Improving the robustness of webs of trust

The correct recognition of a user's public key is very important for many security functions, such as confidentiality, integrity and non-repudiation. If we mistakenly recognize an illegitimate public key as legitimate, then these security functions may be compromised. In distributed webs of trust systems, each user's public-key information is provided by other users. Because users can be unreliable (untrustworthy, malicious, compromised users or who make mistakes), the correctness of the public-key information they provided remains a question. For this reason, a method to verify the correctness of the user-provided public-key information is very much needed. Previous works have suggested the use of redundancy to compute the trustworthiness on user-provided public key information. However, the problem of how to improve the trustworthiness has never been considered. In this paper, we will focus on the problem of how to improve the trustworthiness of user-provided public-key information. First, we observe that the trustworthiness computed on a public key may be inaccurate if users claim multiple false identities and/or (either legitimately or illegitimately) possess multiple public keys. We explain and show that the result of trust computation can be made more accurate if we also consider identities. Second, we analyze conflicting certificates and show that it can be used to detect malicious users and improve the trustworthiness on public keys. Third, we show that the current webs of trust system, i.e. PGP, is not robust in the presence of unreliable users. Its robustness can be significantly improved by the two kinds of certificate recommendation methods we have proposed. The first method can be used to improve the robustness of the whole webs of trust system to any desired degree by issuing a minimal set of additional certificates. These recommendations are also made very user-friendly by taking into consideration user's preference and non-compliance. The second recommendation method works differently. It is based on probability theory and can be used to increase the robustness of any single public key as well as the entire webs of trust system. It can guarantee the correctness of a user's public key by over 99.99% probability with only a moderate number of additional certificates; even in the presence of a large number of unreliable users. The applications of both recommendation methods will result in richly-connected and very robust webs of trust systems. In the last recommendation, we present a very efficient and robust mechanism to apply the webs of trust system in wireless ad-hoc networks. The specific problem is how to distribute public key certificates to each user such that users can authenticate each other. (Abstract shortened by UMI.)

[1]  Ueli Maurer,et al.  Modelling a Public-Key Infrastructure , 1996, ESORICS.

[2]  Yvo Desmedt,et al.  Threshold Cryptosystems , 1989, CRYPTO.

[3]  Lada A. Adamic,et al.  Zipf's law and the Internet , 2002, Glottometrics.

[4]  Anukool Lakhina,et al.  BRITE: Universal Topology Generation from a User''s Perspective , 2001 .

[5]  Christian Huitema,et al.  Associating Metrics to Certification Paths , 1992, ESORICS.

[6]  Ronald L. Rivest,et al.  Introduction to Algorithms , 1990 .

[7]  Martin Grötschel,et al.  The ellipsoid method and its consequences in combinatorial optimization , 1981, Comb..

[8]  Michael K. Reiter,et al.  Path independence for authentication in large-scale systems , 1997, CCS '97.

[9]  Haiyun Luo,et al.  Self-securing ad hoc wireless networks , 2002, Proceedings ISCC 2002 Seventh International Symposium on Computers and Communications.

[10]  Charles E. Perkins,et al.  Ad Hoc Networking , 2001 .

[11]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[12]  Tibor Jordán,et al.  Directed vertex-connectivity augmentation , 1999, Math. Program..

[13]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[14]  Yvo Desmedt,et al.  Is hierarchical public-key certification the next target for hackers? , 2004, CACM.

[15]  Peng Ning,et al.  Improving Robustness of PGP Keyrings by Conflict Detection , 2004, CT-RSA.

[16]  Duncan J. Watts,et al.  Collective dynamics of ‘small-world’ networks , 1998, Nature.

[17]  Srdjan Capkun,et al.  Small worlds in security systems: an analysis of the PGP certificate graph , 2002, NSPW '02.

[18]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[19]  Christian Huitema,et al.  A new approach to the X.509 framework: allowing a global authentication infrastructure without a global trust model , 1995, Proceedings of the Symposium on Network and Distributed System Security.

[20]  David S. Johnson,et al.  Computers and Intractability: A Guide to the Theory of NP-Completeness , 1978 .

[21]  Jon M. Kleinberg,et al.  The small-world phenomenon: an algorithmic perspective , 2000, STOC '00.

[22]  Donggang Liu,et al.  Establishing pairwise keys in distributed sensor networks , 2005, TSEC.

[23]  Masato Saito,et al.  ANARCH: a name resolution scheme for mobile ad hoc networks , 2003, 17th International Conference on Advanced Information Networking and Applications, 2003. AINA 2003..

[24]  Martín Abadi,et al.  Authentication in distributed systems: theory and practice , 1991, SOSP '91.

[25]  Frank Harary,et al.  Graph Theory , 2016 .

[26]  Thomas Beth,et al.  Valuation of Trust in Open Networks , 1994, ESORICS.

[27]  He Huang,et al.  An approach to certificate path discovery in mobile Ad Hoc networks , 2003, SASN '03.

[28]  Dimitri P. Bertsekas,et al.  Data Networks , 1986 .

[29]  Alexander Aiken,et al.  Attack-Resistant Trust Metrics for Public Key Certification , 1998, USENIX Security Symposium.

[30]  J. J. Garcia-Luna-Aceves A unified approach to loop-free routing using distance vectors or link states , 1989, SIGCOMM 1989.

[31]  Michael K. Reiter,et al.  Toward acceptable metrics of authentication , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[32]  Tuomas Aura On the structure of delegation networks , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[33]  Ravindra K. Ahuja,et al.  Network Flows: Theory, Algorithms, and Applications , 1993 .

[34]  Alon Itai,et al.  The complexity of finding maximum disjoint paths with length constraints , 1982, Networks.

[35]  Albert-László Barabási,et al.  Internet: Diameter of the World-Wide Web , 1999, Nature.

[36]  Keith W. Ross,et al.  Computer networking - a top-down approach featuring the internet , 2000 .

[37]  Alfred Menezes,et al.  The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[38]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[39]  Toshihide Ibaraki,et al.  Graph connectivity and its augmentation: applications of MA orderings , 2002, Discret. Appl. Math..

[40]  András Frank,et al.  Minimal Edge-Coverings of Pairs of Sets , 1995, J. Comb. Theory, Ser. B.

[41]  Michael K. Reiter,et al.  Authentication metric analysis and design , 1999, TSEC.

[42]  András A. Benczúr,et al.  Pushdown-reduce: an algorithm for connectivity augmentation and poset covering problems , 2003, Discret. Appl. Math..

[43]  Charles L. Hedrick,et al.  Routing Information Protocol , 1988, RFC.

[44]  Lada A. Adamic,et al.  Power-Law Distribution of the World Wide Web , 2000, Science.

[45]  Peng Ning,et al.  Certificate Recommendations to Improve the Robustness of Web of Trust , 2004, ISC.

[46]  Yunghsiang Sam Han,et al.  A pairwise key pre-distribution scheme for wireless sensor networks , 2003, CCS '03.

[47]  Srdjan Capkun,et al.  Self-Organized Public-Key Management for Mobile Ad Hoc Networks , 2003, IEEE Trans. Mob. Comput..

[48]  Charles E. Perkins,et al.  Ad hoc networking: an introduction , 2001 .

[49]  Virgil D. Gligor,et al.  A key-management scheme for distributed sensor networks , 2002, CCS '02.

[50]  J. J. Garcia-Luna-Aceves,et al.  A Minimum-Hop Routing Algorithm Based on Distributed Information , 1989, Comput. Networks.

[51]  Michael K. Reiter,et al.  Resilient Authentication Using Path Independence , 1998, IEEE Trans. Computers.

[52]  Zygmunt J. Haas,et al.  Securing ad hoc networks , 1999, IEEE Netw..

[53]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[54]  Philip R. Zimmermann,et al.  The official PGP user's guide , 1996 .

[55]  Jean-Pierre Hubaux,et al.  The quest for security in mobile ad hoc networks , 2001, MobiHoc '01.