Abstract
Users in a distributed system establish webs of trust by issuing and exchanging certificates amont themselves. This approach does not require a central, trusted keyserver. The distributed web of trust, however, is susceptible to attack by malicious users, who may issue false certificates. In this work, we propose a method for generating certificate recommendations. These recommendations guide the users in creating webs of trust that are highly robust to attacks. To accomplish this we propose a heuristic method of graph augmentation for the certificate graph, and show experimentally that it is close to optimal. We also investigate the impact of user preferences and non-compliance with these recommendations, and demonstrate that our method helps identify malicious users if there are any.
This work is partially supported by the U.S. Army Research Office under grant DAAD19-02-1-0219, and by the National Science Foundation under grant CCR-0207297.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ahuja, R., Magnanti, T., Orlin, J.: Network flows: theory, algorithms, and applications. Prentice Hall, Englewood Cliffs (1993)
Aura, T.: On the structure of delegation networks. In: Proc. 11th IEEE Computer Security Foundations Workshop, Rockport, MA, June 1998, pp. 14–26. IEEE Computer Society Press, Los Alamitos (1998)
Benczúr Pushdown-reduce, A.A.: an algorithm for connectivity augmentation and poset covering problems. Discrete Applied Mathematics 129(2-3), 233–262 (2003)
Beth, T., Borcherding, M., Klein, B.: Valuation of trust in open networks. In: Gollmann, D. (ed.) ESORICS 1994. LNCS, vol. 875, pp. 3–18. Springer, Heidelberg (1994)
Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proceedings of the 1996 IEEE Symposium on Security and Privacy, May 6-8, pp. 164–173. Oakland, CA,USA (1996)
Capkun, S., Buttyán, L., Hubaux, J.-P.: Small worlds in security systems: an analysis of the pgp certificate graph. In: Proceedings of the 2002 workshop on New security paradigms, pp. 28–35. ACM Press, New York (2002)
Darnell, D.: Pgp or pki? the future of internet security. EDI Forum: The Journal of Electronic Commerce 12(1), 59–62 (1999)
Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., Ylonen, T.: RFC 2693: SPKI certificate theory (September 1999)
Frank, A.: Connectivity augmentation problems in network design. Mathematical Programming: State of the Art 1994, 34–63 (1994)
Frank, A., Jordan, T.: Minimal edge-coverings of pairs of sets. Journal of Combinatorial Theory, Series B 65(1), 73–110 (1995)
Frank, A., Jordan, T.: Directed vertex-connectivity augmentation. Mathematical Programming 84(3), 537–553 (1999)
Harary, F.: Graph Theory. Addison-Wesley, Reading (1969)
Jiang, Q., Reeves, D.S., Ning, P.: Certificate recommendations to improve robustness of webs of trust. Technical Report TR-2004-04, Department of Computer Science, N.C. State University (January 2004)
Jiang, Q., Reeves, D.S., Ning, P.: Improving robustness of PGP by conflict detection. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 194–207. Springer, Heidelberg (2004)
Kleinberg, J.: The small-world phenomenon: an algorithm perspective. In: Proceedings of the thirty-second annual ACM symposium on Theory of computing, pp. 163–170. ACM Press, New York (2000)
Levien, R., Aiken, A.: Attack-resistant trust metrics for public key certification. In: Proceedings of the Seventh USENIX Security Symposium (1998)
Maurer, U.: Modelling a public-key infrastructure. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 324–350. Springer, Heidelberg (1996)
Mendes, S., Huitema, C.: A new approach to the X.509 framework: Allowing a global authentication infrastructure without a global trust model. In: Proceedings of the Symposium on Network and Distributed System Security, San Diego, CA, USA, February 1995, pp. 172–189 (1995)
Grotschel, M., Lovasz, L., Schrijver, A.: The ellipsoid method and its consequences in combinatorial optimization. Combinatorica 1, 169–197 (1981)
Nagamochi, H., Ibaraki, T.: Graph connectivity and its augmentation: applications of ma orderings. Discrete Appl. Math. 123(1-3), 447–472 (2002)
Reiter, M., Stubblebine, S.: Toward acceptable metrics of authentication. In: IEEE Symposium on Security and Privacy, pp. 10–20 (1997)
Reiter, M., Stubblebine, S.: Resilient authentication using path independence. IEEE Transactions on Computers 47(12) (December 1998)
Drew Streib, M.: Keyanalyze - analysis of a large OpenPGP ring., http://www.dtype.org/keyanalyze/
Tarah, A., Huitema, C.: Associating metrics to certification paths. In: Deswarte, Y., Quisquater, J.-J., Eizenberg, G. (eds.) ESORICS 1992. LNCS, vol. 648, pp. 175–189. Springer, Heidelberg (1992)
Int’l Telecommunications Union/ITU Telegraph & Tel. ITU-T recommendation X.509: The directory: Public-key and attribute certificate frameworks (March 2000)
Watts, D., Strogatz, S.: Collective dynamics of small-world networks. Nature 393, 440 (1998)
Zimmermann, P.: The official PGP user’s guide. MIT Press, Cambridge (1995)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jiang, Q., Reeves, D.S., Ning, P. (2004). Certificate Recommendations to Improve the Robustness of Web of Trust. In: Zhang, K., Zheng, Y. (eds) Information Security. ISC 2004. Lecture Notes in Computer Science, vol 3225. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30144-8_25
Download citation
DOI: https://doi.org/10.1007/978-3-540-30144-8_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23208-7
Online ISBN: 978-3-540-30144-8
eBook Packages: Springer Book Archive