Advertisement

Reasoning about Public-Key Certification: On Bindings between Entities and Public Keys

  • Reto Kohlas
  • Ueli Maurer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1648)

Abstract

Public-key certification is of crucial importance for advanc- ing the global information infrastructure, yet it suffers from certain am- biguities and lack of understanding and precision. This paper suggests a few steps towards basing public-key certification and public-key in- frastructures on firmer theoretical grounds. In particular, we investigate the notion of binding a public to an entity.

We propose a calculus for deriving conclusions from a given entity Alice’s (for instance a judge’s) view consisting of evidence and inference rules valid in Alice’s world. The evidence consists of statements made by public keys (e.g., certificates, authorizations, or recommendations), statements made physically towards Alice by other entities, and trust assumptions. Conclusions are about who says a statement, who owns or is committed to a public key, and who transfers a right or authorization to another entity, and are derived by applying the inference rules.

Keywords

Inference Rule Statement Trust Exclusive Ownership Computer Security Foundation Workshop Variable Instantiation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    W. Stallings Protect your privacy. Prentice Hall, 1996.Google Scholar
  2. 2.
    I. Lehti and P. Nikander Certifying trust. In H. Imai and Y. Theng, editors, Proceedings of the first international workshop on Practice and Theory in Public Key Cryptography, PKC’98, pages 83–98, 1998.Google Scholar
  3. 3.
    P.R. Zimmermann The Official PGP User’s Guide. MIT Press, Cambridge, MA, USA, 1995.Google Scholar
  4. 4.
    M. Myers Revocation: Options and challenges. In R. Hirschfeld, editor, Financial Cryptography, volume 1465 of Lecture Notes in Computer Science, pages 165–172. Springer Verlag, Berlin, 1998.CrossRefGoogle Scholar
  5. 5.
    S. Micali Efficient certificate revocation. Technical report, Technical Memo MIT/LCS/TM-542b, 1996.Google Scholar
  6. 6.
    M. Abadi On SDSI’s linked local name spaces. In Proceedings of the 10th IEEE Computer Security FoundationsWorkshop, pages 98–108. IEEE Computer Society, 1997.Google Scholar
  7. 7.
    U. Maurer Modelling a public-key infrastructure. In E. Bertino, H. Kurth, G. Martella, and E. Montolivo, editors, Proceedings 1996 European Symposium on Research in Computer Security (ESORICS’ 96), Lecture Notes in Computer Science, Springer, LNCS, pages 325–350, 1996.Google Scholar
  8. 8.
    C.E. et al SPKI http://www.clark.net/pub/cme/html/spki.html. Internet Draft, 1998. Expires: 16 September 1998.
  9. 9.
    P. Kocher On certificate revocation and validation. In R. Hirschfeld, editor, Financial Cryptography, volume 1465 of Lecture Notes in Computer Science, pages 172–177. Springer Verlag, Berlin, 1998.CrossRefGoogle Scholar
  10. 10.
    C. Boyd Security architectures using formal methods. IEEE Journal on Selected Areas in Communications, 11(5):694–701, 1993.CrossRefGoogle Scholar
  11. 11.
    R. Rivest Can we eliminate certificate revocation lists? In R. Hirschfeld, editor, Proceedings of Financial Cryptography 1998, pages 178–183, 1998.Google Scholar
  12. 12.
    M. Burrows, M. Abadi, and R. Needham A logic of authentication. ACM Transactions on Computer Systems, 8(1):18–36, 1990.CrossRefGoogle Scholar
  13. 13.
    M. Naor and K. Nissim Certificate revocation and certificate update. Proceedings of Usenix’ 98, pages 217–228, January 1998.Google Scholar
  14. 14.
    M. Blaze, J. Feigenbaum, and J. Lacy Decentralized trust management. In Proceedings of the Symposium on Security and Privacy, pages 164–173. IEEE Computer Society Press, 1996.Google Scholar
  15. 15.
    C. Ellison Establishing identity without certification authorities. In USENIX Association, editor, 6th USENIX Security Symposium, July 22-25, 1996. San Jose, CA, pages 67–76. USENIX, July 1996.Google Scholar
  16. 16.
    B. Fox and B. LaMaccia Certificate revocation: Mechanisms and meaning. In R. Hirschfeld, editor, Financial Cryptography, volume 1465 of Lecture Notes in Computer Science, pages 158–164. Springer Verlag, Berlin, 1998.CrossRefGoogle Scholar
  17. 17.
    T. Beth, M. Borcherding, and B. Klein Valuation of trust in open systems. In D. Gollmann, editor, Computer Security-Esorics’ 94, volume 875 of Lecture Notes in Computer Science, pages 3–18. Springer Verlag, Berlin, 1994.Google Scholar
  18. 18.
    J. Glasgow, G. MacEwen, and P. Panagaden A logic for reasoning about security. ACM transactions on Computer Systems, 10(3):226–264, 1992.CrossRefGoogle Scholar
  19. 19.
    D. Chadwick and A. Young Merging and extending the PGP and PEM trust models. IEEE Network Magazine, May 1997.Google Scholar
  20. 20.
    U. Maurer and P. Schmid A calculus for secure channel establishment in open networks. In D. Gollmann, editor, Proc. 1994 European Symposium on Research in Computer Security (ESORICS ‘94), volume 875, pages 175–192. Lecture Notes in Computer Science, 1994.Google Scholar
  21. 21.
    T.M.C.Group MCG-internet open group on certification and security, http://mcg.org.br/, 1998.
  22. 22.
    M. Reiter and S. Stubblebine Path independence for authentication in large-scale systems. Proceedings of the 4th ACM Conference on Computer and Communications Security, pages 57–66, 1997.Google Scholar
  23. 23.
    M. Abadi, M. Burrows, B. Lampson, and G. Plotkin A calculus for access control in distributed systems. ACM Transactions on Programming Languages and Systems, 15(4):706–734, September 1993.CrossRefGoogle Scholar
  24. 24.
    B. Lampson, M. Abadi, M. Burrows, and E. Wobber Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems, 10(4):265–310, November 1992.CrossRefGoogle Scholar
  25. 25.
    P. Syverson and C. Meadows A logical language for specifying cryptographic protocols requirements. In IEEE Conferences on Research in Security and Privacy, pages 165–180, 1993.Google Scholar
  26. 26.
    E. Campbell, R. Safavi-Naini, and P. Pleasants Partial belief and probabilistic reasoning in the analysis of secure protocols. In The computer Security Foundations Workshop V, pages 84–91, 1992.Google Scholar
  27. 27.
    S. Stubblebine and R. Wright An authentication logic supporting synchronization, revocation, and recency. In SIGSAC: 3rd ACM Conference on Computer and Communications Security. ACM SIGSAC, 1996.Google Scholar
  28. 28.
    S. Consortium Basic services, architecture and design, available at http://www.semper.org/info/index.html. Technical report, SEMPER, 1996.
  29. 29.
    R. Rivest and B. Lampson SDSI-A simple distributed security infrastructure, http://theory.lcs.mit.edu/~cis/sdsi.html. Presented at CRYPTO’96_Rumpsession, April 1996.
  30. 30.
    R. Yaholem, B. Klein, and T. Beth Trust relationships in secure systems-a distributed authentication perspective. In Proceedings of the IEEE Conference on Research in Security and Privacy, pages 150–164, 1993.Google Scholar
  31. 31.
    M. Blaze, J. Feigenbaum, and M. Strauss Compliance checking in the policymaker trust management system. In R. Hirschfeld, editor, Financial Cryptography, volume 1465 of Lecture Notes in Computer Science, pages 254–274. Springer Verlag, Berlin, 1998.CrossRefGoogle Scholar
  32. 32.
    I.I.S. 9594-8 Information technology, open systems interconnection, the directory, part 8: Authentication framework, 1990.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • Reto Kohlas
    • 1
  • Ueli Maurer
    • 1
  1. 1.Department of Computer ScienceSwiss Federal Institute of Technology (ETH)ZürichSwitzerland

Personalised recommendations