Reasoning about Public-Key Certification: On Bindings between Entities and Public Keys
Public-key certification is of crucial importance for advanc- ing the global information infrastructure, yet it suffers from certain am- biguities and lack of understanding and precision. This paper suggests a few steps towards basing public-key certification and public-key in- frastructures on firmer theoretical grounds. In particular, we investigate the notion of binding a public to an entity.
We propose a calculus for deriving conclusions from a given entity Alice’s (for instance a judge’s) view consisting of evidence and inference rules valid in Alice’s world. The evidence consists of statements made by public keys (e.g., certificates, authorizations, or recommendations), statements made physically towards Alice by other entities, and trust assumptions. Conclusions are about who says a statement, who owns or is committed to a public key, and who transfers a right or authorization to another entity, and are derived by applying the inference rules.
KeywordsInference Rule Statement Trust Exclusive Ownership Computer Security Foundation Workshop Variable Instantiation
Unable to display preview. Download preview PDF.
- 1.W. Stallings Protect your privacy. Prentice Hall, 1996.Google Scholar
- 2.I. Lehti and P. Nikander Certifying trust. In H. Imai and Y. Theng, editors, Proceedings of the first international workshop on Practice and Theory in Public Key Cryptography, PKC’98, pages 83–98, 1998.Google Scholar
- 3.P.R. Zimmermann The Official PGP User’s Guide. MIT Press, Cambridge, MA, USA, 1995.Google Scholar
- 5.S. Micali Efficient certificate revocation. Technical report, Technical Memo MIT/LCS/TM-542b, 1996.Google Scholar
- 6.M. Abadi On SDSI’s linked local name spaces. In Proceedings of the 10th IEEE Computer Security FoundationsWorkshop, pages 98–108. IEEE Computer Society, 1997.Google Scholar
- 7.U. Maurer Modelling a public-key infrastructure. In E. Bertino, H. Kurth, G. Martella, and E. Montolivo, editors, Proceedings 1996 European Symposium on Research in Computer Security (ESORICS’ 96), Lecture Notes in Computer Science, Springer, LNCS, pages 325–350, 1996.Google Scholar
- 8.C.E. et al SPKI http://www.clark.net/pub/cme/html/spki.html. Internet Draft, 1998. Expires: 16 September 1998.
- 11.R. Rivest Can we eliminate certificate revocation lists? In R. Hirschfeld, editor, Proceedings of Financial Cryptography 1998, pages 178–183, 1998.Google Scholar
- 13.M. Naor and K. Nissim Certificate revocation and certificate update. Proceedings of Usenix’ 98, pages 217–228, January 1998.Google Scholar
- 14.M. Blaze, J. Feigenbaum, and J. Lacy Decentralized trust management. In Proceedings of the Symposium on Security and Privacy, pages 164–173. IEEE Computer Society Press, 1996.Google Scholar
- 15.C. Ellison Establishing identity without certification authorities. In USENIX Association, editor, 6th USENIX Security Symposium, July 22-25, 1996. San Jose, CA, pages 67–76. USENIX, July 1996.Google Scholar
- 17.T. Beth, M. Borcherding, and B. Klein Valuation of trust in open systems. In D. Gollmann, editor, Computer Security-Esorics’ 94, volume 875 of Lecture Notes in Computer Science, pages 3–18. Springer Verlag, Berlin, 1994.Google Scholar
- 19.D. Chadwick and A. Young Merging and extending the PGP and PEM trust models. IEEE Network Magazine, May 1997.Google Scholar
- 20.U. Maurer and P. Schmid A calculus for secure channel establishment in open networks. In D. Gollmann, editor, Proc. 1994 European Symposium on Research in Computer Security (ESORICS ‘94), volume 875, pages 175–192. Lecture Notes in Computer Science, 1994.Google Scholar
- 21.T.M.C.Group MCG-internet open group on certification and security, http://mcg.org.br/, 1998.
- 22.M. Reiter and S. Stubblebine Path independence for authentication in large-scale systems. Proceedings of the 4th ACM Conference on Computer and Communications Security, pages 57–66, 1997.Google Scholar
- 25.P. Syverson and C. Meadows A logical language for specifying cryptographic protocols requirements. In IEEE Conferences on Research in Security and Privacy, pages 165–180, 1993.Google Scholar
- 26.E. Campbell, R. Safavi-Naini, and P. Pleasants Partial belief and probabilistic reasoning in the analysis of secure protocols. In The computer Security Foundations Workshop V, pages 84–91, 1992.Google Scholar
- 27.S. Stubblebine and R. Wright An authentication logic supporting synchronization, revocation, and recency. In SIGSAC: 3rd ACM Conference on Computer and Communications Security. ACM SIGSAC, 1996.Google Scholar
- 28.S. Consortium Basic services, architecture and design, available at http://www.semper.org/info/index.html. Technical report, SEMPER, 1996.
- 29.R. Rivest and B. Lampson SDSI-A simple distributed security infrastructure, http://theory.lcs.mit.edu/~cis/sdsi.html. Presented at CRYPTO’96_Rumpsession, April 1996.
- 30.R. Yaholem, B. Klein, and T. Beth Trust relationships in secure systems-a distributed authentication perspective. In Proceedings of the IEEE Conference on Research in Security and Privacy, pages 150–164, 1993.Google Scholar
- 32.I.I.S. 9594-8 Information technology, open systems interconnection, the directory, part 8: Authentication framework, 1990.Google Scholar