Advertisement

End-to-End Trust Starts with Recognition

  • Jean-Marc Seigneur
  • Stephen Farrell
  • Christian Damsgaard Jensen
  • Elizabeth Gray
  • Yong Chen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2802)

Abstract

Pervasive computing requires some level of trust to be established between entities. In this paper we argue for an entity recognition based approach to building this trust which differs from starting from more traditional authentication methods. We also argue for the concept of a ”pluggable” recognition module which allows different recognition schemes to be used in different circumstances. Finally, we propose that the trust in the underlying infrastructure has to be taken into account when considering end-to-end trust.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abdul-Rahman, A., Hailes, S.: A Distributed Trust Model. In: Proceedings of the 1997 New Security Paradigms Workshop, pp. 48–60. ACM Press, New York (1997)CrossRefGoogle Scholar
  2. 2.
    Axelrod, R.: The Evolution of Cooperation. Basic Books Publishers, New York (1984) ISBN 0-465-02122-0Google Scholar
  3. 3.
    Blaze, M., Feigenbaum, J., Keromytis, A.D.: Keynote: Trust Management for Public-Key Infrastructures. In: Proceedings of the Cambridge 1998 Security Protocols International Workshop, Cambridge, England, pp. 59-63 (1998)Google Scholar
  4. 4.
    Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized Trust Management. In: Proceedings of the 17th IEEE Symp. on Security and Privacy, pp. 164–173. IEEE Computer Society, Los Alamitos (1996)Google Scholar
  5. 5.
    Christianson, B., Harbison, W.S.: Why Isn’t Trust Transitive? In: Proceedings of the Security Protocols International Workshop, University of Cambridge (1996)Google Scholar
  6. 6.
    Ducatel, K., Bogdanowicz, M., Scapolo, F., Leitjen, J., Burgelman, J.-C.: That’s what friends are for. Ambient Intelligence (AmI) and the IS in 2010. In: the congress of Innovations for an e-Society, Challenges for Technology Assessment Berlin, Deutschland, Oktober 17 – 19 (2001)Google Scholar
  7. 7.
    Ellison, C.: The Trust Shell Game. In: Christianson, B., Crispo, B., Harbison, W.S., Roe, M. (eds.) Security Protocols 1998. LNCS, vol. 1550, pp. 36–40. Springer, Heidelberg (1999) ISBN 3-540-65663-4CrossRefGoogle Scholar
  8. 8.
    IEEE: Pervasive computing. IEEE Magazine, http://www.computer.org/pervasive/
  9. 9.
    IETF: Public-Key Infrastructure (X.509), http://www.ietf.org/html.charters/pkix-charter.html
  10. 10.
    ITU: The Directory: Overview of Concepts, Models and Service. ITU-T Rec. X.500, Information Technology - Open Systems Interconnection (1993), http://www.itu.int/home/index.html
  11. 11.
    Jensen, C. D.: Secure Collaboration in Global Computing Systems. In: ERCIM News, vol. 49, (2002) Google Scholar
  12. 12.
    Johnson, S.: Emergence (2001) ISBN 0-140-287-752 Google Scholar
  13. 13.
    Jøsang, A.: The right type of trust for distributed systems. In: Proceedings of the 1996 New Security Paradigms Workshop, ACM, New York (1996)Google Scholar
  14. 14.
    Jøsang, A.: A Subjective Metric of Authentication. In: Quisquater, J.-J., Deswarte, Y., Meadows, C., Gollmann, D. (eds.) ESORICS 1998. LNCS, vol. 1485, pp. 329–344. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  15. 15.
    Jøsang, A., Knapskog, S.J.: A Metric for Trusted Systems. In: Proceedings of the 21st NIST-NCSC National Information Systems Security Conference (1998)Google Scholar
  16. 16.
    Khare, R.: What’s in a Name? Trust. 4K Associates (1999), http://www.4k-associates.com/IEEE-L7-names-trust.html
  17. 17.
    Kohl, J., Neuman, B.C.: The Kerberos Network Authentication Service (Version 5). Internet Request for Comments RFC-1510 (1993)Google Scholar
  18. 18.
    Marsh, S.: Formalising Trust as a Computational Concept. PhD Thesis, Department of Mathematics and Computer Science, University of Stirling (1994), http://citeseer.nj.nec.com/marsh94formalising.html
  19. 19.
    Merriam-Webster: Merriam-Webster’s Collegiate Dictionary. Website, http://www.m-w.com/
  20. 20.
    Microsoft: .NET Framework General Reference: trust Element.Website, (2001), http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpgenref/html/gngrftrustsection.asp
  21. 21.
  22. 22.
    Reiter, M.K., Stubblebine, S.G.: Authentication Metric Analysis and Design. ACM Transactions on Information and System Security 2(2), 138–158 (1999)CrossRefGoogle Scholar
  23. 23.
    Samar, V., Lai, C.: Making Login Services Independent of Authentication Technologies. Sun Microsystems (1995), http://java.sun.com/security/jaas/doc/pam.html
  24. 24.
    SECURE: Secure Environments for Collaboration among Ubiquitous Roaming Entities. Website, http://secure.dsg.cs.tcd.ie
  25. 25.
    Seigneur, J.M., Abendroth, J., Jensen, C.D.: Bank Accounting and Ubiquitous Brokering of Trustos. In: 7th Cabernet Radicals Workshop (2002), http://citeseer.nj.nec.com/seigneur02bank.html
  26. 26.
    Seigneur, J.-M., Farrell, S., Jensen, C.D.: Secure ubiquitous computing based on entity recognition. In: Ubicomp 2002 Security Workshop, Göteborg (2002), http://www.cs.tcd.ie/Jean-Marc.Seigneur/publications/secureubicomper.pdf
  27. 27.
    Smith, R.E.: Authentication: from passwords to public keys. Addison-Wesley, Reading (2001) ISBN 0-201-61599-1Google Scholar
  28. 28.
    Stajano, F.: Security for Ubiquitous Computing. John Wiley & Sons, Chichester (2002) ISBN 0470844930CrossRefGoogle Scholar
  29. 29.
    Stajano, F., Anderson, R.: The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks. In: Proceedings of the 7th International Security Protocols Workshop, pp. 172-194 (1999)Google Scholar
  30. 30.
    TCPA: TCPA Design Philosophies and Concepts Version 1.0.White paper, Trusted Computing Platform Alliance (2000), http://www.trustedcomputing.org/docs/designv10final.pdf
  31. 31.
    TCPA: Trusted Computing Platform Alliance, Website http://www.trustedcomputing.org/
  32. 32.
    Weeks, S.: Understanding Trust Management Systems. In: IEEE Symposium on Security and Privacy, Oakland (2001)Google Scholar
  33. 33.
    Weiser, M.: The Computer for the 21st Century. Scientific American (1991), http://www.ubiq.com/hypertext/weiser/SciAmDraft3.html
  34. 34.
    Weiser, M., Brown, J.S.: Designing Calm Technology. PowerGrid Journal 1.01 (1996)Google Scholar
  35. 35.
    Wexler, J.: Wi-fi world. Network World (2002), http://www.nwfusion.com/wifi/2002/main.html
  36. 36.
    Zimmermann, P.R.: The Official PGP User’s Guide. MIT Press, Cambridge (1995) ISBN 0-262-74017-6Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Jean-Marc Seigneur
    • 1
  • Stephen Farrell
    • 1
  • Christian Damsgaard Jensen
    • 1
  • Elizabeth Gray
    • 1
  • Yong Chen
    • 1
  1. 1.Distributed Systems Group, Department of Computer ScienceTrinity College DublinDublin 2Ireland

Personalised recommendations