Abstract
Trust is essential to a communication channel. The trust relationships, which play an important role in Public Key Infrastructures (PKIs), need to be formalized for providing a reliable modelling methodology to support secure digital communications. In this paper, we present a typed modal logic used for specifying and reasoning about trust in PKIs. In order to study trust relationships within PKIs, we define TA (a set of trust axioms), TB (a trust base) and TC (a set of trusted certificates). In our method, the trust relation in a given PKI is formalized by trust axioms. Based on trust axioms, an agent can have its own trust base that contains all agents whom the agent trusts, and can derive and extend its trusted certificates set. The trust theory for a given PKI, which consists of our modal logic and a set of trust axioms proposed for the PKI, is the basis of the certificate verification function.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized trust management. In Proceedings of the 1993 IEEE Computer Society Symposium on research in Security and Privacy, pages 164–173, 1996.
M. Burrows, M. Abadi, and R. M. Needham. A logic of authentication. In Proceedings of the Royal Society of London 426, pages 233–271, 1989.
A. Herzberg, Y. Mass, and J. Mihaeli. Access control meets public key infrastructure, or: Assigning roles to strangers. In Proceedings of the 2000 IEEE Computer Society Symposium on research in Security and Privacy, pages 2–14, 2000.
R. Housley, W. Ford, W. Polk, and D. Solo. RCF 2459, Internet X.509 Public Key Infrastructure-Part I: Certificate and CRL Profile. Internet Request for Comments 2459, January 1999.
A. Jøsang and S.J. Knapskog. A metric for trusted systems. In Proceedings of the 21st National Security Conference, NSA 1998.
A. Jøsang, I. G. Pedersen, and D. Povey. PKI seeks a trusting relationship. In Proceedings of the 5th Australasian Conference on Information Security and Privacy (ACISP 2000), volume 1841 of Lecture Notes in Computer Science, pages 191–205. Springer, 2000.
S. Kent. Privacy Enhancement for Internet Electronic Mail, Part II: Certificate-Based Key Management, Request for Comments 1422. Network Working Group, 1993.
R. Kohlas and U. Maurer. Confidence valuation in a public-key infrastrucutre based on uncertain evidence. In Proceedings of the 3rd International Workshop on Practice and Theory in Public Key Cryptosystems (PKC 2000), volume 1751 of Lecture Notes in Computer Science, pages 93-113. Springer, 2000.
N. Li, B. Grosof, and J. Feigenbaum. A practically implementable and tractable delegation logic. In Proceedings of the 2000 IEEE Computer Society Symposium on research in Security and Privacy, pages 27–42, 2000.
C. Liu, M. A. Ozols, M. Henderson, and T. Cant. A state-based model for ceritificate management systems. In Proceedings of the 3rd International Workshop on Practice and Theory in Public Key Cryptosystems (PKC 2000), volume 1751 of Lecture Notes in Computer Science, pages 75–92. Springer, 2000.
Ueli Maurer. Modeling a public-key infrastructure. In E. Bertino, H. Knurth, G. Martella, and E. Montolivo, editors, Computer Security-ESORICS’96 (LNCS 1146). Springer-Verlag, 1996.
M. A. Ozols, M. Henderson, C. Liu, and T. Cant. The PKI specification dilemma: A formal solution. In Proceedings of the 5th Australasian Conference on Information Security and Privacy (ACISP 2000), volume 1841 of Lecture Notes in Computer Science, pages 206–219. Springer, 2000.
L. C. Paulson. ML for Working Programmer. Cambridge University Press, 1991.
R. Yahalom, B. Klein, and Th. Beth. Trust relationships in security systems-A distributed authentication prespective. In Proceedings of the 1993 IEEE Computer Society Symposium on research in Security and Privacy, pages 151–164, 1993.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Liu, C., Ozols, M., Cant, T. (2001). An Axiomatic Basis for Reasoning about Trust in PKIs. In: Varadharajan, V., Mu, Y. (eds) Information Security and Privacy. ACISP 2001. Lecture Notes in Computer Science, vol 2119. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-47719-5_23
Download citation
DOI: https://doi.org/10.1007/3-540-47719-5_23
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42300-3
Online ISBN: 978-3-540-47719-8
eBook Packages: Springer Book Archive