research-article

A proposal for collaborative internet-scale trust infrastructures deployment: the public key system (PKS)

Author:
Massimiliano Pala

Dartmouth College, Hanover, NH

Dartmouth College, Hanover, NH
View Profile

IDTRUST '10: Proceedings of the 9th Symposium on Identity and Trust on the InternetApril 2010Pages 108–116https://doi.org/10.1145/1750389.1750404

Published:13 April 2010Publication History

IDTRUST '10: Proceedings of the 9th Symposium on Identity and Trust on the Internet

Pages 108–116

ABSTRACT

Public Key technology is about multiple parties across different domains making assertions that can be chained together to make trust judgments. Today, the need for more interoperable and usable trust infrastructures is urgent in order to fulfill the security needs of computer and mobile devices. Developing, deploying, and maintaining information technology that provides effective and usable solutions has yet to be achieved. In this paper, we propose a new framework for a distributed support system for trust infrastructure deployment: the Public Key System (PKS). We describe the general architecture based on Distributed Hash Tables (DHTs), how it simplifies the deployment and usability of federated identities, and how existing infrastructures can be integrated into our system. This paper lays down the basis for the deployment of collaborative Internet-scale trust infrastructures.

References

Pastry.Google Scholar
K. Aberer, P. Cudrï£¡-Mauroux, A. Datta, Z. Despotovic, M. Hauswirth, M. Punceva, and R. Schmidt. P-Grid: A Self-organizing Structured P2P System. SIGMOD Record, 32(3), September 2003. http://lsirpeople.epfl.ch/rschmidt/papers/Aberer03P-GridSelfOrganizing.pdf. Google ScholarDigital Library
A. K. Bhushan. File transfer protocol, 1971.Google Scholar
D. Boneh and M. Franklin. Identity Based Encryption from the Weil Pairing. SIAM Journal of Computing, 32(3):586--615, 2003. Google ScholarDigital Library
W. E. Burr, D. F. Dodson, and W. T. Polk. Electronic authentication guideline. OnLine.Google Scholar
J. Callas, L. Donnerhacke, H. Finney, and D. Shaw. OpenPGP Message Format. Internet Engineering Task Force: RFC-4880, November 2007.Google Scholar
D. Clark, J. Elien, C. Ellison, M. Fredette, A. Morcos, and R. Rivest. Certificate Chain Discovery in SPKI/SDSI. Journal of Computer Security, 9(4):285--322, 2001. Google ScholarDigital Library
D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, W. Polk. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280, May 2008.Google Scholar
R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, and T. Berners-Lee. Hypertext transfer protocol -- http/1.1, 1999.Google Scholar
E. Fredkin. Trie memory. Commun. ACM, 3(9):490--499, 1960. Google ScholarDigital Library
R. Housley, W. Polk, W. Ford, and D. Solo. Certificate and Certificate Revocation List (CRL) Profile. Internet Engineering Task Force: RFC 3280, 2002.Google Scholar
ICAM. Identity, credential, and access management. OnLine.Google Scholar
IGTF. The International Grid Trust Federation. OnLine.Google Scholar
InCommon. InCommon Federation Homepage. OnLine.Google Scholar
S. Kent. Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management. Internet Engineering Task Force: RFC-1422, February 1993.Google Scholar
R. Khare and S. Lawrence. Upgrading to tls within http/1.1, 2000.Google Scholar
Massimiliano Pala and Sean W. Smith. PEACHES and Peers. In 5<sup>th</sup> European PKI Workshop: Theory and Practice, volume 5057, pages 223--238. Lecture Notes in Computer Science, Springer Verlag, June EuroPKI 2008. Google ScholarDigital Library
P. Maymounkov and D. Mazières. Kademlia: A peer-to-peer information system based on the xor metric. In IPTPS '01: Revised Papers from the First International Workshop on Peer-to-Peer Systems, pages 53--65, London, UK, 2002. Springer-Verlag. Google ScholarDigital Library
D. Meyer and K. Patel. Bgp-4 protocol analysis. Internet Engineering Task Force: RFC 4274, 2006.Google Scholar
OpenID. Open identity homepage. OnLine.Google Scholar
M. Pala. The PKI Resource Query Protocol (PRQP). Internet Engineering Task Force: Internet-Draft, November 2009.Google Scholar
M. Pala and S. W. Smith. PEACHES and Peers. Proceedings of the 5th European PKI Workshop: Theory and Practice, 5057:223--238, June 2008. Google ScholarDigital Library
S. Ratnasamy, P. Francis, M. Handley, R. Karp, and S. Schenker. A scalable content-addressable network. In SIGCOMM '01: Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications, volume 31, pages 161--172. ACM Press, October 2001. Google ScholarDigital Library
I. Stoica, R. Morris, D. Karger, F. F. Kaashoek, and H. Balakrishnan. Chord: A scalable peer-to-peer lookup service for internet applications. SIGCOMM Comput. Commun. Rev., 31(4):149--160, October 2001. Google ScholarDigital Library
TAGPMA. The Americas Grid Policy Management Authority. OnLine.Google Scholar
M. Wahl, T. Howes, and S. Kille. Lightweight directory access protocol (v3), 1997.Google Scholar
B. Y. Zhao, J. D. Kubiatowicz, and A. D. Joseph. Tapestry: An infrastructure for fault-tolerant wide-area location and routing. Technical Report UCB/CSD-01-1141, UC Berkeley, # apr # 2001. Google ScholarDigital Library

Index Terms

A proposal for collaborative internet-scale trust infrastructures deployment: the public key system (PKS)
1. Security and privacy
  1. Security services
    1. Authentication

Recommendations

A Decentralized Certification Authority Based on Real World Trust Relationships
CSSE '08: Proceedings of the 2008 International Conference on Computer Science and Software Engineering - Volume 03

The Public key infrastructure (PKI) provides security services for e-commerce, e-government and other cyber transactions. Certification authority (CA), a critical component of PKI, acts as a trust third party (TTP) among these applications. A CA is ...
Read More
BlockVoke – Fast, Blockchain-Based Certificate Revocation for PKIs and the Web of Trust
Information Security
Abstract
A reliable certificate revocation mechanism is crucial, as illustrated by the recent revocation of 1.7 million certificates issued by the Let’s Encrypt certificate authority. It is just as essential to get revocation information to users in an ...
Read More
Interoperability between the X.509 and EDIFACT Public Key Infrastructures: The DEDICA Project
DEXA '98: Proceedings of the 9th International Workshop on Database and Expert Systems Applications

During these last years, a big amount of efforts have been devoted to specify and develop public key infrastructures (PKIs). Several initiatives around the world have given as a result the emergency of the one PKI based on X.509 certificates and other ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
IDTRUST '10: Proceedings of the 9th Symposium on Identity and Trust on the Internet
April 2010
127 pages
ISBN:9781605588957
DOI:10.1145/1750389
General Chair:
Ken Klingenstein
Internet 2
,
Program Chair:
Carl Ellison
Copyright © 2010 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 13 April 2010
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
PKI
distributed systems
federated identities
peer-to-peer
Qualifiers
- research-article
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 1
  Total Citations
  View Citations
- 257
  Total Downloads
- Downloads (Last 12 months)3
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

A proposal for collaborative internet-scale trust infrastructures deployment: the public key system (PKS)

IDTRUST '10: Proceedings of the 9th Symposium on Identity and Trust on the Internet

ABSTRACT

References

Cited By

Index Terms

Recommendations

A Decentralized Certification Authority Based on Real World Trust Relationships

BlockVoke – Fast, Blockchain-Based Certificate Revocation for PKIs and the Web of Trust

Interoperability between the X.509 and EDIFACT Public Key Infrastructures: The DEDICA Project

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

A proposal for collaborative internet-scale trust infrastructures deployment: the public key system (PKS)

IDTRUST '10: Proceedings of the 9th Symposium on Identity and Trust on the Internet

ABSTRACT

References

Cited By

Index Terms

Recommendations

A Decentralized Certification Authority Based on Real World Trust Relationships

BlockVoke – Fast, Blockchain-Based Certificate Revocation for PKIs and the Web of Trust

Interoperability between the X.509 and EDIFACT Public Key Infrastructures: The DEDICA Project

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media