Incorporation Of Certification Revocation And Time Concept Into A Trust Model For Information Security System

In large open networks, handling trust and authenticity adequately is an important prerequisite for security policy. Trust issues influence not only the specification of security policies but also the techniques needed to manage and implement security policies for systems. Certification is one of the main components of trust models and is known as a common mechanism for authentic public key distribution. In order to obtain a public key, verifiers need to extract a certificate path from a network of certificates, which is called the public key infrastructure (PKI). There are two classifications of PKI; namely the centralized and decentralized PKIs. In this thesis, attention is paid the decentralized PKIs, such as Maurer’s model. This model is comprised of two parts; the deterministic and probabilistic models. An important limitation in this model is that certification revocation is not considered. Revocation happens in cases, among others, such as the loss of private key. Another limitation of Maurer’s model is that it lacks time consideration, which is important as trust changes over time. In this thesis, a novel trust model is developed, addressing the limitations of other models. Negative values such as revocation of certification have been incorporated, making a complete trust model that includes both positive and negative evidences. Particularly, certification is considered as positive evidence while certification revocation is considered negative. The time concept is then added to the model in order to address the change of trusts status over time. Hence, the complete trust model is able to incorporate certification revocation and time concept into both deterministic and probabilistic parts of a model. Incorporating two new concepts into Maurer’s model increases the generality and expressive power of the model. Novel extension of the trust model enabling it to capture all aspects of public key certification which includes trust, recommendations, confidence values for trust metric and authenticity of public keys, multiple certification paths, certification revocation and the time concept. Experimental results show that after incorporating the new concept, a decrease in confidence value in comparison to Maurer’s model was observed, resulting to a more realistic model.

Preview PDF FK_2007_55a.pdf Download (338kB)

Actions (login required)

View Item