Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us
Search
Cart
Book cover

European Symposium on Research in Computer Security

ESORICS 1996: Computer Security — ESORICS 96 pp 325–350Cite as

  1. Home
  2. Computer Security — ESORICS 96
  3. Conference paper
Modelling a public-key infrastructure

Modelling a public-key infrastructure

  • Ueli Maurer1 
  • Conference paper
  • First Online: 01 January 2005

  • 2185 Accesses

  • 117 Citations

Part of the Lecture Notes in Computer Science book series (LNCS,volume 1146)

Abstract

A global public-key infrastructure (PKI), components of which are emerging in the near future, is a prerequisite for security in distributed systems and for electronic commerce. The purpose of this paper is to propose an approach to modelling and reasoning about a PKI from a user Alice's point of view. Her view, from which she draws conclusions about the authenticity of other entities' public keys and possibly about the trustworthiness of other entities, consists of statements about which public keys she believes to be authentic and which entities she believes to be trustworthy, as well as a collection of certificates and recommendations obtained or retrieved from the PKI. The model takes into account recommendations for the trustworthiness of entities. Furthermore, it includes confidence values for statements and can exploit arbitrary certification structures containing multiple intersecting certification paths to achieve a higher confidence value than for any single certification path. Confidence values are measured on a continuous scale between 0 and 1 and, in contrast to previous work in this area, are interpreted as probabilities in a well-defined random experiment.

Key words

  • Distributed system security
  • key management
  • public-key certification
  • cryptography
  • trust
  • recommendations
  • probabilistic logic

Chapter PDF

Download to read the full chapter text

References

  1. T. Beth, M. Borcherding and B. Klein, Valuation of trust in open systems, Computer Security — ESORICS '94, D. Gollmann (Ed.), Lecture Notes in Computer Science, Berlin: Springer-Verlag, 1994, vol. 875, pp. 3–18.

    Google Scholar 

  2. A. Birell, B. Lampson, R. Needham and M. Schroeder, A global authentication service without global trust, Proc. IEEE Symposium on Research in Security and Privacy, 1986, pp. 223–230.

    Google Scholar 

  3. C. Boyd, Security architectures using formal methods, IEEE Journal on Selected Areas in Communications, vol. 11, no. 5, 1993, pp. 694–701.

    Google Scholar 

  4. M. Burrows, M. Abadi and R. Needham, A logic of authentication, ACM Transactions on Computer Systems, vol. 8, no. 1, 1990, pp. 18–36.

    Google Scholar 

  5. E. A. Campbell, R. Safavi-Naini and P. A. Pleasants, Partial belief and probabilistic reasoning in the analysis of secure protocols, Proc. The Computer Security Foundations Workshop V, IEEE Computer Society Press, 1992, pp. 84–91.

    Google Scholar 

  6. S. Chokhani, Towards a national public-key infrastructure, IEEE Communications Magazine, vol. 32, no. 9, 1994, pp. 70–74.

    Google Scholar 

  7. W. Diffie and M. E. Hellman, New directions in cryptography, IEEE Transactions on Information Theory, vol. 22, no. 6, 1976, pp. 644–654.

    Google Scholar 

  8. R. Fagin and J. Y. Halpern, Uncertainty, belief, and probability, Proc. of the Eleventh International Joint Conference on Artificial Intelligence, August 1989, vol. 2, pp. 1161–1167.

    Google Scholar 

  9. W. Feller, An Introduction to Probability Theory and its Applications, third ed., vol. 1, New York, NY: Wiley, 1968.

    Google Scholar 

  10. J. Glasgow, G. MacEwen and P. Panangaden, A logic for reasoning about security, ACM Transactions on Computer Systems, vol. 10, no. 3, 1992, pp. 226–264.

    Google Scholar 

  11. V. D. Gligor, S.-W. Luan and J. N. Pato, On inter-realm authentication in large distributed systems, Proc. IEEE Conference on security and privacy, 1992, pp. 2–17.

    Google Scholar 

  12. T. Hailperin, Probability logic, Notre Dame Journal of Formal Logic, vol. 25, no. 3, July 1984, pp. 198–212.

    Google Scholar 

  13. B. Lampson, M. Abadi, M. Burrows and E. Wobber, Authentication in distributed systems: theory and practice, Proc. 13th ACM Symp. on Operating Systems Principles, 1991, pp. 165–182.

    Google Scholar 

  14. U. M. Maurer and P. E. Schmid, A calculus for secure channel establishment in open networks, Proc. 1994 European Symposium on Research in Computer Security (ESORICS' 94), D. Gollmann (Ed.), Lecture Notes in Computer Science, Berlin: Springer-Verlag, 1994, vol. 875, pp. 175–192.

    Google Scholar 

  15. R. Molva, G. Tsudik, E. Van Herreweghen and S. Zatti, KryptoKnight Authentication and Key Distribution System, Proc. 1992 European Symposium on Research in Computer Security (ESORICS 92), Y. Deswarte, G. Eizenberg, J.-J. Quisquater (Eds.), Lecture Notes in Computer Science, Berlin: Springer-Verlag, 1992, vol. 648, pp. 155–174.

    Google Scholar 

  16. A. Nerode and R. A. Shore, Logic for Applications, Springer Verlag, 1993.

    Google Scholar 

  17. N.J. Nilsson, Probabilistic logic, Artificial Intelligence, vol. 28, no. 1, 1986, pp. 71–86.

    Google Scholar 

  18. C. H. Papadimitriou, V. Rangan, M. Sideri, ”Designing Secure Communication Protocols from Trust Specifications”, Algorithmica, 1994, pp. 485–499.

    Google Scholar 

  19. P. V. Rangan, An axiomatic theory of trust in secure communication protocols, Computers & Security, vol. 11, 1992, pp. 163–172.

    Google Scholar 

  20. R. L. Rivest, A. Shamir, and L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM, vol. 21, no. 2, 1978, pp. 120–126.

    Google Scholar 

  21. B. Schneier, Applied Cryptography, 2nd edition, John Wiley & Sons, Inc., New York, 1996.

    Google Scholar 

  22. J. G. Steiner, B.C. Neuman and J.I. Schiller, Kerberos: An authentication service for open network systems, Proceedings of Winter USENIX 1988, Dallas, Texas.

    Google Scholar 

  23. W. Stallings, Network and Internetwork Security, Englewood Cliffs, NJ: Prentice Hall, 1995.

    Google Scholar 

  24. P. Syverson and C. Meadows, A logical language for specifying cryptographic protocols requirements, Proc. IEEE Conf. on Research in Security and Privacy, 1993, pp. 165–180.

    Google Scholar 

  25. J. J. Tardo and K. Alagappan, SPX: Global authentication using public key certificates, Proc. IEEE Conf. on Research in Security and Privacy, 1991, pp. 232–244.

    Google Scholar 

  26. R. Yahalom, B. Klein and T. Beth, Trust relationships in secure systems — a distributed authentication perspective, Proc. IEEE Conf. on Research in Security and Privacy, 1993, pp. 150–164.

    Google Scholar 

  27. P. Zimmermann, PGP User's Guide, vol. I and II, Version 2.6, May 22, 1994.

    Google Scholar 

  28. ISO/IEC International Standard 9594-8, Information technology — open systems interconnection — the directory, Part 8: Authentication framework, 1990.

    Google Scholar 

  29. Privacy enhanced mail (PEM), Internet Request for Comments (RFC) 1421–1424.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Swiss Federal Institute of Technology (ETH), CH-8092, Zürich, Switzerland

    Ueli Maurer

Authors
  1. Ueli Maurer
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

    Rights and permissions

    Reprints and Permissions

    Copyright information

    © 1996 Springer-Verlag Berlin Heidelberg

    About this paper

    Cite this paper

    Maurer, U. (1996). Modelling a public-key infrastructure. In: Bertino, E., Kurth, H., Martella, G., Montolivo, E. (eds) Computer Security — ESORICS 96. ESORICS 1996. Lecture Notes in Computer Science, vol 1146. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-61770-1_45

    Download citation

    • .RIS
    • .ENW
    • .BIB

    • DOI: https://doi.org/10.1007/3-540-61770-1_45

    • Published: 02 June 2005

    • Publisher Name: Springer, Berlin, Heidelberg

    • Print ISBN: 978-3-540-61770-9

    • Online ISBN: 978-3-540-70675-5

    • eBook Packages: Springer Book Archive

    Share this paper

    Anyone you share the following link with will be able to read this content:

    Sorry, a shareable link is not currently available for this article.

    Provided by the Springer Nature SharedIt content-sharing initiative

    search

    Navigation

    • Find a journal
    • Publish with us

    Discover content

    • Journals A-Z
    • Books A-Z

    Publish with us

    • Publish your research
    • Open access publishing

    Products and services

    • Our products
    • Librarians
    • Societies
    • Partners and advertisers

    Our imprints

    • Springer
    • Nature Portfolio
    • BMC
    • Palgrave Macmillan
    • Apress
    • Your US state privacy rights
    • Accessibility statement
    • Terms and conditions
    • Privacy policy
    • Help and support

    18.206.12.157

    Not affiliated

    Springer Nature

    © 2023 Springer Nature