skip to main content
10.1145/1750389.1750404acmotherconferencesArticle/Chapter ViewAbstractPublication PagesidtrustConference Proceedingsconference-collections
research-article

A proposal for collaborative internet-scale trust infrastructures deployment: the public key system (PKS)

Published: 13 April 2010 Publication History

Abstract

Public Key technology is about multiple parties across different domains making assertions that can be chained together to make trust judgments. Today, the need for more interoperable and usable trust infrastructures is urgent in order to fulfill the security needs of computer and mobile devices. Developing, deploying, and maintaining information technology that provides effective and usable solutions has yet to be achieved. In this paper, we propose a new framework for a distributed support system for trust infrastructure deployment: the Public Key System (PKS). We describe the general architecture based on Distributed Hash Tables (DHTs), how it simplifies the deployment and usability of federated identities, and how existing infrastructures can be integrated into our system. This paper lays down the basis for the deployment of collaborative Internet-scale trust infrastructures.

References

[1]
[2]
K. Aberer, P. Cudr-Mauroux, A. Datta, Z. Despotovic, M. Hauswirth, M. Punceva, and R. Schmidt. P-Grid: A Self-organizing Structured P2P System. SIGMOD Record, 32(3), September 2003. http://lsirpeople.epfl.ch/rschmidt/papers/Aberer03P-GridSelfOrganizing.pdf.
[3]
A. K. Bhushan. File transfer protocol, 1971.
[4]
D. Boneh and M. Franklin. Identity Based Encryption from the Weil Pairing. SIAM Journal of Computing, 32(3):586--615, 2003.
[5]
W. E. Burr, D. F. Dodson, and W. T. Polk. Electronic authentication guideline. OnLine.
[6]
J. Callas, L. Donnerhacke, H. Finney, and D. Shaw. OpenPGP Message Format. Internet Engineering Task Force: RFC-4880, November 2007.
[7]
D. Clark, J. Elien, C. Ellison, M. Fredette, A. Morcos, and R. Rivest. Certificate Chain Discovery in SPKI/SDSI. Journal of Computer Security, 9(4):285--322, 2001.
[8]
D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, W. Polk. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280, May 2008.
[9]
R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, and T. Berners-Lee. Hypertext transfer protocol -- http/1.1, 1999.
[10]
E. Fredkin. Trie memory. Commun. ACM, 3(9):490--499, 1960.
[11]
R. Housley, W. Polk, W. Ford, and D. Solo. Certificate and Certificate Revocation List (CRL) Profile. Internet Engineering Task Force: RFC 3280, 2002.
[12]
ICAM. Identity, credential, and access management. OnLine.
[13]
IGTF. The International Grid Trust Federation. OnLine.
[14]
InCommon. InCommon Federation Homepage. OnLine.
[15]
S. Kent. Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management. Internet Engineering Task Force: RFC-1422, February 1993.
[16]
R. Khare and S. Lawrence. Upgrading to tls within http/1.1, 2000.
[17]
Massimiliano Pala and Sean W. Smith. PEACHES and Peers. In 5<sup>th</sup> European PKI Workshop: Theory and Practice, volume 5057, pages 223--238. Lecture Notes in Computer Science, Springer Verlag, June EuroPKI 2008.
[18]
P. Maymounkov and D. Mazières. Kademlia: A peer-to-peer information system based on the xor metric. In IPTPS '01: Revised Papers from the First International Workshop on Peer-to-Peer Systems, pages 53--65, London, UK, 2002. Springer-Verlag.
[19]
D. Meyer and K. Patel. Bgp-4 protocol analysis. Internet Engineering Task Force: RFC 4274, 2006.
[20]
OpenID. Open identity homepage. OnLine.
[21]
M. Pala. The PKI Resource Query Protocol (PRQP). Internet Engineering Task Force: Internet-Draft, November 2009.
[22]
M. Pala and S. W. Smith. PEACHES and Peers. Proceedings of the 5th European PKI Workshop: Theory and Practice, 5057:223--238, June 2008.
[23]
S. Ratnasamy, P. Francis, M. Handley, R. Karp, and S. Schenker. A scalable content-addressable network. In SIGCOMM '01: Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications, volume 31, pages 161--172. ACM Press, October 2001.
[24]
I. Stoica, R. Morris, D. Karger, F. F. Kaashoek, and H. Balakrishnan. Chord: A scalable peer-to-peer lookup service for internet applications. SIGCOMM Comput. Commun. Rev., 31(4):149--160, October 2001.
[25]
TAGPMA. The Americas Grid Policy Management Authority. OnLine.
[26]
M. Wahl, T. Howes, and S. Kille. Lightweight directory access protocol (v3), 1997.
[27]
B. Y. Zhao, J. D. Kubiatowicz, and A. D. Joseph. Tapestry: An infrastructure for fault-tolerant wide-area location and routing. Technical Report UCB/CSD-01-1141, UC Berkeley, # apr # 2001.

Cited By

View all
  • (2010)A search engine for the global PKIJournal of Internet Services and Applications10.1007/s13174-010-0009-41:2(83-93)Online publication date: 27-Jul-2010

Index Terms

  1. A proposal for collaborative internet-scale trust infrastructures deployment: the public key system (PKS)

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Other conferences
    IDTRUST '10: Proceedings of the 9th Symposium on Identity and Trust on the Internet
    April 2010
    127 pages
    ISBN:9781605588957
    DOI:10.1145/1750389
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    • Internet2
    • The National Institute of Standards and Technology
    • OASIS IDtrust Member Section
    • FPKIPA: Federal Public Key Infrastructure Policy Authority

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 13 April 2010

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. PKI
    2. distributed systems
    3. federated identities
    4. peer-to-peer

    Qualifiers

    • Research-article

    Conference

    IDtrust '10
    Sponsor:
    • FPKIPA
    IDtrust '10: 9th Symposium on Identity and Trust on the Internet
    April 13 - 15, 2010
    Maryland, Gaithersburg, USA

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)6
    • Downloads (Last 6 weeks)2
    Reflects downloads up to 17 Jan 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2010)A search engine for the global PKIJournal of Internet Services and Applications10.1007/s13174-010-0009-41:2(83-93)Online publication date: 27-Jul-2010

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media