Skip to main content
SpringerLink
Log in

Reasoning about Public-Key Certification: On Bindings between Entities and Public Keys

  • Conference paper
  • First Online:
Financial Cryptography (FC 1999)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1648))

Included in the following conference series:

Abstract

Public-key certification is of crucial importance for advanc- ing the global information infrastructure, yet it suffers from certain am- biguities and lack of understanding and precision. This paper suggests a few steps towards basing public-key certification and public-key in- frastructures on firmer theoretical grounds. In particular, we investigate the notion of binding a public to an entity.

We propose a calculus for deriving conclusions from a given entity Alice’s (for instance a judge’s) view consisting of evidence and inference rules valid in Alice’s world. The evidence consists of statements made by public keys (e.g., certificates, authorizations, or recommendations), statements made physically towards Alice by other entities, and trust assumptions. Conclusions are about who says a statement, who owns or is committed to a public key, and who transfers a right or authorization to another entity, and are derived by applying the inference rules.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. W. Stallings Protect your privacy. Prentice Hall, 1996.

    Google Scholar 

  2. I. Lehti and P. Nikander Certifying trust. In H. Imai and Y. Theng, editors, Proceedings of the first international workshop on Practice and Theory in Public Key Cryptography, PKC’98, pages 83–98, 1998.

    Google Scholar 

  3. P.R. Zimmermann The Official PGP User’s Guide. MIT Press, Cambridge, MA, USA, 1995.

    Google Scholar 

  4. M. Myers Revocation: Options and challenges. In R. Hirschfeld, editor, Financial Cryptography, volume 1465 of Lecture Notes in Computer Science, pages 165–172. Springer Verlag, Berlin, 1998.

    Chapter  Google Scholar 

  5. S. Micali Efficient certificate revocation. Technical report, Technical Memo MIT/LCS/TM-542b, 1996.

    Google Scholar 

  6. M. Abadi On SDSI’s linked local name spaces. In Proceedings of the 10th IEEE Computer Security FoundationsWorkshop, pages 98–108. IEEE Computer Society, 1997.

    Google Scholar 

  7. U. Maurer Modelling a public-key infrastructure. In E. Bertino, H. Kurth, G. Martella, and E. Montolivo, editors, Proceedings 1996 European Symposium on Research in Computer Security (ESORICS’ 96), Lecture Notes in Computer Science, Springer, LNCS, pages 325–350, 1996.

    Google Scholar 

  8. C.E. et al SPKI http://www.clark.net/pub/cme/html/spki.html. Internet Draft, 1998. Expires: 16 September 1998.

  9. P. Kocher On certificate revocation and validation. In R. Hirschfeld, editor, Financial Cryptography, volume 1465 of Lecture Notes in Computer Science, pages 172–177. Springer Verlag, Berlin, 1998.

    Chapter  Google Scholar 

  10. C. Boyd Security architectures using formal methods. IEEE Journal on Selected Areas in Communications, 11(5):694–701, 1993.

    Article  Google Scholar 

  11. R. Rivest Can we eliminate certificate revocation lists? In R. Hirschfeld, editor, Proceedings of Financial Cryptography 1998, pages 178–183, 1998.

    Google Scholar 

  12. M. Burrows, M. Abadi, and R. Needham A logic of authentication. ACM Transactions on Computer Systems, 8(1):18–36, 1990.

    Article  Google Scholar 

  13. M. Naor and K. Nissim Certificate revocation and certificate update. Proceedings of Usenix’ 98, pages 217–228, January 1998.

    Google Scholar 

  14. M. Blaze, J. Feigenbaum, and J. Lacy Decentralized trust management. In Proceedings of the Symposium on Security and Privacy, pages 164–173. IEEE Computer Society Press, 1996.

    Google Scholar 

  15. C. Ellison Establishing identity without certification authorities. In USENIX Association, editor, 6th USENIX Security Symposium, July 22-25, 1996. San Jose, CA, pages 67–76. USENIX, July 1996.

    Google Scholar 

  16. B. Fox and B. LaMaccia Certificate revocation: Mechanisms and meaning. In R. Hirschfeld, editor, Financial Cryptography, volume 1465 of Lecture Notes in Computer Science, pages 158–164. Springer Verlag, Berlin, 1998.

    Chapter  Google Scholar 

  17. T. Beth, M. Borcherding, and B. Klein Valuation of trust in open systems. In D. Gollmann, editor, Computer Security-Esorics’ 94, volume 875 of Lecture Notes in Computer Science, pages 3–18. Springer Verlag, Berlin, 1994.

    Google Scholar 

  18. J. Glasgow, G. MacEwen, and P. Panagaden A logic for reasoning about security. ACM transactions on Computer Systems, 10(3):226–264, 1992.

    Article  Google Scholar 

  19. D. Chadwick and A. Young Merging and extending the PGP and PEM trust models. IEEE Network Magazine, May 1997.

    Google Scholar 

  20. U. Maurer and P. Schmid A calculus for secure channel establishment in open networks. In D. Gollmann, editor, Proc. 1994 European Symposium on Research in Computer Security (ESORICS ‘94), volume 875, pages 175–192. Lecture Notes in Computer Science, 1994.

    Google Scholar 

  21. T.M.C.Group MCG-internet open group on certification and security, http://mcg.org.br/, 1998.

  22. M. Reiter and S. Stubblebine Path independence for authentication in large-scale systems. Proceedings of the 4th ACM Conference on Computer and Communications Security, pages 57–66, 1997.

    Google Scholar 

  23. M. Abadi, M. Burrows, B. Lampson, and G. Plotkin A calculus for access control in distributed systems. ACM Transactions on Programming Languages and Systems, 15(4):706–734, September 1993.

    Article  Google Scholar 

  24. B. Lampson, M. Abadi, M. Burrows, and E. Wobber Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems, 10(4):265–310, November 1992.

    Article  Google Scholar 

  25. P. Syverson and C. Meadows A logical language for specifying cryptographic protocols requirements. In IEEE Conferences on Research in Security and Privacy, pages 165–180, 1993.

    Google Scholar 

  26. E. Campbell, R. Safavi-Naini, and P. Pleasants Partial belief and probabilistic reasoning in the analysis of secure protocols. In The computer Security Foundations Workshop V, pages 84–91, 1992.

    Google Scholar 

  27. S. Stubblebine and R. Wright An authentication logic supporting synchronization, revocation, and recency. In SIGSAC: 3rd ACM Conference on Computer and Communications Security. ACM SIGSAC, 1996.

    Google Scholar 

  28. S. Consortium Basic services, architecture and design, available at http://www.semper.org/info/index.html. Technical report, SEMPER, 1996.

  29. R. Rivest and B. Lampson SDSI-A simple distributed security infrastructure, http://theory.lcs.mit.edu/~cis/sdsi.html. Presented at CRYPTO’96_Rumpsession, April 1996.

  30. R. Yaholem, B. Klein, and T. Beth Trust relationships in secure systems-a distributed authentication perspective. In Proceedings of the IEEE Conference on Research in Security and Privacy, pages 150–164, 1993.

    Google Scholar 

  31. M. Blaze, J. Feigenbaum, and M. Strauss Compliance checking in the policymaker trust management system. In R. Hirschfeld, editor, Financial Cryptography, volume 1465 of Lecture Notes in Computer Science, pages 254–274. Springer Verlag, Berlin, 1998.

    Chapter  Google Scholar 

  32. I.I.S. 9594-8 Information technology, open systems interconnection, the directory, part 8: Authentication framework, 1990.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Swiss Federal Institute of Technology (ETH), CH, 8092, Zürich, Switzerland

    Reto Kohlas & Ueli Maurer

Authors
  1. Reto Kohlas
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ueli Maurer
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Xerox PARC, 3333 Coyote Hill Road, Palo Alto, CA, 94304, USA

    Matthew Franklin

Rights and permissions

Reprints and permissions

Copyright information

© 1999 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kohlas, R., Maurer, U. (1999). Reasoning about Public-Key Certification: On Bindings between Entities and Public Keys. In: Franklin, M. (eds) Financial Cryptography. FC 1999. Lecture Notes in Computer Science, vol 1648. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48390-X_7

Download citation

  • DOI: https://doi.org/10.1007/3-540-48390-X_7

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-66362-1

  • Online ISBN: 978-3-540-48390-8

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation