Certificate Recommendations to Improve the Robustness of Web of Trust

Users in a distributed system establish webs of trust by issuing and exchanging certificates amont themselves. This approach does not require a central, trusted keyserver. The distributed web of trust, however, is susceptible to attack by malicious users, who may issue false certificates. In this work, we propose a method for generating certificate recommendations. These recommendations guide the users in creating webs of trust that are highly robust to attacks. To accomplish this we propose a heuristic method of graph augmentation for the certificate graph, and show experimentally that it is close to optimal. We also investigate the impact of user preferences and non-compliance with these recommendations, and demonstrate that our method helps identify malicious users if there are any.

[1]  Tibor Jordán,et al.  Directed vertex-connectivity augmentation , 1999, Math. Program..

[2]  Lada A. Adamic,et al.  Search in Power-Law Networks , 2001, Physical review. E, Statistical, nonlinear, and soft matter physics.

[3]  Christian Huitema,et al.  A new approach to the X.509 framework: allowing a global authentication infrastructure without a global trust model , 1995, Proceedings of the Symposium on Network and Distributed System Security.

[4]  András A. Benczúr,et al.  Pushdown-reduce: an algorithm for connectivity augmentation and poset covering problems , 2003, Discret. Appl. Math..

[5]  Elisa Bertino,et al.  Computer Security — ESORICS 96 , 1996, Lecture Notes in Computer Science.

[6]  Frank Harary,et al.  Graph Theory , 2016 .

[7]  Peng Ning,et al.  Improving Robustness of PGP Keyrings by Conflict Detection , 2004, CT-RSA.

[8]  Jean-Jacques Quisquater,et al.  Computer Security — ESORICS 92 , 1992, Lecture Notes in Computer Science.

[9]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[10]  Tatsuaki Okamoto Topics in Cryptology – CT-RSA 2004 , 2004, Lecture Notes in Computer Science.

[11]  Srdjan Capkun,et al.  Small worlds in security systems: an analysis of the PGP certificate graph , 2002, NSPW '02.

[12]  Alexander Aiken,et al.  Attack-Resistant Trust Metrics for Public Key Certification , 1998, USENIX Security Symposium.

[13]  Toshihide Ibaraki,et al.  Graph connectivity and its augmentation: applications of MA orderings , 2002, Discret. Appl. Math..

[14]  Christian Huitema,et al.  Associating Metrics to Certification Paths , 1992, ESORICS.

[15]  Duncan J. Watts,et al.  Collective dynamics of ‘small-world’ networks , 1998, Nature.

[16]  Michael K. Reiter,et al.  Resilient Authentication Using Path Independence , 1998, IEEE Trans. Computers.

[17]  András Frank,et al.  Minimal Edge-Coverings of Pairs of Sets , 1995, J. Comb. Theory, Ser. B.

[18]  David S. Johnson,et al.  Computers and Intractability: A Guide to the Theory of NP-Completeness , 1978 .

[19]  Michael K. Reiter,et al.  Toward acceptable metrics of authentication , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[20]  Tuomas Aura On the structure of delegation networks , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[21]  Joseph Cheriyan,et al.  Approximating Minimum-Size k-Connected Spanning Subgraphs via Matching , 1998, Electron. Colloquium Comput. Complex..

[22]  Peng Ning,et al.  Certificate recommendations to improve robustness of webs of trust , 2004 .

[23]  Ueli Maurer,et al.  Modelling a Public-Key Infrastructure , 1996, ESORICS.

[24]  David K. Smith Network Flows: Theory, Algorithms, and Applications , 1994 .

[25]  Jon M. Kleinberg,et al.  The small-world phenomenon: an algorithmic perspective , 2000, STOC '00.

[26]  Philip R. Zimmermann,et al.  The official PGP user's guide , 1996 .

[27]  Thomas Beth,et al.  Valuation of Trust in Open Networks , 1994, ESORICS.

[28]  Martin Grötschel,et al.  The ellipsoid method and its consequences in combinatorial optimization , 1981, Comb..

[29]  Dieter Gollmann,et al.  Computer Security — ESORICS 94 , 1994, Lecture Notes in Computer Science.

[30]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.