| Public Key Infrastructure (PKI) can safeguard the security of network and settle information security problems in network communication. Current PKI can be classified in two main groups: centralized and decentralized. As a new solution, decentralized PKI can well solve the defections of centralized PKI such as weaker expansibility and single fault point, but it also remains some problems to be solved on distribution of the certificate and security of the system.A system of decentralized PKI based on Peer-to-Peer (P2P) can solve the problems of decentralized PKI. It adopts P-Grid to organize and manage entities of the whole system, completes certificates'discovery and transmission; uses multiple digital signatures to issue certificate, guarantee the security of the entity entering the system and strengthen the trust by several trust chains coming from the certificate; introduces trust metrics to evaluate the trust relationship between entities, builds trust models and defines formulas to calculate trust value and verify trust relationship of the entity which would improve accuracy of the system on processing of trust relationship.The decentralized PKI based on P2P supports four kinds of certificate operations: requisition, search, revocation and validation. The system defines a new certificate format and process to complete the requisition of valid certificate; changes search algorithm of P-Grid to seek certificate efficiently; simplifies the process of revocation by adopting a new revocation information format of certificate; validates certificate securely using information of digital signatures and trust value comprised in the certificate and the defined trust formulas.Analysis indicates that search algorithm can improve the performance of the system, trust models ensure system's security, and distributed architecture makes the system have strong expansibility. Moreover, comparing with centralized PKI, the system has some advantages in flexibility and fault tolerance. |
PDF Full Text Request