Abstract
Trust Management is an approach to construct and interpret the trust relationships among public-keys that are used to mediate security-critical actions. Cryptographic credentials are used to specify delegation of authorisation among public keys. Existing trust management schemes are operational in nature, defining security in terms of specific controls such as delegation chains, threshold schemes, and so forth. However, they tend not to consider whether a particular authorisation policy is well designed in the sense that a principle cannot somehow bypass the intent of a complex series of authorisation delegations via some unexpected circuitous route.
In this paper we consider the problem of authorisation subterfuge, whereby, in a poorly designed system, delegation chains that are used by principals to prove authorisation may not actually reflect the original intention of all of the participants in the chain. A logic is proposed that provides a systematic way of determining whether a particular delegation scheme using particular authorisation is sufficiently robust to be able to withstand attempts at subterfuge. This logic provides a new characterisation of certificate reduction that, we argue, is more appropriate to open systems.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.D.: The keynote trustmanagement system, version 2, IETF RFC 2704 (September 1999)
Blaze, M., Ioannidis, J., Ioannidis, S., Keromytis, A., Nikander, P., Prevelakis, V.: Tapi: Transactions for accessing public infrastructure. In: Conti, M., Giordano, S., Gregori, E., Olariu, S. (eds.) PWC 2003. LNCS, vol. 2775, pp. 90–100. Springer, Heidelberg (2003)
Blaze, M., Ioannidis, J., Keromytis, A.D.: Offline micro-payments without trusted hardware. In: Financial Cryptography, Grand Cayman (February 2001)
Clark, J.A., Jacob, J.L.: A survey of authentication protocol literature, version 1.0. (1997), http://www.cs.york.ac.uk/jac/
Clarke, D., Elien, J.-E., Ellison, C., Fredette, M., Morcos, A., Rivest, R.L.: Certificate chain discovery in spki/sdsi. Journal of Computer Security 9(4), 285–322 (2001)
DeTreville, J.: Binder, a logic-based security language. In: Proceedings of the 2002 IEEE Symposium on Research in Security and Privacy, pp. 105–113. IEEE Computer Society Press, Los Alamitos (2002)
Ellison, C.: The nature of a usable PKI. Computer Networks 31, 823–830 (1999)
Ellison, C., Dohrmann, S.: Public-key support for group collaboration. ACM Transactions on Information and System Security (TISSEC) 6(4), 547–565 (2003)
Ellison, C., Frantz, B., Lampson, B., Rivest, R.L., Thomas, B., Ylonen, T.: Spki certificate theory, IETF RFC 2693 (September 1999)
Ellison, C.M., Frantz, B., Lampson, B., Rivest, R., Thomas, B.M., Ylonen, T.: Spki examples (September 1998)
Foley, S.: A non-functional approach to system integrity. IEEE Journal on Selected Areas in Communications 21(1) (2003)
Foley, S.: Using trust management to support transferable hash-based micropayments. In: Proceedings of the 7th International Financial Cryptography Conference, Gosier, Guadeloupe, FWI (January 2003)
Foley, S.: Believing in the integrity of a system. In: IJCAR Workshop on Automated Reasoning for Security Protocol Analysis. Electronic Notes in Computer Science. Springer, Heidelberg (2004)
Foley, S.N., Zhou, H.: Authorisation subterfuge by delegation in decentralized networks. In: International Security Protocols Workshop, Cambridge, UK (April 2005)
Housley, R., Polk, W., Ford, W., Solo, D.: Internet x.509 public key infrastructure certificate and certificate revocation list (crl) profile (April 2002)
Li, N., et al.: Beyond proof-of-compliance: Safety and availability analysis in trust management. In: Proceedings of 2003 IEEE Symposium on Security and Privacy. IEEE, Los Alamitos (2003)
Lowe, G.: A hierarchy of authentication specifications. In: PCSFW: Proceedings of The 10th Computer Security Foundations Workshop. IEEE Computer Society Press, Los Alamitos (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhou, H., Foley, S.N. (2006). A Logic for Analysing Subterfuge in Delegation Chains. In: Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., Schneider, S. (eds) Formal Aspects in Security and Trust. FAST 2005. Lecture Notes in Computer Science, vol 3866. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11679219_10
Download citation
DOI: https://doi.org/10.1007/11679219_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-32628-1
Online ISBN: 978-3-540-32629-8
eBook Packages: Computer ScienceComputer Science (R0)