Exploiting approximate transitivity of trust

Social networks, of which webs of trust are a particular type, have been shown to be effective ways of moving information with minimal external configuration, setup, or management. For applications requiring information assurance, a web of trust is an appealing system architecture, since trust is an inherent component of both the network design and assurance. The trust in a typical web of trust is not transitive, however, making the construction of an application with strong assurance difficult or impossible. Instead, in this paper we examine a notion of weak assurance that can be provided by a web of trust, and might be “good enough” for many applications. As a motivating example, and to provide a more concrete basis for exposition, we present KeyChains, a peer-to-peer system that operates over a distributed web of trust to provide fully decentralized public key publishing and retrieval. In addition to weak assurance guarantees, KeyChains also provides an audit trail for public keys retrieved. Our analysis and simulations show that the resulting system is both efficient and secure.

[1]  Srdjan Capkun,et al.  Small worlds in security systems: an analysis of the PGP certificate graph , 2002, NSPW '02.

[2]  J. M. Ashley The GNU Privacy Handbook , 1999 .

[3]  Peter Druschel,et al.  Pastry: Scalable, distributed object location and routing for large-scale peer-to- , 2001 .

[4]  Aravind Srinivasan,et al.  Efficient lookup on unstructured topologies , 2005, IEEE Journal on Selected Areas in Communications.

[5]  Carl M. Ellison,et al.  The nature of a useable PKI , 1999, Comput. Networks.

[6]  Karl Aberer,et al.  Beyond "Web of trust": enabling P2P e-commerce , 2003, EEE International Conference on E-Commerce, 2003. CEC 2003..

[7]  Chuang-Hue Moh,et al.  ConChord: Cooperative SDSI Certificate Storage and Name Resolution , 2002, IPTPS.

[8]  Srdjan Capkun,et al.  Self-Organized Public-Key Management for Mobile Ad Hoc Networks , 2003, IEEE Trans. Mob. Comput..

[9]  Sharon L. Milgram,et al.  The Small World Problem , 1967 .

[10]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[11]  David R. Karger,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[12]  Hector Garcia-Molina,et al.  DHT Routing Using Social Links , 2004, IPTPS.

[13]  Seungjoon Lee,et al.  Cooperative peer groups in NICE , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[14]  James A. Hendler,et al.  Accuracy of Metrics for Inferring Trust and Reputation in Semantic Web-Based Social Networks , 2004, EKAW.

[15]  Adam J. Slagell,et al.  PKI Scalability Issues , 2004, ArXiv.

[16]  Loren M. Kohnfelder,et al.  Towards a practical public-key cryptosystem. , 1978 .

[17]  Joan Feigenbaum,et al.  KeyNote: Trust Management for Public-Key Infrastructures (Position Paper) , 1998, Security Protocols Workshop.

[18]  Antony I. T. Rowstron,et al.  Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems , 2001, Middleware.

[19]  Philip R. Zimmermann,et al.  The official PGP user's guide , 1996 .

[20]  Jon Callas,et al.  OpenPGP Message Format , 1998, RFC.

[21]  Simson L. Garfinkel,et al.  PGP: Pretty Good Privacy , 1994 .

[22]  Karl Aberer,et al.  A decentralised public key infrastructure for customer-to-customer e-commerce , 2005, Int. J. Bus. Process. Integr. Manag..