Modelling Trust Structures for Public Key Infrastructures

  • Marie Henderson
  • Robert Coulter
  • Ed Dawson
  • Eiji Okamoto
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2384)


The development of Public Key Infrastructures (PKIs) is highly desirable to support secure digital transactions and communications throughout existing networks. It is important to adopt a particular trust structure or PKI model at an early stage as this forms a basis for the PKI’s development. Many PKI models have been proposed but use only natural language descriptions. We apply a simple formal approach to describe the essential factors of a PKI model. Rule sets for some PKI models are given and can be used to distinguish and classify the different PKI models. Advantages for this approach with conglomerate PKIs, those that are built from multiple distinct PKI models, are discussed.


Mesh Model Internet Engineer Task Force Hierarchy Model Security Domain Natural Language Description 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    R. Anderson, B. Crispo, J. Lee, C. Manifavas, V. Matyas, F. Petitcolas, The Global Internet Trust Register, MIT Press, 1999.Google Scholar
  2. 2.
    D. W. Chadwick, A. J. Young, and N. K. Cicovic, Merging and extending the PGP and PEM trust models: the ICE-TEL trust model, IEEE Network, 11(3), 16–24, 1997.CrossRefGoogle Scholar
  3. 3.
    Defense Information Systems Agency, State Analysis of Certification Path Processing Procedures, June 2000.
  4. 4.
    C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen, SPKI Certificate Theory, Request for Comment 2693, September 1999.
  5. 5.
    Federal Public Key Infrastructure Steering Committee
  6. 6.
    M. Henderson, M. Burmester, E. Dawson, and E. Okamoto, Weaknesses in Public Key Infrastructures, Proceedings of the First Workshop on Information Security Applications (WISA 2000), November 2000, 53–66.Google Scholar
  7. 7.
    R. Housley, W. Ford, T. Polk, and D. Solo, Internet X.509 Public Key Infrastructure Certificate and CRL Profile Request for Comment 2459, 1999.
  8. 8.
    R. Housley and T. Polk, Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructure, John Wiley and Sons, 2001.Google Scholar
  9. 9.
    ITU-T Recommendation X.509, Information Technology-Open Systems Interconnection-The Directory: Authentication Framework, June 1997 (equivalent to ISO/IEC 9594-8, 1997).
  10. 10.
    S. Kent, Privacy Enhancement for Internet Electronic Mail, Part II: Certificate-Based Key Management, Request for Comment 1422, February 1993.
  11. 11.
    C. Liu, M. Ozols, M. Henderson, and T. Cant, A State-Based Model for Certificate Management Systems, Public Key Cryptography: Third International Workshop on Practice and Theory in Public Key Cryptography (PKC 2000), Lecture Notes in Computer Science, 1751, 2000, 75–92.Google Scholar
  12. 12.
    M. Ozols, M. Henderson, C. Liu, and T. Cant, The PKI Specification Dilemma: A Formal Solution, Proceedings of the 5th Australasian Conference on Information Security and Privacy (ACISP 2000), Lecture Notes in Computer Science, 1841, 2000, 206–219.Google Scholar
  13. 13.
    R. Perlman, An Overview of PKI Trust Models, IEEE Network, 13(6), 38–43, 1999.CrossRefGoogle Scholar
  14. 14.
    P. R. Zimmermann, The Official PGP User’s Guide, MIT Press, Cambridge, Massachussets, 1995.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Marie Henderson
    • 1
  • Robert Coulter
    • 2
  • Ed Dawson
    • 1
  • Eiji Okamoto
    • 3
  1. 1.Information Security Research CentreQueensland University of TechnologyAustralia
  2. 2.School of Computing and MathematicsDeakin UniversityAustralia
  3. 3.Institute of Information Sciences and ElectronicsUniversity of TsukubaJapan

Personalised recommendations