论文信息 - Associating Metrics to Certification Paths

Associating Metrics to Certification Paths

This paper presents a part of our work on open systems' security in conformance with the X509 framework. The Chimaera model tries to cover all X509's lacks specially for what concerns Certification Authorities CA. Although our primary concern was the elaboration of a security scheme, we quickly met the need of a convenient distribution of CAs and the manipulation of both certificates and certification paths. The main trends of the scheme are: the elaboration of the CA concepts, the elaboration of a communication protocol between these authorities by and the introduction of the evaluation notion of both certificates and Certification Paths CP. In the first part, A brief introduction to major security trends and mechanisms is given, then some implimentations and standards are cited. At this level, deficiencies of actual models and the need of more convenient scheme are shown. In the next part, main trends of the Chimaera model and its OSI environment are presented. We describe then a protocol for the exchange and evaluation of both certificates and CP, Certification Paths, hence ensuring a secure propagation of trust and knowledge over the network. Finally, the Added value of the given scheme is discussed in relation to certificate's establishment and revocation.

Christian Huitema | Anas Tarah | C. Huitema | A. Tarah

[1] Adi Shamir,et al. A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[2] Deborah Estrin. Policy Requirements for Inter-Administrative Domain Routing , 1991, Comput. Networks ISDN Syst..

[3] Adi Shamir,et al. Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[4] Steve Kent,et al. Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management , 1989, RFC.

[5] Jeffrey I. Schiller,et al. An Authentication Service for Open Network Systems. In , 1998 .

[6] John M. Boone,et al. INTEGRITY-ORIENTED CONTROL OBJECTIVES: PROPOSED REVISIONS TO THE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (TCSEC), DoD 5200.28-STD , 1991 .

[7] David Chaum,et al. Advances in Cryptology: Proceedings Of Crypto 83 , 2012 .

[8] Christian Huitema,et al. CHIMÆRA: A Network Security Model , 1990, European Symposium on Research in Computer Security.

[9] Chris Mitchell,et al. Security defects in CCITT recommendation X.509: the directory authentication framework , 1990, CCRV.