Modelling Trust Structures for Public Key Infrastructures
The development of Public Key Infrastructures (PKIs) is highly desirable to support secure digital transactions and communications throughout existing networks. It is important to adopt a particular trust structure or PKI model at an early stage as this forms a basis for the PKI’s development. Many PKI models have been proposed but use only natural language descriptions. We apply a simple formal approach to describe the essential factors of a PKI model. Rule sets for some PKI models are given and can be used to distinguish and classify the different PKI models. Advantages for this approach with conglomerate PKIs, those that are built from multiple distinct PKI models, are discussed.
KeywordsMesh Model Internet Engineer Task Force Hierarchy Model Security Domain Natural Language Description
Unable to display preview. Download preview PDF.
- 1.R. Anderson, B. Crispo, J. Lee, C. Manifavas, V. Matyas, F. Petitcolas, The Global Internet Trust Register, MIT Press, 1999.Google Scholar
- 3.Defense Information Systems Agency, State Analysis of Certification Path Processing Procedures, June 2000. http://www-pki.itsi.disa.mil/certpathproc.htm
- 4.C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen, SPKI Certificate Theory, Request for Comment 2693, September 1999. ftp://ftp.isi.edu/in-notes/rfc2693.txt
- 5.Federal Public Key Infrastructure Steering Committee http://www.cio.gov/fpkisc/
- 6.M. Henderson, M. Burmester, E. Dawson, and E. Okamoto, Weaknesses in Public Key Infrastructures, Proceedings of the First Workshop on Information Security Applications (WISA 2000), November 2000, 53–66.Google Scholar
- 7.R. Housley, W. Ford, T. Polk, and D. Solo, Internet X.509 Public Key Infrastructure Certificate and CRL Profile Request for Comment 2459, 1999. http://www.ietf.org/html.charters/pkix-charter.html.
- 8.R. Housley and T. Polk, Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructure, John Wiley and Sons, 2001.Google Scholar
- 9.ITU-T Recommendation X.509, Information Technology-Open Systems Interconnection-The Directory: Authentication Framework, June 1997 (equivalent to ISO/IEC 9594-8, 1997). http://www.imc.org/ietf-pkix/mail-archive/msg04337.html)
- 10.S. Kent, Privacy Enhancement for Internet Electronic Mail, Part II: Certificate-Based Key Management, Request for Comment 1422, February 1993. http://www.ietf.org/rfc/rfc1422.txt?number=1422
- 11.C. Liu, M. Ozols, M. Henderson, and T. Cant, A State-Based Model for Certificate Management Systems, Public Key Cryptography: Third International Workshop on Practice and Theory in Public Key Cryptography (PKC 2000), Lecture Notes in Computer Science, 1751, 2000, 75–92.Google Scholar
- 12.M. Ozols, M. Henderson, C. Liu, and T. Cant, The PKI Specification Dilemma: A Formal Solution, Proceedings of the 5th Australasian Conference on Information Security and Privacy (ACISP 2000), Lecture Notes in Computer Science, 1841, 2000, 206–219.Google Scholar
- 14.P. R. Zimmermann, The Official PGP User’s Guide, MIT Press, Cambridge, Massachussets, 1995.Google Scholar