Article

How to incorporate revocation status information into the trust metrics for public-key certification

Authors:

Kemal Bicakci,

Bruno Crispo,

Andrew S. TanenbaumAuthors Info & Claims

SAC '05: Proceedings of the 2005 ACM symposium on Applied computing

Pages 1594 - 1598

https://doi.org/10.1145/1066677.1067037

Published: 13 March 2005 Publication History

Get Access

Abstract

In a traditional PKI, the trust associated with a public key is expressed in binary either by 0 or 1. Alternatively, several authors have proposed trust metrics to evaluate the confidence afforded by a public key. However their work has a static point of view and does not take into account the issue of public key revocation. In this paper, we make the first attempt to incorporate the revocation status information into the trust metrics for public key certification. To achieve our goal, we use a tailored form of a vector of trust model recently proposed. This would allow us to reason formally about when there is a need to check revocation status and how reliable the revocation mechanism should be in a given security application.

References

[1]

S. Berkovits, S. Chokhani, J. Furlong, J. Geiter, and J. Guild. Public key infrastructure study: Final report. Produced by the MITRE Corporation for NIST, 1994.]]

Google Scholar

[2]

T. Beth, M. Bocherding, and B. Klein. Valuation of trust in open networks. In Proc. of ESORICS'94, LNCS 875. Springer-Verlag, 1994.]]

Digital Library

Google Scholar

[3]

M. Burmester and Y. Desmedt. Is hierarchical public-key certification the next target for hackers? Commun. ACM, 47(8), August 2004.]]

Digital Library

Google Scholar

[4]

B. Crispo and M. Lomas. A certification scheme for electronic commerce. In Proc. 1996 Security Protocols Workshop, LNCS 1189. Springer-Verlag, April 1996.]]

Digital Library

Google Scholar

[5]

P. Kocher. A quick introduction to certificate revocation trees (crts). http://www.valicert.com/company/crt.html.]]

Google Scholar

[6]

R. Kohlas and U. Maurer. Confidence valuation in a public-key infrastructure based on uncertain evidence. In Proc. of PKC'00, LNCS 1751. Springer-Verlag, 2000.]]

Digital Library

Google Scholar

[7]

A. Levi and C. K. Koc. Risks in email security. Commun. ACM, 44(8), August 2001.]]

Digital Library

Google Scholar

[8]

U. Maurer. Modelling a public-key infrastructure. In Proc. of ESORICS'96, LNCS 1146. Springer-Verlag, September 1996.]]

Digital Library

Google Scholar

[9]

M. Myers, R. Ankney, A. Malpani, S. Galperin, and C. Adams. X.509 internet public key infrastructure - online certificate status protocol - ocsp. IETF, RFC 2560, June 1999.]]

Digital Library

Google Scholar

[10]

A. A. Rahman. Survey of trust models for computer networks. http://www.cs.ucl.ac.uk/staff/F.AbdulRahman/thesis/csreview.pdf.]]

Google Scholar

[11]

I. Ray and S. Chakraborty. A vector model of trust for developing trustworthy systems. In Proc. of ESORICS'04, LNCS 3193. Springer-Verlag, September 2004.]]

Crossref

Google Scholar

[12]

M. Reiter and S. Stubblebine. Authentication metric analysis and design. ACM Transactions on Information and System Security, 2(2), May 1999.]]

Digital Library

Google Scholar

[13]

P. Zimmermann. PGP User's Guide, vol. I and II, version 2.6. 1994.]]

Google Scholar

Cited By

View all

Braun JKiefer FHülsing A(2014)Revocation and Non-repudiation: When the First Destroys the LatterPublic Key Infrastructures, Services and Applications10.1007/978-3-642-53997-8_3(31-46)Online publication date: 2014
https://doi.org/10.1007/978-3-642-53997-8_3
Ben M'Barka MStern J(2011)Certification validationProceedings of the 8th European conference on Public Key Infrastructures, Services, and Applications10.1007/978-3-642-29804-2_11(159-175)Online publication date: 15-Sep-2011
https://dl.acm.org/doi/10.1007/978-3-642-29804-2_11
Ben MBarka MKrief FLy O(2011)Modeling long-term signature validation for resolution of disputeProceedings of the 2011 international conference on Theory of Security and Applications10.1007/978-3-642-27375-9_5(78-97)Online publication date: 31-Mar-2011
https://dl.acm.org/doi/10.1007/978-3-642-27375-9_5
Show More Cited By

Index Terms

How to incorporate revocation status information into the trust metrics for public-key certification
1. Hardware
  1. Communication hardware, interfaces and storage
2. Networks

Recommendations

Efficient revocable certificateless public key encryption with a delegated revocation authority

Quite recently, Shen et al. proposed a revocable certificateless public key encryption RCL-PKE scheme in the standard model, in which the key generation center KGC can efficiently revoke misbehaving or compromised users. However, their scheme was shown ...
Proxy Signature with Revocation
Proceedings, Part II, of the 21st Australasian Conference on Information Security and Privacy - Volume 9723

Proxy signature is a useful cryptographic primitive that allows signing right delegation. In a proxy signature scheme, an original signer can delegate his/her signing right to a proxy signer or a group of proxy signers who can then sign documents on ...
Efficient revocation and threshold pairing based cryptosystems
PODC '03: Proceedings of the twenty-second annual symposium on Principles of distributed computing

Boneh, Ding, Tsudik and Wong recently proposed a way for obtaining fast revocation of RSA keys. Their method consists in using security mediators that keep a piece of each user's private key in such a way that every decrytion or signature operation ...

Comments

Information & Contributors

Information

Published In

SAC '05: Proceedings of the 2005 ACM symposium on Applied computing

March 2005

1814 pages

ISBN:1581139640

DOI:10.1145/1066677

Conference Chair:
Hisham M. Haddad
Kennesaw State University
,
Editor:
Lorie M. Liebrock
New Mexico Institute of Mining and Technology, Socorro, NM
,
Program Chairs:
Andrea Omicini
Alma Mater Studiorum, Universita di Bologna, Italy
,
Roger L. Wainwright
Univerity of Tulsa, OK

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 March 2005

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

SAC05

Sponsor:

SIGAPP

SAC05: The 2005 ACM Symposium on Applied Computing

March 13 - 17, 2005

New Mexico, Santa Fe

Acceptance Rates

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
436
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)0

Reflects downloads up to 04 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Braun JKiefer FHülsing A(2014)Revocation and Non-repudiation: When the First Destroys the LatterPublic Key Infrastructures, Services and Applications10.1007/978-3-642-53997-8_3(31-46)Online publication date: 2014
https://doi.org/10.1007/978-3-642-53997-8_3
Ben M'Barka MStern J(2011)Certification validationProceedings of the 8th European conference on Public Key Infrastructures, Services, and Applications10.1007/978-3-642-29804-2_11(159-175)Online publication date: 15-Sep-2011
https://dl.acm.org/doi/10.1007/978-3-642-29804-2_11
Ben MBarka MKrief FLy O(2011)Modeling long-term signature validation for resolution of disputeProceedings of the 2011 international conference on Theory of Security and Applications10.1007/978-3-642-27375-9_5(78-97)Online publication date: 31-Mar-2011
https://dl.acm.org/doi/10.1007/978-3-642-27375-9_5
Sankaranarayanan VChandrasekaran MUpadhyaya S(2007)Towards modeling trust based decisionsProceedings of the 12th European conference on Research in Computer Security10.5555/2393847.2393891(485-500)Online publication date: 24-Sep-2007
https://dl.acm.org/doi/10.5555/2393847.2393891
Fatemeh Azimzadeh Khatun SAli BKargar M(2007)Incorporating revocation of certification into a PKI model2007 IEEE International Conference on Telecommunications and Malaysia International Conference on Communications10.1109/ICTMICC.2007.4448592(770-775)Online publication date: May-2007
https://doi.org/10.1109/ICTMICC.2007.4448592
Reidt SWolthusen S(2007)Efficient Distribution of Trust Authority Functions in Tactical Networks2007 IEEE SMC Information Assurance and Security Workshop10.1109/IAW.2007.381918(84-91)Online publication date: Jun-2007
https://doi.org/10.1109/IAW.2007.381918
Uzunay YIncebacak DBicakci KBlyth ASutherland I(2007)Towards Trustable Digital Evidence with PKIDEV: PKI Based Digital Evidence Verification ModelEC2ND 200610.1007/978-1-84628-750-3_11(105-114)Online publication date: 2007
https://doi.org/10.1007/978-1-84628-750-3_11
Kohlas RJonczy JHaenni RSprague GSchell BFong W(2006)Towards a precise semantics for authenticity and trustProceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services10.1145/1501434.1501457(1-9)Online publication date: 30-Oct-2006
https://dl.acm.org/doi/10.1145/1501434.1501457
Sankaranarayanan VUpadhyaya S(2006)A trust assignment model based on alternate actions payoffProceedings of the 4th international conference on Trust Management10.1007/11755593_25(339-353)Online publication date: 16-May-2006
https://dl.acm.org/doi/10.1007/11755593_25

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Efficient revocable certificateless public key encryption with a delegated revocation authority

Proxy Signature with Revocation

Efficient revocation and threshold pairing based cryptosystems