Skip to main content
SpringerLink
Log in
SpringerLink
Log in

Preserving Privacy in Distributed Delegation with Fast Certificates

  • Conference paper
  • First Online:
Public Key Cryptography (PKC 1999)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1560))

Included in the following conference series:

  • 723 Accesses

Abstract

In a distributed system, dynamically dividing execution between nodes is essential for service robustness. However, when all of the nodes cannot be equally trusted, and when some users are more honest than others, controlling where code may be executed and by whom resources may be consumed is a nontrivial problem. In this paper we describe a generic authorisation certificate architecture that allows dynamic control of resource consumption and code execution in an untrusted distributed network. That is, the architecture allows the users to specify which network nodes are trusted to execute code on their behalf and the servers to verify the users’ authority to consume resources, while still allowing the execution to span dynamically from node to node, creating delegations on the fly as needed. The architecture scales well, fully supports mobile code and execution migration, and allows users to remain anonymous.

We are implementing a prototype of the architecture using SPKI certificates and ECDSA signatures in Java 1.2. In the prototype, agents are represented as Java JAR packages.

This work was partially funded by the TeSSA research project at Helsinki University of Technology under a grant from TEKES.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Amoroso, E., Fundamentals of Computer Security Technology, Prentice Hall, Englewood Cliffs, New Jersey, 1994.

    MATH  Google Scholar 

  2. Arnold, K. and Gosling, J., The Java Programming Language, Addison-Wesley, 1996.

    Google Scholar 

  3. Aura, T.,“Comparison of Graph-Search Algorithms for Authorisation Verification in Delegation”, Proceedings of the 2nd Nordic Workshop on Secure Computer Systems, Helsinki, 1997.

    Google Scholar 

  4. Beth, T., Borcherding, M., Klein, B., Valuation of Trust in Open Networks, University of Karlsruhe, 1994.

    Google Scholar 

  5. Blaze, M., Feigmenbaum, J., and Lacy, J., “Decentralized trust management”, Proceedings of the 1996 IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, CA, May 1996.

    Google Scholar 

  6. Chadwick, D., Young, A., “Merging and Extending the PGP and PEM Trust Models-The ICE-TEL Trust Model”, IEEE Network Magazine, May/June, 1997.

    Google Scholar 

  7. Ellison, C. M., Frantz, B., Lampson, B., Rivest, R., Thomas, B.M. and Ylönen, T., Simple Public Key Certificate, Internet-Draft draft-ietf-spki-cert-structure-05.txt, work in progress, Internet Engineering Task Force, March 1998.

    Google Scholar 

  8. Ellison, C. M., Frantz, B., Lampson, B., Rivest, R., Thomas, B.M. and Ylönen, T., SPKI Certificate Theory, Internet-Draft draft-ietf-spki-cert-theory-02.txt, work in progress, Internet Engineering Task Force, March1998.

    Google Scholar 

  9. Ellison, C. M., Frantz, B., Lampson, B., Rivest, R., Thomas, B.M. and Ylönen, T., SPKI Examples, Internet-Draft draft-ietf-spki-cert-examples-01.txt, work in progress, Internet Engineering Task Force, March 1998.

    Google Scholar 

  10. Ellison, C., “Establishing Identity Without Certification Authorities”, In Proceedings of the USENIX Security Symposium, 1996.

    Google Scholar 

  11. Gong, Li, Java TM Security Architecture (JDK 1.2), DRAFT DOCUMENT (Revision 0.8), http://java.sun.com/products/jdk/1.2/docs/guide/security/spec/security-spec.doc.htmlSun Microsystems, March 1998.

  12. Gong, Li and Schemers, R.,“Implementing Protection Domains in the Java Development Kit 1.2”, Proceedings of the 1998 Network and Distributed System Security Symposium, San Diego, CA, March 11–13 1998, Internet Society, Reston, VA, March 1998.

    Google Scholar 

  13. International Telegraph and Telephone Consultative Committee(CCITT): Recommendation X.509, The Directory-Authentication Framework, CCITT Blue Book, Vol. VIII.8, pp. 48–81, 1988.

    Google Scholar 

  14. Kohl, J. and Neuman, C., The Kerberos Network Authentication Service (V5), RFC1510, Internet Engineering Task Force, 1993.

    Google Scholar 

  15. Kortesniemi, Y., “Implementing Elliptic Curve Cryptosystems in Java 1.2”, in Proceedings of NordSec’98, 6–7 November 1998, Trondheim, Norway, November 1998.

    Google Scholar 

  16. Landau, C., Security in a Secure Capability-Based System, Operating Systems Review, pp. 2–4, October 1989.

    Google Scholar 

  17. Lehti, I. and Nikander, P., “Certifying trust”, Proceedings of the Practice and Theory in Public Key Cryptography (PKC)’ 98, Yokohama, Japan, Springer-Verlag, February 1998.

    Google Scholar 

  18. Maughan, D., Schertler, M., Schneider, M. and Turner, J., Internet Security Association and Key Management Protocol (ISAKMP), Internet-Draft draft-ietfipsec-isakmp-10.txt, work in progress, Internet Engineering Task Force, July 1998.

    Google Scholar 

  19. McMahon, P.V.,“SESAME V2 Public Key and Authorisation Extensions to Kerberos”, in Proceedings of 1995 Network and Distributed Systems Security, February 16–17, 1995, San Diego, California, Internet Society 1995.

    Google Scholar 

  20. Nikander, P. and Karila, A.,“A Java Beans Component Architecture for Cryptographic Protocols”, Proceedings of the 7th USENIX Security Symposium, San Antonio, Texas, Usenix Association, 26–29 January 1998.

    Google Scholar 

  21. Nikander, P. and Partanen, J., “Distributed Policy Management for JDK 1.2”, In Proceedings of the 1999 Network and Distributed Systems Security Symposium, 3–5 February 1999, San Diego, California, Internet Society, February 1999.

    Google Scholar 

  22. Nikander, P. and Viljanen, L., “Storing and Retrieving Internet Certificates”, in Proceedings of NordSec’98, 6–7 November 1998, Trondheim, Norway, November 1998.

    Google Scholar 

  23. OMG, CORBAservices: Common Object Services Specification, Revised Edition, Object Management Group, Farmingham, MA, March1997.

    Google Scholar 

  24. Partanen, J. and Nikander, P., “Adding SPKI certificates to JDK 1.2”, in Proceedings of NordSec’98, 6–7 November 1998, Trondheim, Norway, November 1998.

    Google Scholar 

  25. Partanen, J., Using SPKI certificates for Access Control in Java 1.2, Master’s Thesis, Helsinki University of Technology, August 1998.

    Google Scholar 

  26. Rivest, R. L. and Lampson, B., “SDSI — a simple distributed security infrastructurerd, Proceedings of the 1996 Usenix Security Symposium, 1996.

    Google Scholar 

  27. Wilhelm, G. U., Staamann, S., Buttyán, L., “On the Problem of Trust in Mobile Agent Systems”, In Proceedings of the 1998 Network And Distributed System Security Symposium, March 11–13, 1998, San Diego, California, Internet Society, 1998.

    Google Scholar 

  28. Yahalom, R., Klein, B., Beth, T., “Trust Relationships in Secure Systems-A Distributed Authentication Perspective”, In Proceedings of the IEEE Conference on Research in Security and Privacy, 1993.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Ericsson Research, FIN-02420, Jorvas, Kirkkonummi, Finland

    Pekka Nikander

  2. Department of Computer Science, Helsinki University of Technology, FIN-02015 TKK, Espoo, Finland

    Yki Kortesniemi & Jonna Partanen

Authors
  1. Pekka Nikander
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yki Kortesniemi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jonna Partanen
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 1999 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Nikander, P., Kortesniemi, Y., Partanen, J. (1999). Preserving Privacy in Distributed Delegation with Fast Certificates. In: Public Key Cryptography. PKC 1999. Lecture Notes in Computer Science, vol 1560. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-49162-7_11

Download citation

  • DOI: https://doi.org/10.1007/3-540-49162-7_11

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-65644-9

  • Online ISBN: 978-3-540-49162-0

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation