Vulnerability analysis of certificate graphs

A certificate system can be represented by a directed graph, called a certificate graph, where each node represents a user that has a public key and a private key and each edge (u, v) represents a certificate that is signed by the private key of u and contains the public key of v. Two types of damage can be done in a certificate graph when the private key of a node u in the graph is revealed to an adversary: explicit and implicit. The explicit damage is that the adversary can impersonate node u to other nodes in the graph (until it is known to other nodes that the private key of u is revealed). The implicit damage is that the adversary can impersonate nodes other than u to other nodes in the graph. In this paper, we define a metric called vulnerability that measures the scope of explicit and implicit damage that may occur in a certificate graph when the private key of a node in the graph is revealed to an adversary. Using this metric, we analyse the vulnerability of different classes of certificate graphs. For example, in the case of (m, k)-star certificate graphs, the vulnerability is 1−(k−1)/2mk, whereas in the case of (d, h)-tree certificate graphs, the vulnerability is approximately 1−h/dh. For the same number of nodes, (m, k)-star certificate graphs can be made less vulnerable than (d, h)-tree certificate graphs. We present three algorithms that compute the vulnerability of an arbitrary certificate graph, and use these algorithms to show that certificate dispersal and stricter acceptance criteria reduce the vulnerability of certificate graphs.

[1]  Michael K. Reiter,et al.  Authentication metric analysis and design , 1999, TSEC.

[2]  Philip R. Zimmermann,et al.  The official PGP user's guide , 1996 .

[3]  Jean-Pierre Hubaux,et al.  The quest for security in mobile ad hoc networks , 2001, MobiHoc '01.

[4]  Christian Huitema,et al.  Associating Metrics to Certification Paths , 1992, ESORICS.

[5]  Alexander Aiken,et al.  Attack-Resistant Trust Metrics for Public Key Certification , 1998, USENIX Security Symposium.

[6]  Stephen Farrell,et al.  Internet X.509 Public Key Infrastructure Certificate Management Protocols , 1999, RFC.

[7]  Carson C. Chow,et al.  Small Worlds , 2000 .

[8]  Carl M. Ellison,et al.  SPKI Requirements , 1999, RFC.

[9]  Ehab S. Elmallah,et al.  Optimal Dispersal of Certificate Chains , 2004, DISC.

[10]  Gesine Reinert,et al.  Small worlds , 2001, Random Struct. Algorithms.

[11]  Thomas Beth,et al.  Valuation of Trust in Open Networks , 1994, ESORICS.

[12]  Ueli Maurer,et al.  Confidence Valuation in a Public-Key Infrastructure Based on Uncertain Evidence , 2000, Public Key Cryptography.

[13]  Ronald L. Rivest,et al.  SDSI - A Simple Distributed Security Infrastructure , 1996 .

[14]  Michael K. Reiter,et al.  Resilient Authentication Using Path Independence , 1998, IEEE Trans. Computers.

[15]  Srdjan Capkun,et al.  Small worlds in security systems: an analysis of the PGP certificate graph , 2002, NSPW '02.

[16]  Ueli Maurer,et al.  Modelling a Public-Key Infrastructure , 1996, ESORICS.

[17]  Koichi Wada,et al.  An optimal certificate dispersal algorithm for mobile ad hoc networks , 2004, Third International Symposium on Parallel and Distributed Computing/Third International Workshop on Algorithms, Models and Tools for Parallel Computing on Heterogeneous Networks.

[18]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.

[19]  Stephen Farrell,et al.  Internet X.509 Public Key Infrastructure Certificate Management Protocol (CMP) , 2005, RFC.