Advertisement

An Axiomatic Basis for Reasoning about Trust in PKIs

  • Chuchang Liu
  • Maris Ozols
  • Tony Cant
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2119)

Abstract

Trust is essential to a communication channel. The trust relationships, which play an important role in Public Key Infrastructures (PKIs), need to be formalized for providing a reliable modelling methodology to support secure digital communications. In this paper, we present a typed modal logic used for specifying and reasoning about trust in PKIs. In order to study trust relationships within PKIs, we define TA (a set of trust axioms), TB (a trust base) and TC (a set of trusted certificates). In our method, the trust relation in a given PKI is formalized by trust axioms. Based on trust axioms, an agent can have its own trust base that contains all agents whom the agent trusts, and can derive and extend its trusted certificates set. The trust theory for a given PKI, which consists of our modal logic and a set of trust axioms proposed for the PKI, is the basis of the certificate verification function.

Keywords

certificate CA (Certificate Authority) PKI (Public Key Infrastructure) trust trust theory certificate verification information security 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized trust management. In Proceedings of the 1993 IEEE Computer Society Symposium on research in Security and Privacy, pages 164–173, 1996.Google Scholar
  2. 2.
    M. Burrows, M. Abadi, and R. M. Needham. A logic of authentication. In Proceedings of the Royal Society of London 426, pages 233–271, 1989.zbMATHMathSciNetCrossRefGoogle Scholar
  3. 3.
    A. Herzberg, Y. Mass, and J. Mihaeli. Access control meets public key infrastructure, or: Assigning roles to strangers. In Proceedings of the 2000 IEEE Computer Society Symposium on research in Security and Privacy, pages 2–14, 2000.Google Scholar
  4. 4.
    R. Housley, W. Ford, W. Polk, and D. Solo. RCF 2459, Internet X.509 Public Key Infrastructure-Part I: Certificate and CRL Profile. Internet Request for Comments 2459, January 1999.Google Scholar
  5. 5.
    A. Jøsang and S.J. Knapskog. A metric for trusted systems. In Proceedings of the 21st National Security Conference, NSA 1998.Google Scholar
  6. 6.
    A. Jøsang, I. G. Pedersen, and D. Povey. PKI seeks a trusting relationship. In Proceedings of the 5th Australasian Conference on Information Security and Privacy (ACISP 2000), volume 1841 of Lecture Notes in Computer Science, pages 191–205. Springer, 2000.Google Scholar
  7. 7.
    S. Kent. Privacy Enhancement for Internet Electronic Mail, Part II: Certificate-Based Key Management, Request for Comments 1422. Network Working Group, 1993.Google Scholar
  8. 8.
    R. Kohlas and U. Maurer. Confidence valuation in a public-key infrastrucutre based on uncertain evidence. In Proceedings of the 3rd International Workshop on Practice and Theory in Public Key Cryptosystems (PKC 2000), volume 1751 of Lecture Notes in Computer Science, pages 93-113. Springer, 2000.Google Scholar
  9. 9.
    N. Li, B. Grosof, and J. Feigenbaum. A practically implementable and tractable delegation logic. In Proceedings of the 2000 IEEE Computer Society Symposium on research in Security and Privacy, pages 27–42, 2000.Google Scholar
  10. 10.
    C. Liu, M. A. Ozols, M. Henderson, and T. Cant. A state-based model for ceritificate management systems. In Proceedings of the 3rd International Workshop on Practice and Theory in Public Key Cryptosystems (PKC 2000), volume 1751 of Lecture Notes in Computer Science, pages 75–92. Springer, 2000.Google Scholar
  11. 11.
    Ueli Maurer. Modeling a public-key infrastructure. In E. Bertino, H. Knurth, G. Martella, and E. Montolivo, editors, Computer Security-ESORICS’96 (LNCS 1146). Springer-Verlag, 1996.Google Scholar
  12. 12.
    M. A. Ozols, M. Henderson, C. Liu, and T. Cant. The PKI specification dilemma: A formal solution. In Proceedings of the 5th Australasian Conference on Information Security and Privacy (ACISP 2000), volume 1841 of Lecture Notes in Computer Science, pages 206–219. Springer, 2000.Google Scholar
  13. 13.
    L. C. Paulson. ML for Working Programmer. Cambridge University Press, 1991.Google Scholar
  14. 14.
    R. Yahalom, B. Klein, and Th. Beth. Trust relationships in security systems-A distributed authentication prespective. In Proceedings of the 1993 IEEE Computer Society Symposium on research in Security and Privacy, pages 151–164, 1993.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Chuchang Liu
    • 1
  • Maris Ozols
    • 1
  • Tony Cant
    • 1
  1. 1.Information Technology DivisionDefence Science and Technology OrganisationSalisburyAustralia

Personalised recommendations