COCA
- 1 November 2002
- journal article
- Published by Association for Computing Machinery (ACM) in ACM Transactions on Computer Systems
- Vol. 20 (4), 329-368
- https://doi.org/10.1145/571637.571638
Abstract
COCA is a fault-tolerant and secure online certification authority that has been built and deployed both in a local area network and in the Internet. Extremely weak assumptions characterize environments in which COCA's protocols execute correctly: no assumption is made about execution speed and message delivery delays; channels are expected to exhibit only intermittent reliability; and with 3 t + 1 COCA servers up to t may be faulty or compromised. COCA is the first system to integrate a Byzantine quorum system (used to achieve availability) with proactive recovery (used to defend against mobile adversaries which attack, compromise, and control one replica for a limited period of time before moving on to another). In addition to tackling problems associated with combining fault-tolerance and security, new proactive recovery protocols had to be developed. Experimental results give a quantitative evaluation for the cost and effectiveness of the protocols.Keywords
This publication has 29 references indexed in Scilit:
- Survivable information storage systemsComputer, 2000
- Byzantine quorum systemsDistributed Computing, 1998
- Can we eliminate certificate revocation lists?Published by Springer Science and Business Media LLC ,1998
- Distributed public key cryptosystemsPublished by Springer Science and Business Media LLC ,1998
- Distributing trust with the Rampart toolkitCommunications of the ACM, 1996
- A security architecture for fault-tolerant systemsACM Transactions on Computer Systems, 1994
- Threshold cryptographyEuropean Transactions on Telecommunications, 1994
- Group-oriented (t, n) threshold digital signature scheme and digital multisignatureIEE Proceedings - Computers and Digital Techniques, 1994
- Authentication in distributed systemsACM Transactions on Computer Systems, 1992
- A specification and verification method for preventing denial of serviceIEEE Transactions on Software Engineering, 1990