A Performance Analysis Methodology of a Public Key Infrastructure

Document Type : Original Article

Authors

1 Dr., E-Gov Security Consultant.

2 IT Consultant Engineer.

3 Prof., Cairo University, Faculty of Computer and Information.

Abstract

Recent years have seen rapid growth in the number and scope of standards dealing with aspects of Public Key Infrastructures (PKIs). This has primarily been fuelled by the much increased interest in implementing PKIs, which is itself largely a result of the development of commercial and wider public use of the Internet, not least for ecommerce activities. With the growth in awareness of, and requirements for, PKIs, there has been a parallel increase in development effort devoted to standardizing all aspects of PKIs and PKI assessment measures helping the performance analysis of these PKIs. The potential benefits are clear, including the possibility of large scale interworking between PKIs, and lower costs through economies of scale and increased competition. This paper is devoted as a guide to present the assessment criteria of a PKI system providing the reader with different views of these assessment measures. The assessment measures applied to a PKI during this process have different perspectives. One of them is derived from The Information Security Committee (ISC) that published, in 2001, a draft of their PKI Assessment Guidelines (PAG) v0.30 for public comment which assumes that the set of policies, standards and procedures, as well as other PKI related documents, must be established before going onto the assessment procedures. The other perspective, relies on the ISO standard model published and have been used in the PKI assessment measures in many organization. The last perspective concentrates on the core of any PKI system, which is the security strength of this system and how to execute a security diagnosis to a PKI. In other words, can the organization trust it, through its continuous assessment procedures, as a secure system for its daily network communication transactions?. This paper organized so that it starts with a basic introductory part for the
PKI system from different views, and continuing with explaining the components of a PKI system. Then exploring the different assessment visions to measure the performance analysis a PKI system such as PAG assessment guidelines, and the ISO 27001 standards, ending with an opinion to add some suggested security strength measures to the well known and published assessment measures for the performance analysis.

Keywords