COCA: A Secure Distributed On-line Certification Authority

Lidong Zhou, Fred B. Schneider, and Robbert van Renesse

Abstract

COCA is a fault-tolerant and secure on-line certication authority that has been built and deployed both in a local area network and in the Internet. Extremely weak assumptions characterize environments in which COCA's protocols execute correctly: no assumption is made about execution speed and message delivery delays; channels are expected to exhibit only intermittent reliability; and with 3t + 1 COCA servers up to t may be faulty or compromised. COCA is the first system to integrate a Byzantine quorum system (used to achieve availability) with proactive recovery (used to defend against mobile adversaries which attack, compromise, and control one replica for a limited period of time before moving on to another). In addition to tackling problems associated with combining fault-tolerance and security, new proactive recovery protocols had to be developed. Experimental results give a quantitative evaluation for the cost and effectiveness of the protocols.

Details

Publication typeArticle
Published inTransactions on Computer Systems (TOCS)
URLhttp://www.acm.org/
Pages329-368
Volume20
Number4
PublisherAssociation for Computing Machinery, Inc.
> Publications > COCA: A Secure Distributed On-line Certification Authority