. The

pro-posed method is an optimized one that reduces

certificate path verification time significantly.

It is observed that, if the cache hit is doubled,

the certificate path verification time is reduced

by 50%.

Certificate path verification

method in Mesh or

Peer-to-Peer PKIs-Solution1

This method removes the complexity of

certifi-cate path verification in Mesh PKIs due to

mul-tiple paths between any two users in Mesh PKI.

Certificate path verification

method in Mesh or

Peer-to-Peer PKIs-Solution2

This method constructs a virtual hierarchy

in a Mesh PKI, thus obtaining the best

fea-tures of certificate path verification of

Hierar-chical PKI. In HierarHierar-chical PKI, the certificate

path construction is simple and straightforward

(6)

9.2

Suggestions for future research

• Although our research work contributes toward the technical dimension of merging Hierarchical PKIs during merger and acquisition of companies for

interoperability purpose, several measures still need to be taken at the

le-gal/regulatory level. This needs to be done in order to provide a commercially

viable service, yielding international co-operation and information exchange

in e-commerce and e-business applications.

• The development of Certificate Policies and Certificate Practice Statements can be automated. This can be integrated with broader security policy and

mechanisms. Based on the PKI architecture, there can be provision for

on-line cross-certification services.

• Reverse Certificate Path Verification by constructing a binary tree using codeword algorithm increases certificate path length. So, more sophisticated

algorithms need to be developed for reducing the certificate path length.

• Algorithms can be developed that work in more realistic environments. For example, we can have a varying number of LDAP servers for each domain.

Also, the certificates can be issued or revoked dynamically. Further, more

trust anchors can be configured for each relying party.

• Besides certificate path discovery, certificate revocation checking is another critical process in PKI. Certificate status information is needed for validating

a certification path. Checking revocation information introduces additional

time and space requirements. At the same time, not checking revocation

information or relying on out-of-date information causes construction of

in-valid certification paths. In this case, relying parties have to repeat their

efforts to try to discover a valid path. A simulation that models these

situ-ations can help users evaluate the trade-offs between performance overhead

(7)

• Even though the certificate path development is more complex in a Mesh PKI, it is most widely used in applications such as MANET. There is enough

scope to apply the principles of wired PKI to wireless PKI. Research can be

carried out on certificate based user authentication in MANETs. The

com-municating parties have to provide credentials for authentication without

knowing each other from prior sessions. In this case authentication must be

based on certificates and a common trusted third party. A PKI is needed for

certificate management through their lifecycle. Efficient and more

sophisti-cated path verification(certificate based user authentication) algorithms are

required in MANETs because mobile devices have limited processor capacity

References

Download now ( PDF - 7 Page - 51.79 KB )

Related documents

Brief Intervention for Substance Abuse among Rural Elderly

To assess caregiver burden, prevalence and factors associated with depressive symptoms in primary caregivers of community resident older people with

Energy and economic analysis of a residential Solar Organic Rankine plant

Keywords:Power plants; Renewable energy sources; Distributed generation; Solar Thermal; Organic Rankine Cycle; Absorber; Desalination.. *

Non-CO2 greenhouse gas emissions in the EU-28 from 2005 to 2050: GAINS model methodology

Figure 10 presents a comparison of HFC emissions (in CO2-equivalents) from the foam sector reported by countries to UNFCCC for years 2005 and 2010 in comparison to

Monitoring of Exhaust Gas Parameters of Stationary Combustion Systems In View of Environmental Standards

Even though the combustion systems are incorporated with continuous monitoring facility or not, the third party inspection and recommendation reports are required to confirm

The Use of 360-Degree Feedback Compared. for the Professional Growth of Teachers. Abstract

This descriptive study utilized a non-experimental, quantitative and qualitative survey design to compare teachers’ experiences with the tradi- tional single-source feedback

The Saskatchewan Gazette

Name: Date: Mailing Address: Main Type of Business: 101152259 Saskatchewan Ltd.. E, Saskatoon

How To Vote On A Pension Fund

A motion was made by Trustee LUX to adopt the changes to the Fund’s Election Policy as recommended by Fund Counsel, the Election Monitor, the Election Coordinator and the Executive

Perancangan Interior Hotel Konvensi Grand Keisha Yogyakarta

Daerah yogyakarta ini terkenal dengan kebudayaannya dan tradisionalnya, dan sudah banyak hotel-hotel di daerah yogyakarta yang mengusung tema kebudayaan maupun