Abstract
Secure authentication frequently depends on the correct recognition of a user’s public key. When there is no certificate authority, this key is obtained from other users using a web of trust. If users can be malicious, trusting the key information they provide is risky. Previous work has suggested the use of redundancy to improve the trustworthiness of user-provided key information. In this paper, we address two issues not previously considered. First, we solve the problem of users who claim multiple, false identities, or who possess multiple keys. Secondly, we show that conflicting certificate information can be exploited to improve trustworthiness. Our methods are demonstrated on both real and synthetic PGP keyrings, and their performance is discussed.
This work is partially supported by the U.S. Army Research Office under grant DAAD19-02-1-0219, and by the National Science Foundation under grant CCR-0207297.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ahuja, R., Magnanti, T., Orlin, J.: Network flows: theory, algorithms, and applications. Prentice Hall, Englewood Cliffs (1993)
Beth, T., Borcherding, M., Klein, B.: Valuation of trust in open networks. In: Gollmann, D. (ed.) ESORICS 1994. LNCS, vol. 875, pp. 3–18. Springer, Heidelberg (1994)
Blaze, M., Feigenbaum, J.: Decentralized trust management. In: Proceedings of the 1996 IEEE Symposium on Security and Privacy, Oakland, CA, USA, May 6-8, pp. 164–173 (1996)
Burmester, M., Desmedt, Y., Kabatianski, G.A.: Trust and security: A new look at the byzantine generals problem. In: Proceedings of the DIMACS Workshop on Network Threats, December 1996. DIMACS, vol. 38, American Mathematical Society Publications (1996)
Douceur, J.R.: The sybil attack. In: Proceedings for the 1st International Workshop on Peer-to-Peer Systems (IPTPS 20), MIT Faculty Club, Cambridge, MA, USA (March 2002)
Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., Ylonen, T.: RFC 2693: SPKI certificate theory (September 1999)
Garey, M.R., Johnson, D.S.: Computers and Intractability: A Guide to the Theory of NP-Completeness. W H Freeman & Co., New York (1979)
Jiang, Q., Reeves, D.S., Ning, P.: Improving robustness of PGP keyrings by conflict detection. Technical Report TR-2003-19, Department of Computer Science, N.C. State University (October 2003)
Josang, A.: The consensus operator for combining beliefs. Artificial Intelligence 141(1), 157–170 (2002)
Khanna, S., Motwani, R., Sudan, M., Vazirani, U.V.: On syntactic versus computational views of approximability. In: IEEE Symposium on Foundations of Computer Science, pp. 819–830 (1994)
Maurer, U.: Modelling a public-key infrastructure. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 324–350. Springer, Heidelberg (1996)
Medina, A., Lakhina, A., Matta, I., Byers, J.: BRITE: Universal topology generation from a user’s perspective. Technical Report BU-CSTR- 2001-003, Boston University (2001)
Mendes, S., Huitema, C.: A new approach to the X.509 framework: Allowing a global authentication infrastructure without a global trust model. In: Proceedings of the Symposium on Network and Distributed System Security, San Diego, CA, USA, February 1995, pp. 172–189 (1995)
Menezes, A., Van Oorschot, P., Vanstone, S.: Handbook of applied cryptography. CRC Press, Boca Raton (1997)
Reiter, M., Stubblebine, S.: Toward acceptable metrics of authentication. In: IEEE Symposium on Security and Privacy, pp. 10–20 (1997)
Reiter, M., Stubblebine, S.: Resilient authentication using path independence. IEEE Transactions on Computers 47(12) (December 1998)
Drew Streib, M.: Keyanalyze - analysis of a large OpenPGP ring, http://www.dtype.org/keyanalyze/
Tarah, A., Huitema, C.: Associating metrics to certification paths. In: Deswarte, Y., Quisquater, J.-J., Eizenberg, G. (eds.) ESORICS 1992. LNCS, vol. 648, pp. 175–189. Springer, Heidelberg (1992)
Int’l Telecommunications Union/ITU Telegraph & Tel. ITU-T recommendation X.509: The directory: Public-key and attribute certificate frameworks (March 2000)
Zimmermann, P.: The official PGP user’s guide. MIT Press, Cambridge (1995)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jiang, Q., Reeves, D.S., Ning, P. (2004). Improving Robustness of PGP Keyrings by Conflict Detection. In: Okamoto, T. (eds) Topics in Cryptology – CT-RSA 2004. CT-RSA 2004. Lecture Notes in Computer Science, vol 2964. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24660-2_16
Download citation
DOI: https://doi.org/10.1007/978-3-540-24660-2_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20996-6
Online ISBN: 978-3-540-24660-2
eBook Packages: Springer Book Archive