Incorporation Of Certification Revocation And Time Concept Into A Trust Model For Information Security System
In large open networks, handling trust and authenticity adequately is an important prerequisite for security policy. Trust issues influence not only the specification of security policies but also the techniques needed to manage and implement security policies for systems. Certification is one of...
Saved in:
Main Author: | |
---|---|
Format: | Thesis |
Language: | English English |
Published: |
2007
|
Online Access: | http://psasir.upm.edu.my/id/eprint/5268/1/FK_2007_55a.pdf http://psasir.upm.edu.my/id/eprint/5268/ |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Universiti Putra Malaysia |
Language: | English English |
Summary: | In large open networks, handling trust and authenticity adequately is an
important prerequisite for security policy. Trust issues influence not only the
specification of security policies but also the techniques needed to manage and
implement security policies for systems. Certification is one of the main
components of trust models and is known as a common mechanism for
authentic public key distribution. In order to obtain a public key, verifiers need
to extract a certificate path from a network of certificates, which is called the
public key infrastructure (PKI). There are two classifications of PKI; namely
the centralized and decentralized PKIs. In this thesis, attention is paid the
decentralized PKIs, such as Maurer’s model. This model is comprised of two
parts; the deterministic and probabilistic models. An important limitation in this
model is that certification revocation is not considered. Revocation happens in cases, among others, such as the loss of private key. Another limitation of
Maurer’s model is that it lacks time consideration, which is important as trust
changes over time.
In this thesis, a novel trust model is developed, addressing the limitations of
other models. Negative values such as revocation of certification have been
incorporated, making a complete trust model that includes both positive and
negative evidences. Particularly, certification is considered as positive evidence
while certification revocation is considered negative. The time concept is then
added to the model in order to address the change of trusts status over time.
Hence, the complete trust model is able to incorporate certification revocation
and time concept into both deterministic and probabilistic parts of a model.
Incorporating two new concepts into Maurer’s model increases the generality
and expressive power of the model. Novel extension of the trust model enabling
it to capture all aspects of public key certification which includes trust,
recommendations, confidence values for trust metric and authenticity of public
keys, multiple certification paths, certification revocation and the time concept.
Experimental results show that after incorporating the new concept, a decrease
in confidence value in comparison to Maurer’s model was observed, resulting
to a more realistic model. |
---|