An Algebra for Assessing Trust in Certification Chains

Open networks allow users to communicate without any prior arrangements such as contractual agreement or organisation membership. However, the very nature of open networks makes authenticity difficult to verify. We show tha t authentication can not be based on public key certificates alone, but also needs to include the binding between the key used for certification and it’s owner, as well as the trust relationships between users. We develop a simple algebra around these elements and describe how it can be used to compute measures of authenticity.

[1]  Svein J. Knapskog,et al.  A metric for trusted systems , 1998 .

[2]  Philip R. Zimmermann,et al.  The official PGP user's guide , 1996 .

[3]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[4]  Audun Jøsang,et al.  The right type of trust for distributed systems , 1996, NSPW '96.

[5]  D. Ellsberg Decision, probability, and utility: Risk, ambiguity, and the Savage axioms , 1961 .

[6]  Michael K. Reiter,et al.  Toward acceptable metrics of authentication , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[7]  Audun Jøsang,et al.  A Subjective Metric of Authentication , 1998, ESORICS.