Reducing the Dependence of SPKI/SDSI on PKI

Wang, Hao; Jha, Somesh; Reps, Thomas; Schwoon, Stefan

Reducing the Dependence of SPKI/SDSI on PKI

Active / Technical Report | Accession Number: ADA454815 |

Open PDF

Abstract:

Trust-management systems address the authorization problem in distributed systems. They offer several advantages over other approaches, such as support for delegation and making authorization decisions in a decentralized manner. Nonetheless, trust-management systems such as KeyNote and SPKISDSI have seen limited deployment in the real world. One reason for this is that both systems require a public-key infrastructure PKI for authentication, and PKI has proven difficult to deploy, because each user is required to manage hisher own privatepublic key pair. The key insight of our work is that issuance of certificates in trust-management systems, a task that usually requires public-key cryptography, can be achieved using secret-key cryptography as well. We demonstrate this concept by showing how SPKISDSI can be modified to use Kerberos, a secret-key based authentication system, to issue SPKISDSI certificates. The resulting trust-management system retains all the capabilities of SPKISDSI, but is much easier to use because a public key is only required for each SPKISDSI server, but no longer for every user. Moreover, because Kerberos is already well established, our approach makes SPKISDSI-based trust-management systems easier to deploy in the real world.

Author(s):

Wang, Hao ; Jha, Somesh ; Reps, Thomas ; Schwoon, Stefan

Author Organization(s):

WISCONSIN UNIV-MADISON DEPT OF COMPUTER SCIENCES

Descriptive Note:

Conference paper

Supplementary Note:

Sponsored in part by the National Science Foundation Grants nos. CCF-0524051 and CCR-9986308. Prepared in cooperation with the University of Stuttgart, Germany and Stubblebine Research Labs, Madison, NJ. Presented at the European Symposia on Research in Computer Security (11th), ESORICS 2006, in Hamburg, Germany on 18-20 Sep 2006 and to be published in proceedings.

Pagination:

0018

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release; Distribution Is Unlimited. This Document Is Not Available From Dtic In Microfiche.

RECORD

Collection: TR

Identifying Numbers

Contract/Grant Number(s):

N00014-01-1-0796, N00014-01-1-0708

Monitor Series:

ONR

Subject Terms

Joint Capability Areas:

JCA_6_Net Centric; JCA_6.4.1_Secure Information Exchange; JCA_6.1_Information Transport; JCA_6.4_Information Assurance; JCA_5_Command and Control; JCA_4.1_Deployment and Distribution; JCA_JCA_4.1.2_Sustain the Force; JCA_5.3_Planning; JCA_8_Building Partnerships; JCA_5.2.2_Develop Knowledge and Situational Awareness; JCA_5.2_Understand; JCA_1.2.6_Concepts; JCA_8.2_Shape

Modernization Areas:

Fully Networked C3

Communities of Interest:

C4I

Descriptor(s):

*COMPUTER ACCESS CONTROL, SYMPOSIA, INFORMATION ASSURANCE, COMPUTER PROGRAM RELIABILITY

Field(s)/Group(s):

Computer Systems Management and Standards, Cybernetics, Computer Programming and Software

Keyword(s):

TRUST MANAGEMENT SYSTEMS, PKI(PUBLIC KEY INFRASTRUCTURE), SECRET KEY BASED AUTHENTICATION SYSTEM, SPKI(SIMPLE PUBLIC KEY INFRASTRUCTURE), COMPUTER SECURITY, SDSI(SIMPLE DISTRIBUTED SECURITY INFRASTRUCTURE)

Report Date:

2005 Jan 01

Creation Date:

2006 Oct 11