Abstract
In this article we look at some of the problems associated with trying to provide a specification for a Public Key Infrastructure (PKI). We focus on the PKI profile that has been proposed for use with the Internet, known as PKIX (PKI using X.509 certificates), to provide a specific example. Our intention is to add value to this and other specifications by providing a more formal description and a framework in which to develop path validation procedures. We take the path validation algorithm in PKIX and give a formal description of the actions and properties it defines. In this way, the essential aspects can be captured and clearly formulated, which would facilitate the testing of implementations in a more rigorous and well defined way.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Burrows, M., Abadi, M., Needham, R.M.: A logic of authentication. In: Proceedings of the Royal Society of London, vol. 426, pp. 233–271 (1989)
Cryptlib. [Online], Technical Contact: Peter Gutmann, < http://www.datasec.co.nz >
DR 222. Defect Report Number DR 222: Certificate Policy Mapping (June 1999), Available from ftp://ftp.bull.com/pub/OSIdirectory/DefectResolution/DefectReports/X.509/
Ford, W., Baum, M.: Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption. Prentice-Hall, Englewood Cliffs (1997)
Gordon, M.J.C., Melham, T.F.: Introduction to HOL: A Theorem Proving Environment for Higher Order Logic. Cambridge University Press, Cambridge (1993)
Housley, R., Ford, W., Polk, W., Solo, D.: RCF 2459, Internet X.509 Public Key Infrastructure - Part I: Certificate and CRL Profile. Internet Request for Comments 2459 (January 1999)
Liu, C., Ozols, M.A., Henderson, M., Cant, T.: A state-based model for certificate management systems. In: Imai, H., Zheng, Y. (eds.) PKC 2000. LNCS, vol. 1751, pp. 75–92. Springer, Heidelberg (2000)
Liu, C., Ozols, M.A., Henderson, M., Cant, T.: Towards certificate verification in a certificate management system. In: Edwards, J. (ed.) Proceedings of the 23rd Australasian Computer Science Conference, ACSC 2000, Canberra, Australia, pp. 150–157. IEEE Computer Society Press, Los Alamitos (2000)
Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocols using CSP and FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)
Maurer, U.: Modeling a public-key infrastructure. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 1996. LNCS, vol. 1146. Springer, Heidelberg (1996)
Mulvenna, J., Keys, L., Walters, D., Ganta, S., Gupta, S.: Characteristics and attributes that affect S/MIME product interoperability, Draft available from http://csrc.nist.gov/pki/smime/welcome.htm
NIST. Digital Signature Standard (DSS). Federal Information Processing Standards Publication 186 (November 1994)
Paulson, L.C.: ML for Working Programmer, 2nd edn. Cambridge University Press, Cambridge (1996)
Paulson, L.C.: The inductive approach to verifying cryptographic protocols. Journal of Computer Security 6(1-2), 85–128 (1998)
Paulson, L.C.: The Isabelle Reference Manual. University of Cambridge, Computer Laboratory, available from http://www.in.tum.de/isabelle/dist
Reiter, M.K., Stubblebine, S.G.: Path independence for authentication inlarge- scale systems. In: Proceedings of the 4th ACM Conference on Computer and Communication Security, pp. 57–66 (April 1997)
Reiter, M.K., Stubblebine, S.G.: Toward acceptable metrics of authentication. In: Proceedings of the IEEE Symposium on Security and Privacy (May 1997)
Roscoe, A.W.: Modelling and verifying key-exchange protocols using csp and fdr. In: 8th Computer Security Foundation Workshop, pp. 98–107. IEEE Computer Society Press, Los Alamitos (1995)
Schneier, B.: Applied Cryptography, 2nd edn. John Wiley & Sons, Inc., Chichester (1996)
X.509. Information Technology - Open systems Interconnection - The Directory: Authentication Framework. ITU-T Recommendation X.509 (June 1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ozols, M.A., Henderson, M., Liu, C., Cant, T. (2000). The PKI Specification Dilemma: A Formal Solution. In: Dawson, E.P., Clark, A., Boyd, C. (eds) Information Security and Privacy. ACISP 2000. Lecture Notes in Computer Science, vol 1841. Springer, Berlin, Heidelberg. https://doi.org/10.1007/10718964_17
Download citation
DOI: https://doi.org/10.1007/10718964_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-67742-0
Online ISBN: 978-3-540-45030-6
eBook Packages: Springer Book Archive