Abstract
This paper presents a part of our work on open systems' security in conformance with the X509 framework. The Chimaera model tries to cover all X509's lacks specially for what concerns Certification Authorities CA. Although our primary concern was the elaboration of a security scheme, we quickly met the need of a convenient distribution of CAs and the manipulation of both certificates and certification paths. The main trends of the scheme are: the elaboration of the CA concepts, the elaboration of a communication protocol between these authorities by and the introduction of the evaluation notion of both certificates and Certification Paths CP. In the first part, A brief introduction to major security trends and mechanisms is given, then some implimentations and standards are cited. At this level, deficiencies of actual models and the need of more convenient scheme are shown. In the next part, main trends of the Chimaera model and its OSI environment are presented. We describe then a protocol for the exchange and evaluation of both certificates and CP, Certification Paths, hence ensuring a secure propagation of trust and knowledge over the network. Finally, the Added value of the given scheme is discussed in relation to certificate's establishment and revocation.
Chapter PDF
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
”Trusted Computer System Evaluation Criteria”, DoD 5200.28-STD Department of Defense, USA, 1985
ISO 7498–2. Information Processing Systems — Open Systems Interconnection — Basic Reference Model — Part 2: Security Architecture.
ECMA Standard. Security in Open Systems. Data Elements and Service Definitions. Document Version: FINAL of July 1989 (Output of the 12th (Oslo) meeting).
R. L. RIVEST, A. SHAMIR, L. ADLEMAN. ” A Method for Obtaining Digital Signature and Public Key Crypto-systems” Communications of the ACM February 1978 Vol 21, No2
Department of Defense Standard. Trusted Computer System Evaluation Criteria. ”Orange Book”. DOD 5200.28-STD of December 1985.
ISO-10021, Information Processing System — Text Communication — MOTIS (see also: CCITT-X.400-1988 Recommendations).
ISO-9594, Information Processing System — Open System Interconnection — The Directory (see also: CCITT-X.500 Recommendations).
C. Huitema, H. Afifi. “Solving Names Within X.500”. INRIA Sophia-Antipolis, Technical report 1991.
ISO-9594, Information Processing System — Open System Interconnection — The Directory Part 8: Authentication Framework (see also: CCITT-X.509 Recommendations).
CCITT-X.800 Recommendations. Open System Interconnection, Security structure and application security architecture for open systems interconnection.
Jennifer G. Steiner, Clifford Neuman, Jeffrey I. Schiller. ” Kerberos: An Authentication Service for Open Network Systems”
C. I'Anson, C. Mitchell. ”Security Defects in CCITT Recommendation X.509 — The Directory Authentication Framework”, ACM Computer Communication Review, VOL. 20, No. 2, April 1990, pp.30–34
A. Shamir, ”Identity-based Cryptosystem and Signature Scheme”. Advances in Cryptology: Proceedings of Crypto'84, Springer, Berlin 1985, pp. 47–53.
A. Tarah, C. Huitema, ”CHIMÆRA: A Network Security Model”. ESORICS 90, October 24–26, 1990, Toulouse, France.
A. Tarah, C. Huitema, ”Certification and Routing Protocols”, article submitted to the IPPS 92.
Kent (BBN). Network Working Group, ”Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management”.Internet Draft.
D. Estrin., ”Policy Requirements for Internet Administrative Domain Routing”. Request For Comments 1125. November 1989.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1992 Springer-Verlag
About this paper
Cite this paper
Tarah, A., Huitema, C. (1992). Associating metrics to certification paths. In: Deswarte, Y., Eizenberg, G., Quisquater, JJ. (eds) Computer Security — ESORICS 92. ESORICS 1992. Lecture Notes in Computer Science, vol 648. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0013898
Download citation
DOI: https://doi.org/10.1007/BFb0013898
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-56246-7
Online ISBN: 978-3-540-47488-3
eBook Packages: Springer Book Archive