Matrix powers algorithms for trust evaluation in PKI architectures
Trust calculus for PKI
-
Upload
francesca-hoffman -
Category
Documents
-
view
32 -
download
1
description
Transcript of Trust calculus for PKI
![Page 1: Trust calculus for PKI](https://reader030.fdocuments.net/reader030/viewer/2022032804/56812a97550346895d8e4a8e/html5/thumbnails/1.jpg)
Trust calculus for PKI
Roman Novotný, Milan Vereščák
![Page 2: Trust calculus for PKI](https://reader030.fdocuments.net/reader030/viewer/2022032804/56812a97550346895d8e4a8e/html5/thumbnails/2.jpg)
Outline
PKI Maurer deterministic model Maurer probabilistic model Maurer PKI on P2P Roman continues with modeling in real world
![Page 3: Trust calculus for PKI](https://reader030.fdocuments.net/reader030/viewer/2022032804/56812a97550346895d8e4a8e/html5/thumbnails/3.jpg)
Public key infrastructure (PKI)
PKI – complex distributed systems of the end entities, CA, certificates, RA
Public key cryptography Certificate issuance Certificate validation Certificate revocation CA – trusted third party
![Page 4: Trust calculus for PKI](https://reader030.fdocuments.net/reader030/viewer/2022032804/56812a97550346895d8e4a8e/html5/thumbnails/4.jpg)
Public key certification
Alice knows the public key of X (for verifying the certificate) and is convinced of its authenticity.
Alice trusts X to be honest and to correctly authenticate the owner of a public key before signing it.
Alice
X (CA)
Bob
![Page 5: Trust calculus for PKI](https://reader030.fdocuments.net/reader030/viewer/2022032804/56812a97550346895d8e4a8e/html5/thumbnails/5.jpg)
Simple example
If Alice does not know an authentic copy of X's public key, the first condition can be satisfied by using a certificate for X's public key issued by another entity Y.
Alice
Y (CA)
Bob
X (CA)
![Page 6: Trust calculus for PKI](https://reader030.fdocuments.net/reader030/viewer/2022032804/56812a97550346895d8e4a8e/html5/thumbnails/6.jpg)
Maurer PKI deterministic model
Requirements: Generality and expressive power. Precise Semantics. Evaluation order independence. Efficient implementation. Scalability. Easy usability.
![Page 7: Trust calculus for PKI](https://reader030.fdocuments.net/reader030/viewer/2022032804/56812a97550346895d8e4a8e/html5/thumbnails/7.jpg)
Maurer model
Special type of logic syntax: 4 formulas (statements) Semantics: 2 inference rules
![Page 8: Trust calculus for PKI](https://reader030.fdocuments.net/reader030/viewer/2022032804/56812a97550346895d8e4a8e/html5/thumbnails/8.jpg)
Example 1
![Page 9: Trust calculus for PKI](https://reader030.fdocuments.net/reader030/viewer/2022032804/56812a97550346895d8e4a8e/html5/thumbnails/9.jpg)
Example 2
![Page 10: Trust calculus for PKI](https://reader030.fdocuments.net/reader030/viewer/2022032804/56812a97550346895d8e4a8e/html5/thumbnails/10.jpg)
Probablistic Maurer model
True/false (trust/distrust) This model measures validity on continuos
scale from 0 to 1 Every statement has assigned confidence
parameter
![Page 11: Trust calculus for PKI](https://reader030.fdocuments.net/reader030/viewer/2022032804/56812a97550346895d8e4a8e/html5/thumbnails/11.jpg)
Example
![Page 12: Trust calculus for PKI](https://reader030.fdocuments.net/reader030/viewer/2022032804/56812a97550346895d8e4a8e/html5/thumbnails/12.jpg)
PKI based on P2P network
Based on Chord: scalable p2p lookup protocol
Chord p2p network consists of nodes maps given key onto a node Node identifier (e.g. IP address of node) Key (e.g. filename) Hash function maps both the key and the
node identifier into m-bit identifier
![Page 13: Trust calculus for PKI](https://reader030.fdocuments.net/reader030/viewer/2022032804/56812a97550346895d8e4a8e/html5/thumbnails/13.jpg)
Algorithm for lookup
The mapping principle: each key is assigned to the first existing node whose identifier is greater than or equal to the identifier of the key.
Each node has finger table with m entries pointing to m nodes
Finger table of node 8 Finger table of node 42
i start-id N8.finger[i] i start-id N8.finger[i]
1 8+1=9 N14 1 42+1=43 N48
2 8+2=10 N14 2 42+2=43 N48
3 8+4=12 N14 3 42+4=46 N48
4 8+8=16 N21 4 42+8=50 N51
5 8+16=24 N32 5 42+16=58 N1
6 8+32=40 N42 6 42+32=10 N14
![Page 14: Trust calculus for PKI](https://reader030.fdocuments.net/reader030/viewer/2022032804/56812a97550346895d8e4a8e/html5/thumbnails/14.jpg)
Searching
Requires maximum LogN steps, where N is a number of nodes
![Page 15: Trust calculus for PKI](https://reader030.fdocuments.net/reader030/viewer/2022032804/56812a97550346895d8e4a8e/html5/thumbnails/15.jpg)
Views
Nodes are used for storing statements privateView: a set of private statements that
are not accessible from other nodes, only local node can access them.
publicView: a set of message tokens that are accessible to other nodes.
Message tokens consist of encrypted message and index key associated to that particular message.
![Page 16: Trust calculus for PKI](https://reader030.fdocuments.net/reader030/viewer/2022032804/56812a97550346895d8e4a8e/html5/thumbnails/16.jpg)
Public messages
Public messages Certificate messages Cert(X, PX, Y, PY) Recommendation messages Rec(X, PX, Y, i)
Private messages Authenticity statements Aut(X, PX) Trust statements Trust(X, i)
Distributing is done according to p2p lookup protocol and retrieving also using a Maurer inference rules
![Page 17: Trust calculus for PKI](https://reader030.fdocuments.net/reader030/viewer/2022032804/56812a97550346895d8e4a8e/html5/thumbnails/17.jpg)
Advantages of P2P model
load distribution: Hash function distributes message tokens (public messages) uniformly among the nodes.
scalability: We need Log(N) steps to retrieve or publicate a message token of the total number of N nodes.
fault resistance: This is because of decentralized character of this model.
![Page 18: Trust calculus for PKI](https://reader030.fdocuments.net/reader030/viewer/2022032804/56812a97550346895d8e4a8e/html5/thumbnails/18.jpg)
Improvement of model
Binding between public keys and certification informations
Time – aware model Validity template
![Page 19: Trust calculus for PKI](https://reader030.fdocuments.net/reader030/viewer/2022032804/56812a97550346895d8e4a8e/html5/thumbnails/19.jpg)
Statements
Authenticity of binding - Aut(A,X,P,I) Trust – Trust(A,X,D,I) Certificates – Cert(X,Y,P,I) Trust Transfers – Tran(X,Y,P,I) Certification Validity Templates – Val(A,C,t) Transfer Validity Templates – Val(A,T,t)
![Page 20: Trust calculus for PKI](https://reader030.fdocuments.net/reader030/viewer/2022032804/56812a97550346895d8e4a8e/html5/thumbnails/20.jpg)
Derivation of new statements
![Page 21: Trust calculus for PKI](https://reader030.fdocuments.net/reader030/viewer/2022032804/56812a97550346895d8e4a8e/html5/thumbnails/21.jpg)
X.509 and model
Set of property – subject’s name, issuer, signature algorithm
Time interval – validity – not before, not after Certification revocation list – Cert(X,0,L,I),
where 0 – empty set
![Page 22: Trust calculus for PKI](https://reader030.fdocuments.net/reader030/viewer/2022032804/56812a97550346895d8e4a8e/html5/thumbnails/22.jpg)
Thanks for your attention