Skip to main content
Book cover

European Symposium on Research in Computer Security

ESORICS 1996: Computer Security — ESORICS 96 pp 325–350Cite as

Modelling a public-key infrastructure

Part of the Lecture Notes in Computer Science book series (LNCS,volume 1146)

Abstract

A global public-key infrastructure (PKI), components of which are emerging in the near future, is a prerequisite for security in distributed systems and for electronic commerce. The purpose of this paper is to propose an approach to modelling and reasoning about a PKI from a user Alice's point of view. Her view, from which she draws conclusions about the authenticity of other entities' public keys and possibly about the trustworthiness of other entities, consists of statements about which public keys she believes to be authentic and which entities she believes to be trustworthy, as well as a collection of certificates and recommendations obtained or retrieved from the PKI. The model takes into account recommendations for the trustworthiness of entities. Furthermore, it includes confidence values for statements and can exploit arbitrary certification structures containing multiple intersecting certification paths to achieve a higher confidence value than for any single certification path. Confidence values are measured on a continuous scale between 0 and 1 and, in contrast to previous work in this area, are interpreted as probabilities in a well-defined random experiment.

Key words

  • Distributed system security
  • key management
  • public-key certification
  • cryptography
  • trust
  • recommendations
  • probabilistic logic

Download conference paper PDF

References

  1. T. Beth, M. Borcherding and B. Klein, Valuation of trust in open systems, Computer Security — ESORICS '94, D. Gollmann (Ed.), Lecture Notes in Computer Science, Berlin: Springer-Verlag, 1994, vol. 875, pp. 3–18.

    Google Scholar 

  2. A. Birell, B. Lampson, R. Needham and M. Schroeder, A global authentication service without global trust, Proc. IEEE Symposium on Research in Security and Privacy, 1986, pp. 223–230.

    Google Scholar 

  3. C. Boyd, Security architectures using formal methods, IEEE Journal on Selected Areas in Communications, vol. 11, no. 5, 1993, pp. 694–701.

    Google Scholar 

  4. M. Burrows, M. Abadi and R. Needham, A logic of authentication, ACM Transactions on Computer Systems, vol. 8, no. 1, 1990, pp. 18–36.

    Google Scholar 

  5. E. A. Campbell, R. Safavi-Naini and P. A. Pleasants, Partial belief and probabilistic reasoning in the analysis of secure protocols, Proc. The Computer Security Foundations Workshop V, IEEE Computer Society Press, 1992, pp. 84–91.

    Google Scholar 

  6. S. Chokhani, Towards a national public-key infrastructure, IEEE Communications Magazine, vol. 32, no. 9, 1994, pp. 70–74.

    Google Scholar 

  7. W. Diffie and M. E. Hellman, New directions in cryptography, IEEE Transactions on Information Theory, vol. 22, no. 6, 1976, pp. 644–654.

    Google Scholar 

  8. R. Fagin and J. Y. Halpern, Uncertainty, belief, and probability, Proc. of the Eleventh International Joint Conference on Artificial Intelligence, August 1989, vol. 2, pp. 1161–1167.

    Google Scholar 

  9. W. Feller, An Introduction to Probability Theory and its Applications, third ed., vol. 1, New York, NY: Wiley, 1968.

    Google Scholar 

  10. J. Glasgow, G. MacEwen and P. Panangaden, A logic for reasoning about security, ACM Transactions on Computer Systems, vol. 10, no. 3, 1992, pp. 226–264.

    Google Scholar 

  11. V. D. Gligor, S.-W. Luan and J. N. Pato, On inter-realm authentication in large distributed systems, Proc. IEEE Conference on security and privacy, 1992, pp. 2–17.

    Google Scholar 

  12. T. Hailperin, Probability logic, Notre Dame Journal of Formal Logic, vol. 25, no. 3, July 1984, pp. 198–212.

    Google Scholar 

  13. B. Lampson, M. Abadi, M. Burrows and E. Wobber, Authentication in distributed systems: theory and practice, Proc. 13th ACM Symp. on Operating Systems Principles, 1991, pp. 165–182.

    Google Scholar 

  14. U. M. Maurer and P. E. Schmid, A calculus for secure channel establishment in open networks, Proc. 1994 European Symposium on Research in Computer Security (ESORICS' 94), D. Gollmann (Ed.), Lecture Notes in Computer Science, Berlin: Springer-Verlag, 1994, vol. 875, pp. 175–192.

    Google Scholar 

  15. R. Molva, G. Tsudik, E. Van Herreweghen and S. Zatti, KryptoKnight Authentication and Key Distribution System, Proc. 1992 European Symposium on Research in Computer Security (ESORICS 92), Y. Deswarte, G. Eizenberg, J.-J. Quisquater (Eds.), Lecture Notes in Computer Science, Berlin: Springer-Verlag, 1992, vol. 648, pp. 155–174.

    Google Scholar 

  16. A. Nerode and R. A. Shore, Logic for Applications, Springer Verlag, 1993.

    Google Scholar 

  17. N.J. Nilsson, Probabilistic logic, Artificial Intelligence, vol. 28, no. 1, 1986, pp. 71–86.

    Google Scholar 

  18. C. H. Papadimitriou, V. Rangan, M. Sideri, ”Designing Secure Communication Protocols from Trust Specifications”, Algorithmica, 1994, pp. 485–499.

    Google Scholar 

  19. P. V. Rangan, An axiomatic theory of trust in secure communication protocols, Computers & Security, vol. 11, 1992, pp. 163–172.

    Google Scholar 

  20. R. L. Rivest, A. Shamir, and L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM, vol. 21, no. 2, 1978, pp. 120–126.

    Google Scholar 

  21. B. Schneier, Applied Cryptography, 2nd edition, John Wiley & Sons, Inc., New York, 1996.

    Google Scholar 

  22. J. G. Steiner, B.C. Neuman and J.I. Schiller, Kerberos: An authentication service for open network systems, Proceedings of Winter USENIX 1988, Dallas, Texas.

    Google Scholar 

  23. W. Stallings, Network and Internetwork Security, Englewood Cliffs, NJ: Prentice Hall, 1995.

    Google Scholar 

  24. P. Syverson and C. Meadows, A logical language for specifying cryptographic protocols requirements, Proc. IEEE Conf. on Research in Security and Privacy, 1993, pp. 165–180.

    Google Scholar 

  25. J. J. Tardo and K. Alagappan, SPX: Global authentication using public key certificates, Proc. IEEE Conf. on Research in Security and Privacy, 1991, pp. 232–244.

    Google Scholar 

  26. R. Yahalom, B. Klein and T. Beth, Trust relationships in secure systems — a distributed authentication perspective, Proc. IEEE Conf. on Research in Security and Privacy, 1993, pp. 150–164.

    Google Scholar 

  27. P. Zimmermann, PGP User's Guide, vol. I and II, Version 2.6, May 22, 1994.

    Google Scholar 

  28. ISO/IEC International Standard 9594-8, Information technology — open systems interconnection — the directory, Part 8: Authentication framework, 1990.

    Google Scholar 

  29. Privacy enhanced mail (PEM), Internet Request for Comments (RFC) 1421–1424.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Swiss Federal Institute of Technology (ETH), CH-8092, Zürich, Switzerland

    Ueli Maurer

Authors
  1. Ueli Maurer
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

    Rights and permissions

    Reprints and Permissions

    Copyright information

    © 1996 Springer-Verlag Berlin Heidelberg

    About this paper

    Cite this paper

    Maurer, U. (1996). Modelling a public-key infrastructure. In: Bertino, E., Kurth, H., Martella, G., Montolivo, E. (eds) Computer Security — ESORICS 96. ESORICS 1996. Lecture Notes in Computer Science, vol 1146. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-61770-1_45

    Download citation

    • DOI: https://doi.org/10.1007/3-540-61770-1_45

    • Published:

    • Publisher Name: Springer, Berlin, Heidelberg

    • Print ISBN: 978-3-540-61770-9

    • Online ISBN: 978-3-540-70675-5

    • eBook Packages: Springer Book Archive