Designing secure communication protocols from trust specifications
In a very large distributed system, entities may trust and mistrust others with respect to communication security in arbitrarily complex ways. We formulate the problem of designing a secure communication protocol, given a network interconnection and a ternary relation which captures trust between the entities. We didentify several important ways of synthesizing secure channels, and study the algorithmic problem of designing a secure communication protocol connecting the entities, given the connectivity of the network and the trust relationship between the nodes. We show that whether secure communication is possible can be decided easily in polynomial time. If we also require that channel synthesis proceed along unambiguous paths (in which case the protocol is defined on a spanning tree of the network), we show that the design problem is NP-complete, and we give a linear-time algorithm for an interesting special case of the problem.
Key wordsVery large distributed systems Secure communication Trust, Channel synthesis
Unable to display preview. Download preview PDF.
- [BLNS]A. D. Birrell, B. W. Lampson, R. M. Needham, and M. D. Schroeder. A global authentication service without global trust,Proc. IEEE Symposium on Security and Privacy, 1986.Google Scholar
- [GJ]M. R. Garey and D. S. Johnson.Computers and Intractability: A Guide to the Theory of NP-Completeness, Freeman, San Francisco, 1979.Google Scholar
- [PS]C. H. Papadimitriou and K. Steiglitz.Combinatorial Optimization: Algorithms and Complexity, Prentice-Hall, Englewood Cliffs, NJ, 1982.Google Scholar
- [R]V. Rangan. An axiomatic theory of trust in secure communication protocols,Journal of Computers and Security, to appear.Google Scholar