Skip to main content
Springer Nature Link
Log in

An Innovative Policy-Based Cross Certification Methodology for Public Key Infrastructures

  • Conference paper
Public Key Infrastructure (EuroPKI 2005)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3545))

Included in the following conference series:

Abstract

Cross Certification among CAs is a very huge problem which is actually manually performed by security experts and organizational people, trying to understand if two CAs could cooperate. The evaluation process is based on the evaluation of the Certificate policies which are usually expressed in a not formalized (and native language) way. In this paper we propose a methodology to automatically evaluate and compare security policies for Cross Certification. The methodology consists in the formalization of a policy template and in the building of a reference evaluation model. The proposed approach can be applied on several models of Cross Certification.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Brewer, D., Nash, M.: The Chinese Wall Security Policy. In: Proceedings of the 1989 IEEE Symposium on Security and Privacy, pp. 206–214 (May 1989)

    Google Scholar 

  2. Canfora, G., Troiano, L.: An Extensive Comparison between OWA and OFNWA Aggregation, VIII Sigef Congress, Naples - Italy (2001)

    Google Scholar 

  3. Canfora, G., Troiano, L.: The Importance of Dealing with Uncertainty in the Evaluation of Software Engineering Methods and Tools. In: SEKE 2002, pp. 691–698. ACM Press, Ischia (2002)

    Chapter  Google Scholar 

  4. Canfora, G., Cerulo, L., Preziosi, R., Troiano, L.: A tool for Decision Support implementing OFNWA approach: A case study. In: SEKE 2003 (2003)

    Google Scholar 

  5. Casola, V., Mazzeo, A., Mazzocca, N., Vittorini, V.: Policy Formalization to combine separate systems into larger connected networks of trust. In: Proceedings of Net-Con 2002 Conference, Paris, France (2002)

    Google Scholar 

  6. Casola, V., Mazzeo, A., Mazzocca, N., Vittorini, V.: Policy based interoperability in distributed security infrastructures. In: Proceedings of 10th ISPE International conference on concurrent engineering: research and applications, Madeira, Spain (2003)

    Google Scholar 

  7. Casola, V., Preziosi, R., Rak, M., Troiano, L.: Security Level Evaluation: Policy and Fuzzy Technique. In: IEEE Proceedings of International Conference on Information Technology: Coding and Computing (ITCC 2004), Las Vegas, vol. 2, pp. 752–756 (2004) ISBN 0-7695-2108-8

    Google Scholar 

  8. Casola, V., Preziosi, R., Rak, M., Troiano, L.: A Reference Model for Security Level Evaluation: Policy and Fuzzy Techniques. In: JUCS - Journal of Universal Computer Science - edited by Ajith Abraham, Oklahoma State University, USA and L.C. Jain, University of South Australia (2005)

    Google Scholar 

  9. Curry, I.: Trusted Public-Key Infrastructures, Version 1.2, Entrust Technologies (2000), http://www.entrust.com

  10. EuroPKI, Certificate Policy VERSION 1.1 (DRAFT 4), OID: 1.3.6.1.4.1. 5255.1.1.1 (2000)

    Google Scholar 

  11. Baum, M.S., Ford, W.: Secure Electronic Commerce. Prentice Hall, Englewood Cliffs (1997)

    Google Scholar 

  12. Grill, S.: An Approach to Formally Compare and Query Certification Practice Statements, Published on Informatik GI Workshop, Berlin (2000)

    Google Scholar 

  13. Huitema, C., Mendes, S.: A new approach to the X.509 framework: allowing a global authentication infrastructure without a global trust model. In: Proceedings of the 1995 Symposium on Network and Distributed System Security, SNDSS 1995 (1995)

    Google Scholar 

  14. Klobucar, T., Jerman-Blazic, B.: A Formalization and evaluation of certificate policies. Computer Communication 22, 1104–1110 (1999)

    Article  Google Scholar 

  15. Kokolakis, S.A., Kiountouzis, E.A.: Achieving Interoperability in a multiple-security-policies environment. Computer & Security 19(3), 267–281 (2000)

    Article  Google Scholar 

  16. Jajodia, S., Samarati, P., Subrahmanian, V.S.: A Logical Language for Expressing Authorizations. In: Published in the proceedings of IEEE Symposium on Security and Privacy, Oakland, USA (1997)

    Google Scholar 

  17. Kagal, L., Finin, T., Joshi, A.: A Policy Language for a Pervasive Computing Environment. In: IEEE 4th International Workshop on Policies for Distributed Systems and Networks Policy (2003)

    Google Scholar 

  18. NIST 2001, Report of Federal Bridge Certification Authority Initiative and Demonstration

    Google Scholar 

  19. Polk, W., Hastings, N.: Bridge Certification Authorities: Connecting B2B Public Key Infrastructures (2000)

    Google Scholar 

  20. RFC2459 - Internet X.509 Public Key Infrastructure Certificate and CRL Profile (1999)

    Google Scholar 

  21. Chokhani, S., Ford, W.: RFC 3647: Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework (1999)

    Google Scholar 

  22. Turnbull, J.: Cross-Certification and PKI Policy Networking Version 1.1, Entrust Technologies (2000), http://www.entrust.com

  23. Digital Signature and Confidentiality, Certificate Policies for the Government of Canada Public Key Infrastructure, version 3.02 (1999)

    Google Scholar 

  24. Centro Tecnico per la Rete Unitaria, Sezione Sicurezza, Manuale operativo per il servizio di certificazione di chiavi pubbliche per la rete unitaria della pubblica amministrazione. Versione 1.1 (2001)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Seconda Universita’ di Napoli Dipartimento di Ingegneria dell’Informazione, Aversa (CE), Italy

    Valentina Casola & Massimiliano Rak

  2. Universita’ degli Studi di Napoli, Federico II Dipartimento di Informatica e Sistemistica Naples, Italy

    Antonino Mazzeo & Nicola Mazzocca

Authors
  1. Valentina Casola
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Antonino Mazzeo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nicola Mazzocca
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Massimiliano Rak
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computing Laboratory, University of Kent, UK

    David Chadwick

  2. The Computing Laboratory, University of Kent, CT2 7NF, Canterbury, UK

    Gansen Zhao

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Casola, V., Mazzeo, A., Mazzocca, N., Rak, M. (2005). An Innovative Policy-Based Cross Certification Methodology for Public Key Infrastructures. In: Chadwick, D., Zhao, G. (eds) Public Key Infrastructure. EuroPKI 2005. Lecture Notes in Computer Science, vol 3545. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11533733_7

Download citation

  • DOI: https://doi.org/10.1007/11533733_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-28062-0

  • Online ISBN: 978-3-540-31585-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics