论文信息 - A Decentralized Certification Authority Based on Real World Trust Relationships

A Decentralized Certification Authority Based on Real World Trust Relationships

The public key infrastructure (PKI) provides security services for e-commerce, e-government and other cyber transactions. certification authority (CA), a critical component of PKI, acts as a trust third party (TTP) among these applications. A CA is usually controlled and operated by an authority in real world, which stores and publishes users' public key and other attributes. However, various types of attributes on certificates are always determined by several authorities instead of a single one. Based on the practical experiences, PKI must be built on real world trust relationships [1], but CAs, registration authorities (RAs) and other commodity PKI components cannotreflect these relationships among authorities well. Although some decentralized CA systems [2, 3] are designed and these CAs are operated by several administrators cooperatively, they focus on the security of CApsilas private key but not the trust relationships among administrators. To the best of our knowledge, no systematic work has been conducted to integrate several real world authorities into a CA, reflecting their trust relationships through system structure. We present a decentralized CA system, which is built and operated on real world trust relationships among several authorities, and issues standard X.509 certificates. Different authorities are responsible for different attributes on certificates, which make the certificates more trust and make the CA more similar to real world.

Jingjing Wu | Jingqiang Lin | Jiwu Jing

[1] Silvio Micali. 1st Annual PKI Research Workshop---Proceedings , 2002 .

[2] Carl M. Ellison. 1st Annual PKI Research Workshop---Proceedings , 2002 .

[3] Dengguo Feng,et al. ARECA: a highly attack resilient certification authority , 2003, SSRS '03.

[4] Stephen T. Kent. Rethinking PKI: What's Trust Got to Do with It? , 2002, EUROCRYPT.

[5] Sean W. Smith,et al. 2nd Annual PKI Research Workshop Proceedings , 2004 .

[6] Adi Shamir,et al. How to share a secret , 1979, CACM.

[7] Robbert van Renesse,et al. COCA: a secure distributed online certification authority , 2002, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[8] Richard Forno,et al. PKI: a question of trust and value. , 2001 .

[9] Bruce Schneier,et al. Ten Risks of PKI , 2004 .

[10] Carl M. Ellison. Improvements on Conventional PKI Wisdom , 2002 .