Expressing Trust in Distributed Systems: the Mismatch Between Tools and Reality 1

Distributed systems typically support processes that involve humans separated by space and by organizational boundaries. Because of its ability to enable secure communications between parties that do not share keys a priori, public key cryptography is a natural building block for the elements of these computing systems to establish trust with each other. However, if the trust structure we build into the computing systems does not match the trust structure in the human systems, then this trust infrastructure has not achieved its goal. In this paper, we assess the inability of the standard PKI-based tools to capture many trust situations that really arise in current distributed systems, based on our lab's experience trying to make these tools fit. We oer some observations for future work that may improve the situation.

[1]  Pedro M. Domingos,et al.  Learning to map between ontologies on the semantic web , 2002, WWW '02.

[2]  Dan S. Wallach,et al.  Web Spoofing: An Internet Con Game , 1997 .

[3]  Sean W. Smith,et al.  Greenpass: Decentralized, PKI-based Authorization for Wireless LANs , 2004 .

[4]  Sean W. Smith,et al.  Trusted paths for browsers , 2002, TSEC.

[5]  Carl M. Ellison,et al.  The nature of a useable PKI , 1999, Comput. Networks.

[6]  Steven Tuecke,et al.  X.509 Proxy Certificates for Dynamic Delegation , 2004 .

[7]  Peter Gutmann,et al.  PKI: It's Not Dead, Just Resting , 2002, Computer.

[8]  Audun Jøsang,et al.  What You See is Not Always What You Sign , 2002 .

[9]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[10]  Luciano Serafini,et al.  Semantic Coordination: A New Approach and an Application , 2003, SEMWEB.

[11]  David W. Chadwick,et al.  The PERMIS X.509 role based privilege management infrastructure , 2002, SACMAT '02.

[12]  Ronald L. Rivest,et al.  Certificate Chain Discovery in SPKI/SDSI , 2002, J. Comput. Secur..

[13]  Sean W. Smith,et al.  Keyjacking: the surprising insecurity of client-side SSL , 2005, Comput. Secur..

[14]  Ronald L. Rivest,et al.  SDSI - A Simple Distributed Security Infrastructure , 1996 .

[15]  Simson L. Garfinkel,et al.  Proposal for Thesis Research in Partial Fulfillment Of the Requirements for the Degree of Doctor of Philosophy Title: Usable Security: Design Principles for Creating Systems that are Simultaneously Usable and Secure , 2004 .

[16]  Alma Whitten,et al.  Making Security Usable , 2004 .

[17]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.

[18]  R. Asokan,et al.  Digital signatures and electronic documents: a cautionary tale , 2002, Communications and Multimedia Security.

[19]  Steven Tuecke,et al.  Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile , 2004, RFC.

[20]  Stefan A. Brands,et al.  Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy , 2000 .

[21]  Carl M. Ellison Improvements on Conventional PKI Wisdom , 2002 .

[22]  Scott B. Cantor,et al.  Shibboleth architecture draft v05 , 2002 .

[23]  Sean W. Smith Outbound authentication for programmable secure coprocessors , 2004, International Journal of Information Security.