Design of Graded Trusts by Using Dynamic Path Validation

Kubo, Akira; Satō, Hiroyuki

doi:10.1007/978-3-642-13446-3_12

Cited by 2 publications

(1 citation statement)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This paper is a refinement of the basic idea of dynamic path validation 13) in terms of extended path validation and analysis of the fragmentation problem.…”

Section: Related Workmentioning

confidence: 99%

Graded Trust of Certificates and Its Management with Extended Path Validation

Satō

Kubo²

2011

Journal of Information Processing

Self Cite

View full text Add to dashboard Cite

In modern information service architectures, many servers are involved in service building, in which servers must rely on the information provided by other servers thereby creating a trust. This trust relation is central to building services in distributed environments, and is closely related to information security. Almost every standard on information security is concerned with the internal control of an organization, and particularly with authentication. In this paper, we focus on a trust model of certificate authentication. Conventionally, a trust model of certificates is defined as a validation of chains of certificates. However, today, this trust model does not function well because of the fragmentation problem caused by complexities of paths and by fine a requirement at security levels. In this paper, we propose "dynamic path validation" together with another trust model of PKI for controlling this situation. First, we propose Policy Authority. Policy Authority assigns a level of compliance (LoC) to CAs in its trust domain. LoC is evaluated in terms of the certificate common criteria of Policy Authority. Moreover, it controls the path building with considerations of LoC. Therefore, we can flexibly evaluate levels of CP/CPS's in a single server. In a typical bridge model, we need as many bridge CAs as the number of required levels of CP/CPS's. In our framework, instead, we can do the same task in a single server, by which we can save costs of maintaining lists of trust anchors at multiple levels.

show abstract

“…This paper is a refinement of the basic idea of dynamic path validation 13) in terms of extended path validation and analysis of the fragmentation problem.…”

Section: Related Workmentioning

confidence: 99%