Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Security

ISC 2002: Information Security pp 136–149Cite as

A New Design of Privilege Management Infrastructure for Organizations Using Outsourced PKI

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2433))

Abstract

Authentication services provided by Public Key Infrastructures (PKI) do not satisfy the needs of many e-commerce applications. These applications require additional use of authorization services in order for users to prove what they are allowed to do. Attribute certificates have changed the way in which the authorization problem has been considered until now, and Privilege Management Infrastructures (PMI) provide the necessary support for a wide use of those certificates. Although both types of infrastructures, PKIs and PMIs, keep some kind of relation, they can operate autonomously. This fact is specially interesting for companies who have taken or will take the decision to outsource PKI services. However, outsourcing PMI services is not a good option for many companies because sometimes information contained in attribute certificates is confidential. Therefore attribute certificates must be managed very carefully and, preferably, only inside the company. In this paper we present a new design of PMI that is specially suited for those companies that outsource PKI services but still need to manage the PMI internally. The scheme provides additional advantages that satisfy the needs of intra-company attribute certification, and eliminates some of the problems associated with the revocation procedures.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. C. Adams, S. Lloyd, “Understanding Public-Key Infrastructure: Concepts, Standards and Deployment Considerations”, New Riders, 1999

    Google Scholar 

  2. D. Chadwick, “An X.509 Role-based Privilege Management Infrastructure”, Business Briefing: Global Infosecurity, 2002

    Google Scholar 

  3. D. Crocker, “Standard for the format of Arpa Internet Text Messages”, Request for Comments 822, August 1982

    Google Scholar 

  4. C. Ellison et al. “SPKI Certificate Theory”, Request for Comments 2693, IETF SPKI Working Group, September 1999

    Google Scholar 

  5. S. Farrell, R. Housley, “An Internet Attribute Certificate Profile for Authorization”, Request for Comments 3281, IETF PKIX Working Group, April 2002

    Google Scholar 

  6. D. Ferraiolo, R. Jun, “Role-based access control”, Proc. 15th NIST-NCSC National Computer Security Conference, 1992, pp. 554–563

    Google Scholar 

  7. R. Housley, “Cryptographic Message Syntax”, Request for Comments 2630, IETF PKIX Working Group, June 1999

    Google Scholar 

  8. J. Hwang, K. Wu, D. Liu, “Access Control with Role Attribute Certificates”, Computer Standards and Interfaces, vol. 22, March 2000, pp. 43–53

    Google Scholar 

  9. ITU-T Recommendation X.509, “Information Technology-Open systems interconnection-The Directory: Authentication Framework”, June 1997

    Google Scholar 

  10. ITU-T Recommendation X.509, “Information Technology-Open systems interconnection-The Directory: Public-key and attribute certificate frameworks”, March 2000

    Google Scholar 

  11. B. Kaliski “A Layman’s Guide to a Subset of ASN.1, BER, and DER”, November 1993

    Google Scholar 

  12. M. Lira, “Outsourcing your security to a Global Provider”, Business Briefing: Global Infosecurity, 2002

    Google Scholar 

  13. A. Nash, W. Duane, C. Joseph, D. Brink, “PKI: Implementing and Managing E-Security”, McGraw-Hill, 2001

    Google Scholar 

  14. R. Oppliger, G. Pernul, and Ch. Strauss. “Using Attribute Certificates to Implement Role-based Authorization and Access Control”, Proceedings of the 4. Fachtagung Sicherheit in Informationssystemen (SIS 2000), Zürich, October 2000, pp. 169–184

    Google Scholar 

  15. R.S. Sandhu, E.J. Coyne, H. Feinstein, C.E. Youman, “Role-based access control models”, IEEE Computer Vol. 29, No. 2, 1996, pp. 38–47

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Security Research Centre, Queensland University of Technology, Australia

    Ed Dawson

  2. Computer Science Department, E.T.S. Ingenieria Informatica, Universidad de Malaga, Spain

    Javier Lopez & Jose A. Montenegro

  3. Institute of Information Sciences and Electronics, University of Tsukuba, Japan

    Eiji Okamoto

Authors
  1. Ed Dawson
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Javier Lopez
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jose A. Montenegro
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Eiji Okamoto
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. College of Computer Science, Northeastern University, 02115, Boston, MA, USA

    Agnes Hui Chan

  2. Department of Electrical and Computer Engineering, University of Maryland, 20742, College Park, MD, USA

    Virgil Gligor

Rights and permissions

Reprints and permissions

Copyright information

© 2002 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Dawson, E., Lopez, J., Montenegro, J.A., Okamoto, E. (2002). A New Design of Privilege Management Infrastructure for Organizations Using Outsourced PKI. In: Chan, A.H., Gligor, V. (eds) Information Security. ISC 2002. Lecture Notes in Computer Science, vol 2433. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45811-5_10

Download citation

  • DOI: https://doi.org/10.1007/3-540-45811-5_10

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-44270-7

  • Online ISBN: 978-3-540-45811-1

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation