The Solar Trust Model: authentication without limitation

The PEM and PGP/X.509 authentication models and the Biba Integrity Model have limitations inherent in their design that diminish their practicality in real world applications. The ICE-TEL trust model addresses some of these difficulties, and introduces a few new limitations. The Common Security Services Manager's Trust Policy Interface Specification provides the guidelines with which new trust policies may be encoded, but does not implement an actual policy. This paper describes a new model that permits both the identity of the sender of a message, and the trustworthiness of the sender of the message to be determined. The model works regardless of whether or not the message was signed by a certificate authority with which the recipient has a relationship. The model can be implemented without changing the format of certificates that are currently in use, and could be used as a module in a broader security framework, such as the Common Security Services Manager.

[1]  Butler W. Lampson,et al.  A Global Authentication Service without Global Trust , 1986, 1986 IEEE Symposium on Security and Privacy.

[2]  Steve Kent,et al.  Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management , 1989, RFC.

[3]  Justo Carracedo Gallardo,et al.  Hierarchical Organization of Certification Authorities for Secure Environments , 1997, NDSS.

[4]  David W. Chadwick,et al.  Trust models in ICE-TEL , 1997, Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security.

[5]  K. J. Bma Integrity considerations for secure computer systems , 1977 .

[6]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[7]  J. Carracedo,et al.  Hierarchical organization of certification authorities for secure environments , 1997, Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security.

[8]  Christian Huitema,et al.  A new approach to the X.509 framework: allowing a global authentication infrastructure without a global trust model , 1995, Proceedings of the Symposium on Network and Distributed System Security.