Abstract
We describe several schemes for efficiently populating an authenticated dictionary with fresh credentials. The thrust of this effort is directed at allowing for many data authors, called sources, to collectively publish information to a common repository, which is then distributed throughout a network to allow for authenticated queries on this information. Authors are assured of their contributions being added to the repository based on cryptographic receipts that the repository returns after performing the updates sent by an author. While our motivation here is the dissemination of credential status data from multiple credential issuers, applications of this technology also include time stamping of documents, document version integrity control, and multiple-CA certificate revocation management, to name just a few.
Work supported in part by DARPA through AFRL agreement F30602-00-2-0509 and SPAWAR contract N66001-01-C-8005 and by NSF under grants CCR-0098068 and CDA-9703080.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
A. Anagnostopoulos, M. T. Goodrich, and R. Tamassia. Persistent authenticated dictionaries and their applications. In Proc. Information Security Conference (ISC 2001), volume 2200 of LNCS, pages 379–393. Springer-Verlag, 2001.
M. Blaze, J. Feigenbaum, J. Ioannidis, and A. D. Keromytis. The KeyNote trust-management system, version 2. IETF RFC 2704, Sept. 1999.
M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized trust management. In Proceedings of the 1996 IEEE Symposium on Security and Privacy, pages 164–173. IEEE Computer Society Press, May 1996.
A. Buldas, P. Laud, and H. Lipmaa. Accountable certificate management using undeniable attestations. In ACM Conference on Computer and Communications Security, pages 9–18. ACM Press, 2000.
P. Devanbu, M. Gertz, A. Kwong, C. Martel, G. Nuckolls, and S. Stubblebine. Flexible authentication of XML documents. In Proc. ACM Conference on Computer and Communications Security, 2001.
P. Devanbu, M. Gertz, C. Martel, and S. Stubblebine. Authentic third-party data publication. In Fourteenth IFIP 11.3 Conference on Database Security, 2000.
C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen. SPKI certificate theory. IETF RFC 2693, Sept. 1999.
E. Freudenthal, T. Pesin, L. Port, E. Keenan, and V. Karamcheti. dRBAC: Distributed role-based access control for dynamic coalition environments. In Proceedings of the 22nd International Conference on Distributed Computing Systems (ICDCS’02). IEEE Computer Society, July 2002.
M. T. Goodrichand R. Tamassia. Algorithm Design: Foundations, Analysis and Internet Examples. John Wiley & Sons, New York, NY, 2002.
M. T. Goodrich, R. Tamassia, and J. Hasic. An efficient dynamic and distributed cryptographic accumulator. In Proc. Int. Security Conference (ISC 2002), volume 2433 of LNCS, pages 372–388. Springer-Verlag, 2002.
M. T. Goodrich, R. Tamassia, and A. Schwerin. Implementation of an authenticated dictionary with skip lists and commutative hashing. In Proc. 2001 DARPA Information Survivability Conference and Exposition, volume 2, pages 68–82, 2001.
M. T. Goodrich, R. Tamassia, N. Triandopoulos, and R. Cohen. Authenticated data structures for graph and geometric searching. In Proc. RSA Conference, Cryptographers Track (RSA-CT), volume 2612 of LNCS, pages 295–313. Springer-Verlag, 2003.
P. Kocher. A quick introduction to certificate revocation trees (CRTs), 1998. http://www.valicert.com/resources/whitepaper/bodyIntroRevocation.html.
N. Li and J. Feigenbaum. Nonmonotonicity, user interfaces, and risk assessment in certificate revocation. In Proceedings of the 5th Internation Conference on Financial Cryptography (FC’01), volume 2339 of Lecture Notes in Computer Science, pages 166–177. Springer-Verlag, 2001.
N. Li, J. C. Mitchell, and W. H. Winsborough. Design of a role-based trust management framework. In Proceedings of the 2002 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, May 2002.
N. Li, W. H. Winsborough, and J. C. Mitchell. Distributed credential chain discovery in trust management. Journal of Computer Security, 11(1):35–86, Feb. 2003.
R. C. Merkle. A certified digital signature. In G. Brassard, editor, Proc. CRYPTO’ 89, volume 435 of LNCS, pages 218–238. Springer-Verlag, 1990.
M. Naor and K. Nissim. Certificate revocation and certificate update. In Proc. 7th USENIX Security Symposium, pages 217–228, Berkeley, 1998.
L. Zhou, F. B. Schneider, and R. van Renesse. COCA: A secure distributed online certification authority. ACM Transactions on Computer Systems (TOCS), 20(4):329–368, Nov. 2002.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Goodrich, M.T., Shin, M., Tamassia, R., Winsborough, W.H. (2003). Authenticated Dictionaries for Fresh Attribute Credentials. In: Nixon, P., Terzis, S. (eds) Trust Management. iTrust 2003. Lecture Notes in Computer Science, vol 2692. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44875-6_24
Download citation
DOI: https://doi.org/10.1007/3-540-44875-6_24
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40224-4
Online ISBN: 978-3-540-44875-4
eBook Packages: Springer Book Archive