ABSTRACT
Public Key technology is about multiple parties across different domains making assertions that can be chained together to make trust judgments. Today, the need for more interoperable and usable trust infrastructures is urgent in order to fulfill the security needs of computer and mobile devices. Developing, deploying, and maintaining information technology that provides effective and usable solutions has yet to be achieved. In this paper, we propose a new framework for a distributed support system for trust infrastructure deployment: the Public Key System (PKS). We describe the general architecture based on Distributed Hash Tables (DHTs), how it simplifies the deployment and usability of federated identities, and how existing infrastructures can be integrated into our system. This paper lays down the basis for the deployment of collaborative Internet-scale trust infrastructures.
- Pastry.Google Scholar
- K. Aberer, P. Cudr-Mauroux, A. Datta, Z. Despotovic, M. Hauswirth, M. Punceva, and R. Schmidt. P-Grid: A Self-organizing Structured P2P System. SIGMOD Record, 32(3), September 2003. http://lsirpeople.epfl.ch/rschmidt/papers/Aberer03P-GridSelfOrganizing.pdf. Google ScholarDigital Library
- A. K. Bhushan. File transfer protocol, 1971.Google Scholar
- D. Boneh and M. Franklin. Identity Based Encryption from the Weil Pairing. SIAM Journal of Computing, 32(3):586--615, 2003. Google ScholarDigital Library
- W. E. Burr, D. F. Dodson, and W. T. Polk. Electronic authentication guideline. OnLine.Google Scholar
- J. Callas, L. Donnerhacke, H. Finney, and D. Shaw. OpenPGP Message Format. Internet Engineering Task Force: RFC-4880, November 2007.Google Scholar
- D. Clark, J. Elien, C. Ellison, M. Fredette, A. Morcos, and R. Rivest. Certificate Chain Discovery in SPKI/SDSI. Journal of Computer Security, 9(4):285--322, 2001. Google ScholarDigital Library
- D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, W. Polk. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280, May 2008.Google Scholar
- R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, and T. Berners-Lee. Hypertext transfer protocol -- http/1.1, 1999.Google Scholar
- E. Fredkin. Trie memory. Commun. ACM, 3(9):490--499, 1960. Google ScholarDigital Library
- R. Housley, W. Polk, W. Ford, and D. Solo. Certificate and Certificate Revocation List (CRL) Profile. Internet Engineering Task Force: RFC 3280, 2002.Google Scholar
- ICAM. Identity, credential, and access management. OnLine.Google Scholar
- IGTF. The International Grid Trust Federation. OnLine.Google Scholar
- InCommon. InCommon Federation Homepage. OnLine.Google Scholar
- S. Kent. Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management. Internet Engineering Task Force: RFC-1422, February 1993.Google Scholar
- R. Khare and S. Lawrence. Upgrading to tls within http/1.1, 2000.Google Scholar
- Massimiliano Pala and Sean W. Smith. PEACHES and Peers. In 5<sup>th</sup> European PKI Workshop: Theory and Practice, volume 5057, pages 223--238. Lecture Notes in Computer Science, Springer Verlag, June EuroPKI 2008. Google ScholarDigital Library
- P. Maymounkov and D. Mazières. Kademlia: A peer-to-peer information system based on the xor metric. In IPTPS '01: Revised Papers from the First International Workshop on Peer-to-Peer Systems, pages 53--65, London, UK, 2002. Springer-Verlag. Google ScholarDigital Library
- D. Meyer and K. Patel. Bgp-4 protocol analysis. Internet Engineering Task Force: RFC 4274, 2006.Google Scholar
- OpenID. Open identity homepage. OnLine.Google Scholar
- M. Pala. The PKI Resource Query Protocol (PRQP). Internet Engineering Task Force: Internet-Draft, November 2009.Google Scholar
- M. Pala and S. W. Smith. PEACHES and Peers. Proceedings of the 5th European PKI Workshop: Theory and Practice, 5057:223--238, June 2008. Google ScholarDigital Library
- S. Ratnasamy, P. Francis, M. Handley, R. Karp, and S. Schenker. A scalable content-addressable network. In SIGCOMM '01: Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications, volume 31, pages 161--172. ACM Press, October 2001. Google ScholarDigital Library
- I. Stoica, R. Morris, D. Karger, F. F. Kaashoek, and H. Balakrishnan. Chord: A scalable peer-to-peer lookup service for internet applications. SIGCOMM Comput. Commun. Rev., 31(4):149--160, October 2001. Google ScholarDigital Library
- TAGPMA. The Americas Grid Policy Management Authority. OnLine.Google Scholar
- M. Wahl, T. Howes, and S. Kille. Lightweight directory access protocol (v3), 1997.Google Scholar
- B. Y. Zhao, J. D. Kubiatowicz, and A. D. Joseph. Tapestry: An infrastructure for fault-tolerant wide-area location and routing. Technical Report UCB/CSD-01-1141, UC Berkeley, # apr # 2001. Google ScholarDigital Library
Index Terms
- A proposal for collaborative internet-scale trust infrastructures deployment: the public key system (PKS)
Recommendations
A Decentralized Certification Authority Based on Real World Trust Relationships
CSSE '08: Proceedings of the 2008 International Conference on Computer Science and Software Engineering - Volume 03The Public key infrastructure (PKI) provides security services for e-commerce, e-government and other cyber transactions. Certification authority (CA), a critical component of PKI, acts as a trust third party (TTP) among these applications. A CA is ...
BlockVoke – Fast, Blockchain-Based Certificate Revocation for PKIs and the Web of Trust
Information SecurityAbstractA reliable certificate revocation mechanism is crucial, as illustrated by the recent revocation of 1.7 million certificates issued by the Let’s Encrypt certificate authority. It is just as essential to get revocation information to users in an ...
Interoperability between the X.509 and EDIFACT Public Key Infrastructures: The DEDICA Project
DEXA '98: Proceedings of the 9th International Workshop on Database and Expert Systems ApplicationsDuring these last years, a big amount of efforts have been devoted to specify and develop public key infrastructures (PKIs). Several initiatives around the world have given as a result the emergency of the one PKI based on X.509 certificates and other ...
Comments