Abstract
Public-key certification is of crucial importance for advanc- ing the global information infrastructure, yet it suffers from certain am- biguities and lack of understanding and precision. This paper suggests a few steps towards basing public-key certification and public-key in- frastructures on firmer theoretical grounds. In particular, we investigate the notion of binding a public to an entity.
We propose a calculus for deriving conclusions from a given entity Alice’s (for instance a judge’s) view consisting of evidence and inference rules valid in Alice’s world. The evidence consists of statements made by public keys (e.g., certificates, authorizations, or recommendations), statements made physically towards Alice by other entities, and trust assumptions. Conclusions are about who says a statement, who owns or is committed to a public key, and who transfers a right or authorization to another entity, and are derived by applying the inference rules.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
W. Stallings Protect your privacy. Prentice Hall, 1996.
I. Lehti and P. Nikander Certifying trust. In H. Imai and Y. Theng, editors, Proceedings of the first international workshop on Practice and Theory in Public Key Cryptography, PKC’98, pages 83–98, 1998.
P.R. Zimmermann The Official PGP User’s Guide. MIT Press, Cambridge, MA, USA, 1995.
M. Myers Revocation: Options and challenges. In R. Hirschfeld, editor, Financial Cryptography, volume 1465 of Lecture Notes in Computer Science, pages 165–172. Springer Verlag, Berlin, 1998.
S. Micali Efficient certificate revocation. Technical report, Technical Memo MIT/LCS/TM-542b, 1996.
M. Abadi On SDSI’s linked local name spaces. In Proceedings of the 10th IEEE Computer Security FoundationsWorkshop, pages 98–108. IEEE Computer Society, 1997.
U. Maurer Modelling a public-key infrastructure. In E. Bertino, H. Kurth, G. Martella, and E. Montolivo, editors, Proceedings 1996 European Symposium on Research in Computer Security (ESORICS’ 96), Lecture Notes in Computer Science, Springer, LNCS, pages 325–350, 1996.
C.E. et al SPKI http://www.clark.net/pub/cme/html/spki.html. Internet Draft, 1998. Expires: 16 September 1998.
P. Kocher On certificate revocation and validation. In R. Hirschfeld, editor, Financial Cryptography, volume 1465 of Lecture Notes in Computer Science, pages 172–177. Springer Verlag, Berlin, 1998.
C. Boyd Security architectures using formal methods. IEEE Journal on Selected Areas in Communications, 11(5):694–701, 1993.
R. Rivest Can we eliminate certificate revocation lists? In R. Hirschfeld, editor, Proceedings of Financial Cryptography 1998, pages 178–183, 1998.
M. Burrows, M. Abadi, and R. Needham A logic of authentication. ACM Transactions on Computer Systems, 8(1):18–36, 1990.
M. Naor and K. Nissim Certificate revocation and certificate update. Proceedings of Usenix’ 98, pages 217–228, January 1998.
M. Blaze, J. Feigenbaum, and J. Lacy Decentralized trust management. In Proceedings of the Symposium on Security and Privacy, pages 164–173. IEEE Computer Society Press, 1996.
C. Ellison Establishing identity without certification authorities. In USENIX Association, editor, 6th USENIX Security Symposium, July 22-25, 1996. San Jose, CA, pages 67–76. USENIX, July 1996.
B. Fox and B. LaMaccia Certificate revocation: Mechanisms and meaning. In R. Hirschfeld, editor, Financial Cryptography, volume 1465 of Lecture Notes in Computer Science, pages 158–164. Springer Verlag, Berlin, 1998.
T. Beth, M. Borcherding, and B. Klein Valuation of trust in open systems. In D. Gollmann, editor, Computer Security-Esorics’ 94, volume 875 of Lecture Notes in Computer Science, pages 3–18. Springer Verlag, Berlin, 1994.
J. Glasgow, G. MacEwen, and P. Panagaden A logic for reasoning about security. ACM transactions on Computer Systems, 10(3):226–264, 1992.
D. Chadwick and A. Young Merging and extending the PGP and PEM trust models. IEEE Network Magazine, May 1997.
U. Maurer and P. Schmid A calculus for secure channel establishment in open networks. In D. Gollmann, editor, Proc. 1994 European Symposium on Research in Computer Security (ESORICS ‘94), volume 875, pages 175–192. Lecture Notes in Computer Science, 1994.
T.M.C.Group MCG-internet open group on certification and security, http://mcg.org.br/, 1998.
M. Reiter and S. Stubblebine Path independence for authentication in large-scale systems. Proceedings of the 4th ACM Conference on Computer and Communications Security, pages 57–66, 1997.
M. Abadi, M. Burrows, B. Lampson, and G. Plotkin A calculus for access control in distributed systems. ACM Transactions on Programming Languages and Systems, 15(4):706–734, September 1993.
B. Lampson, M. Abadi, M. Burrows, and E. Wobber Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems, 10(4):265–310, November 1992.
P. Syverson and C. Meadows A logical language for specifying cryptographic protocols requirements. In IEEE Conferences on Research in Security and Privacy, pages 165–180, 1993.
E. Campbell, R. Safavi-Naini, and P. Pleasants Partial belief and probabilistic reasoning in the analysis of secure protocols. In The computer Security Foundations Workshop V, pages 84–91, 1992.
S. Stubblebine and R. Wright An authentication logic supporting synchronization, revocation, and recency. In SIGSAC: 3rd ACM Conference on Computer and Communications Security. ACM SIGSAC, 1996.
S. Consortium Basic services, architecture and design, available at http://www.semper.org/info/index.html. Technical report, SEMPER, 1996.
R. Rivest and B. Lampson SDSI-A simple distributed security infrastructure, http://theory.lcs.mit.edu/~cis/sdsi.html. Presented at CRYPTO’96_Rumpsession, April 1996.
R. Yaholem, B. Klein, and T. Beth Trust relationships in secure systems-a distributed authentication perspective. In Proceedings of the IEEE Conference on Research in Security and Privacy, pages 150–164, 1993.
M. Blaze, J. Feigenbaum, and M. Strauss Compliance checking in the policymaker trust management system. In R. Hirschfeld, editor, Financial Cryptography, volume 1465 of Lecture Notes in Computer Science, pages 254–274. Springer Verlag, Berlin, 1998.
I.I.S. 9594-8 Information technology, open systems interconnection, the directory, part 8: Authentication framework, 1990.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kohlas, R., Maurer, U. (1999). Reasoning about Public-Key Certification: On Bindings between Entities and Public Keys. In: Franklin, M. (eds) Financial Cryptography. FC 1999. Lecture Notes in Computer Science, vol 1648. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48390-X_7
Download citation
DOI: https://doi.org/10.1007/3-540-48390-X_7
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66362-1
Online ISBN: 978-3-540-48390-8
eBook Packages: Springer Book Archive