Abstract
Public-key cryptography is a prerequisite for security in distributed systems and for reliable electronic commerce. The protection of public keys against attacks is the Achilles’ heel of public-key cryptography. It is the goal of public-key infrastructures to provide the authenticity of the public keys for its participants. Formal models (called trust models) contribute decisively to a deeper understanding of the desirable design principles for these infrastructures. The present paper gives a trust model on the basis of a coloured Petri net. The graphic representation of nets of this type makes them easily understandable even for unexperienced users. In an application in electronic commerce the process formalized by this Petri net will be embedded in a cryptographic protocol which again will be an important part of a larger business process. So, the model of this paper is a useful module in business processes that are common in electronic commerce.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Beth, T., Borcherding, M., Klein, B.: Valuation of trust in open systems. In: D. Gollmann (ed.): Proceedings 1994 Symposium on Research in Computer Security (ESORICS’94), Lecture Notes in Computer Science, Vol. 875. Springer, Berlin (1994) 3–18 2. Design/CPN online. http://www.daimi.au.dk/designCPN/
Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions on Information Theory 22 (1976) 644–654
Henderson, M., Coulter, R., Dawson, E., Okamoto, E.: Modelling trust structures for public key infrastructures. In: L. Batten and J. Seberry (eds.): Proceedings of the 7th Australian Conference on Information Security Security and Privacy 2002 (ACISP’2002), Lecture Notes in Computer Science, Vol. 2384. Springer, Berlin (2002) 56–70
Jensen, K.: High-level Petri nets. In: A. Pagnoni, G. Rozenberg (eds.): Applications and Theory of Petri Nets, Informatik-Fachberichte, Berlin, Vol. 66. Springer, Berlin (1983) 166–180
Jensen, K.: Coloured Petri Nets: Basic Concepts, Analysis Methods and Practical Use, Volume I, Basic Concepts. Springer, Berlin (1997)
Jensen, K.: Coloured Petri Nets: Basic Concepts, Analysis Methods and Practical Use, Volume II, Analysis Methods. Springer, Berlin (1997)
Jensen, K.: Coloured Petri Nets: Basic Concepts, Analysis Methods and Practical Use, Volume III, Practical Use. Springer, Berlin (1997)
Jøsang, A.: An algebra for assessing trust in certification chains. In: J. Kochmar (ed.): Proceedings of the Network and Distributed Systems Security Symposium (NDSS’99), Internet Society (1999)
Kohlas, R., Maurer, U.: Confidence valuation in a public-key infrastructure based on uncertain evidence. In: Proceedings of the International Workshop on Practice and Theory in Public-Key Cryptography 2000 (PKC’2000), Lecture Notes in Computer Science, Vol. 1751. Springer, Berlin (2000) 93–112
Kohlas, R., Maurer, U.: Reasoning about public-key certification: On bindings between entities and public keys. IEEE Journal on Selected Areas in Communication 18 (2000) 591–600
Kristensen, L.M., Christensen, S., Jensen, K.: The practitioner’s guide to coloured Petri nets. International Journal on Software Tools for Technology Transfer 2 (1998) 98–132
Maurer, U.: Modelling a public-key infrastructure. In: E. Bertino, H. Kurth, G. Martella, and E. Montolivo (eds.): Proceedings 1996 European Symposium on Research in Computer Security (ESORICS’96), Lecture Notes in Computer Science, Vol. 1146. Springer, Berlin (1996) 325–350
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton, Florida (1997)
R. Perlman: An overview of PKI trust models. IEEE Network 13 (1999) 38–43
M.K. Reiter and S.G. Stubblebine: Toward acceptable metrics of authentication. In: Proceedings of the 1997 IEEE Computer Society Symposium on Research in Security and Privacy (1997) 10–20
M.K. Reiter and S.G. Stubblebine: Authentication metric analysis and design. ACM Trans. Information and Systems Security 2 (1999) 138–158
Rivest, R.L., Shamir, A., Adleman, L: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21 (1978) 120–126
Stallings, W.: Network Security Essentials-Applications and Standards. Prentice Hall, Upper Saddle River, New Jersey (2000)
Stinson, D.R.: Cryptography: Theory and Practice. CRC Press, Boca Raton, Florida (1995)
Wölfl, T.: Automatische Schlüssel-Authentifizierung in einem formalen PKI-Modell. Work done in a student’s project, Institut für Wirtschaftsinformatik, Universität Regensburg, 2002
Yahalom, R., Klein, B., Beth, T.: Trust relationships in secure systems-a distributed authentication perspective. In: Proceedings of the 1993 IEEE Conference on Research in Security and Privacy (1993) 150–164.
Zimmermann, P.: PGP User’s Guide, Vol. I: Essential Topics. 1994
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lory, P. (2003). A Process-Oriented Model for Authentication on the Basis of a Coloured Petri Net. In: van der Aalst, W.M.P., Weske, M. (eds) Business Process Management. BPM 2003. Lecture Notes in Computer Science, vol 2678. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44895-0_16
Download citation
DOI: https://doi.org/10.1007/3-540-44895-0_16
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40318-0
Online ISBN: 978-3-540-44895-2
eBook Packages: Springer Book Archive