Abstract by anuja a sonalker on Asymmetric Key Distribution
Fig.3.1: The Client Server Basic Model
Download 217.42 Kb. Pdf ko'rish
|
etd
- Bu sahifa navigatsiya:
- 3.2 Trusted Dealer Overview
- Trusted Dealer
- Server Authority
- Share Servers
- Special Server
Fig.3.1: The Client Server Basic Model
Consider a Certificate Authority (CA) whose private-key is distributed among a few servers to protect it. Fig 3.1 shows the typical distributed CA scenario where the servers 19 co-exist. One of the servers is a Special Server while the rest are similar and have peer functionalities. The Special Server and the share servers share a semi-trust relationship and need to co-exist in order to sign certificate requests together as a group. The share servers can communicate with each other as well as the Special Server. They may choose to communicate with the Special Server either through individual channels or through share server who may act as a Server Authority. 3.2 Trusted Dealer Overview: Share Special Server 1 Server Share Share Server 2 Server 5 Share Share Server 3 Server 4 Fig 3.2: Distribution of generated key shares by the Trusted Dealer. 3.3 Description of Players: Fig 3.2 shows all the players involved in the system. Each player has a unique role to play and has limited functions. In a normal scenario, no player may imitate the functions of another. Their unique functionalities are as described below. # Trusted Dealer: The Trusted Dealer (TD) is an honest third party whose function is to generate the secret components( modulus N, public exponent e, private exponent d ) and divide the private-key into chunks and distribute it among the participants selectively. Once the Trusted Dealer chops up the private-key, it is never assembled in a single location again. This dealer may not be compromised. Trusted Dealer Private-key shares 20 Fig 3.2 shows the Trusted Dealer distributing private-key shares along with the rest of the secret components to all the entities in the system. # Server Authority: This is the intermediary authority above the share servers. His duty is to collect the individual shares of all the share servers, ensure that they are in the correct proportion as that required by the coalition and that none of them are compromised. The SA is capable of verification using zero knowledge test[12]. It also performs Client Server Authentication using any known certificate authentication technique. The requirement for an SA may be bypassed if one of the share servers is capable of the above-mentioned operations. In this scenario, we designate Share Server 1 as the SA authority to eliminate additional players. # Share Servers: The share servers are a set of identical servers that maintain private key shares & the public key with themselves and are capable of executing complex arithmetic to come up with signature shares for certificate signing. Their function is to collaborate with the other share servers and the Special Server to collectively create valid signed certificates. Each one is capable of communicating with the SA though they may or may not be able to communicate with each other. They are not assumed to be secure or totally trusted and may be compromised by a strong enemy. # Special Server: We define the Special Server as that share server which has the right of compulsory participation in any successful distributed key application. All its processing capabilities are identical to the share servers present in the setup. The share generated by the Special Server is a requisite for the successful generation of a valid signature. While the share servers may not be able to sign the certificate correctly without the Special Server’s participation, the Special Server also needs a minimum participation from the share servers in order for the transaction to be valid. 21 Private Key Generated by trusted party Special Server Share Shared server Share k Share servers t-out-of k signature shares ƒ Signed Message. Download 217.42 Kb. Do'stlaringiz bilan baham: |
Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©fayllar.org 2024
ma'muriyatiga murojaat qiling
ma'muriyatiga murojaat qiling