An investigation of DUA caching strategies for public key certificates

Cheung, Terry Ching

doi:10.2172/10123103

Title: An investigation of DUA caching strategies for public key certificates

Thesis/Dissertation · Mon Nov 01 00:00:00 EST 1993

DOI:https://doi.org/10.2172/10123103· OSTI ID:10123103

Cheung, Terry Ching ^[1]

Univ. of California, Davis, CA (United States)

Internet Privacy Enhanced Mail (PEM) provides security services to users of Internet electronic mail. PEM is designed with the intention that it will eventually obtain public key certificates from the X.500 directory service. However, such a capability is not present in most PEM implementations today. While the prevalent PEM implementation uses a public key certificate-based strategy, certificates are mostly distributed via e-mail exchanges, which raises several security and performance issues. In this thesis research, we changed the reference PEM implementation to make use of the X.500 directory service instead of local databases for public key certificate management. The thesis discusses some problems with using the X.500 directory service, explores the relevant issues, and develops an approach to address them. The approach makes use of a memory cache to store public key certificates. We implemented a centralized cache server and addressed the denial-of-service security problem that is present in the server. In designing the cache, we investigated several cache management strategies. One result of our study is that the use of a cache significantly improves performance. Our research also indicates that security incurs extra performance cost. Different cache replacement algorithms do not seem to yield significant performance differences, while delaying dirty-writes to the backing store does improve performance over immediate writes.

View Thesis/Dissertation

Cite

Export

Save

Research Organization:: Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States)

Sponsoring Organization:: USDOE

DOE Contract Number:: W-7405-ENG-48

OSTI ID:: 10123103

Report Number(s):: UCRL-LR-115636; ON: DE94006642

Resource Relation:: Other Information: DN: Submitted to University of California, Davis, CA; TH: Thesis (M.S.); PBD: Nov 1993

Country of Publication:: United States

Language:: English

Similar Records

Management of PEM public key certificates using X.500 directory service: Some problems and solutions

Conference · Sun Aug 01 00:00:00 EDT 1993 · OSTI ID:10123103

Cheung, Terry C

Privacy and Security Research Group workshop on network and distributed system security: Proceedings

Conference · Sat May 01 00:00:00 EDT 1993 · OSTI ID:10123103

Support for the Core Research Activities and Studies of the Computer Science and Telecommunications Board (CSTB)

Technical Report · Tue May 13 00:00:00 EDT 2008 · OSTI ID:10123103

Related Subjects

96 KNOWLEDGE MANAGEMENT AND PRESERVATION
COMPUTER NETWORKS
SECURITY
COMMUNICATIONS
VALIDATION
MEMORY MANAGEMENT
ALGORITHMS
PEM
X.500
directory
public key certificate
CRL
validation
memory cache
cache replacement algorithm
990200
MATHEMATICS AND COMPUTERS

Title: An investigation of DUA caching strategies for public key certificates

Citation Formats

Similar Records

Related Subjects