Abstract
SPKI/SDSI is a distributed Public Key Infrastructure (PKI) framework that allows for issuing authorisation certificates granting permissions to access selected parts of privileged data not only to single principals, but also to user-defined groups. The fact that the protocol is decentralised and there is no designated entity that verifies the identity of the users of the system makes the trustfulness vary significantly from one user to another. In order to tackle this problem in decentralised PKI systems many trust metrics were created for computing how much one user can trust another even if they have never interacted with each other before, e.g. the Web of Trust in PGP. We show how to apply two of these metrics in the SPKI/SDSI setting. Specifically, a metric that interprets these values as a probability of non-failure and a metric interpreting them as flows. The fact that SPKI/SDSI is essentially as powerful as pushdown systems makes computation of these trust metrics a lot harder in our setting than when the system can be represented as a finite graph. Actually, both of these problems are shown to be #P-complete, but at the same time we show a randomised approximation algorithm for the trust metric based on the probabilistic interpretation. Finally, to test how fast these values can be computed in practise, we implemented them in a tool called Spookey. Spookey allows for representing an arbitrary system of SPKI/SDSI certificates labelled with trust values. We present the performance results obtained by using our tool.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Ball, M.O.: Computational Complexity of Network Reliability Analysis: An Overview. IEEE Transactions on Reliability 35(3), 230–239 (1986)
Barabási, A.: Emergence of Scaling in Random Networks. Science 286(5439), 509–512 (1999)
Beth, T., Borcherding, M., Klein, B.: Valuation of Trust in Open Networks. In: Gollmann, D. (ed.) ESORICS 1994. LNCS, vol. 875, pp. 3–18. Springer, Heidelberg (1994)
Bouajjani, A., Esparza, J., Schwoon, S., Suwimonteerabuth, D.: SDSIrep: A Reputation System Based on SDSI. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 501–516. Springer, Heidelberg (2008)
CAcert certification Authority, http://www.cacert.org/
Clarke, D., Elien, J.-E., Ellison, C., Fredette, M., Morcos, A., Rivest, R.L.: Certificate chain discovery in SPKI/SDSI. Journal of Computer Security 9(4), 285–322 (2002)
Dinur, I., Safra, S.: On the Hardness of Approximating Minimum Vertex Cover. Annals of Mathematics 162, 439–485 (2005)
Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., Ylonen, T.: RFC 2693: SPKI Certificate theory (1999)
Ford Jr., L.R., Fulkerson, D.R.: Maximial flow through a newtork. Can. J. Math. 8, 399–404 (1956)
Grandison, T., Sloman, M.: A survey of trust in internet applications. IEEE Communications Surveys Tutorials 3(4), 2–16 (2000)
Hoeffding, W.: Probability Inequalities for Sums of Bounded Random Variables. Journal of the American Statistical Association 58(301), 13 (1963)
Jha, S., Reps, T.: Model checking SPKI / SDSI. Journal of Computer Security 12, 317–353 (2004)
Josang, A., Ismail, R., Boyd, C.: A survey of trust and reputation systems for online service provision. Decision Support Systems 43(2), 618–644 (2007)
Josang, A.: An algebra for assessing trust in certification chains. In: Proc. of the Network and Distributed Systems Security Symposium (1999)
Levien, R., Aiken, A.: Attack-Resistant Trust Metrics for Public Key Certification. In: Proceedings of the 7th USENIX Security, pp. 229–242 (1998)
Maurer, U.: Modelling a Public-Key Infrastructure. In: Martella, G., Kurth, H., Montolivo, E., Hwang, J. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 325–350. Springer, Heidelberg (1996)
Scott Provan, J., Ball, M.O.: The Complexity of Counting Cuts and of Computing the Probability that a Graph is Connected. SIAM Journal on Computing 12(4), 777 (1983)
Raz, R., Safra, S.: A Sub-Constant Error-Probability Low-Degree Test, and a Sub-Constant Error-Probability PCP Characterization of NP (1997)
Reiter, M.K., Stubblebine, S.G.: Authentication metric analysis and design. ACM Transactions on Information and System Security 2(2), 138–158 (1999)
Rubinstein, R.Y., Kroese, D.P.: Simulation and the Monte Carlo Method, 2nd edn. Wiley Series in Probability and Statistics, vol. 707. John Wiley & Sons, Chichester (2007)
Sabater, J., Sierra, C.: Review on Computational Trust and Reputation Models. Artificial Intelligence Review 24(1), 33–60 (2005)
Valiant, L.G.: The Complexity of Enumeration and Reliability Problems. SIAM Journal on Computing 8(3), 410 (1979)
Walukiewicz, I.: Pushdown Processes: Games and Model-Checking. Information and Computation 164(2), 234–263 (2001)
Zimmermann, P.R.: The Official PGP User’s Guide. MIT Press, Cambridge (1995)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wojtczak, D. (2011). Trust Metrics for the SPKI/SDSI Authorisation Framework. In: Bultan, T., Hsiung, PA. (eds) Automated Technology for Verification and Analysis. ATVA 2011. Lecture Notes in Computer Science, vol 6996. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24372-1_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-24372-1_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-24371-4
Online ISBN: 978-3-642-24372-1
eBook Packages: Computer ScienceComputer Science (R0)