Abstract
Public-key authentication based on public-key certificates is a special case of the general problem of verifying a hypothesis (that a public key is authentic), given certain pieces of evidence. Beginning with PGP, several authors have pointed out that trust is often an uncertain piece of evidence and have proposed ad hoc methods, sometimes referred to as trust management, for dealing with this kind of uncertainty. These approaches can lead to counter-intuitive conclusions as is demonstrated with examples in the PGP trust management. For instance, an introducer marginally trusted by a user can make him accept an arbitrary key for any other user.
In this paper we take a general approach to public-key authentication based on uncertain evidence, where not only trust, but also other pieces of evidence (e.g. entity authentication) can be uncertain. First, we formalize the assignment and the valuation of confidence values in the general context of reasoning based on uncertain evidence. Second, we propose a set of principles for sound confidence valuation. Third, we analyze PGP and some other previous methods for dealing with uncertainty in the light of our principles.
Chapter PDF
Similar content being viewed by others
Keywords
References
Nerode, A., Shore, R.A.: Logic for applications. Springer, Heidelberg (1993)
Bernoulli, J.: Ars conjectandi, 1713. Reprinted in 1968 by Culture et Civilisation, 115 Avenue Gabriel Lebon, Brussels
Beth, T., Borcherding, M., Klein, B.: Valuation of trust in open systems. In: Gollmann, D. (ed.) ESORICS 1994. LNCS, vol. 875, pp. 3–18. Springer, Heidelberg (1994)
de Kleer, J.: An assumption-based TMS. Artificial Intelligence 28, 127–162 (1986)
Haenni, R., Kohlas, J., Lehmann, N.: Probabilistic argumentation systems (1999)
Henrion, M., Suermondt, H.J., Herckermann, D.E.: Probabilistic and Bayesian representations of uncertainty in information systems: A pragmatic introduction. In: Motro, A., Smets, P. (eds.) Uncertainty management in information systems, Ch. 9. Kluwer Academic Press, Dordrecht (1997)
Kohlas, J., Monney, P.-A.: A mathematical theory of hints. In: Bergman, C.H., Pigozzi, D.L., Maddux, R.D. (eds.) Algebraic Logic and Universal Algebra in Computer Science. LNCS, vol. 425, Springer, Heidelberg (1990)
Kohlas, R., Maurer, U.M.: Reasoning about public-key certification - on bindings between entities and public keys. In: Franklin, M. (ed.) Financial Cryptography 1999. LNCS (1999)
Kruse, R., Schwecke, E., Heinsohn, J.: Uncertainty and Vagueness in Knowlege Based Systems. Springer, Heidelberg (1991)
Mamdani, E.H.: On the classification of uncertainty techniques in relation to the application needs. In: Motro, A., Smets, P. (eds.) Uncertainty management in information systems, ch. 14. Kluwer Academic Press, Dordrecht (1997)
Maurer, U.M.: Modelling a public-key infrastructure. In: Bertino, E., Kurth, H., Martella, G., Montolivo, E. (eds.) Proceedings 1996 European Symposium on Research in Computer Security (ESORICS 1996). LNCS, pp. 325–350. Springer, Heidelberg (1996)
Nilsson, N.J.: Probabilistic logic. Artificial Intelligence 28(1), 71–86 (1986)
Pearl, J.: Probabilistic Reasoning in Intelligent Systems. Morgan Kaufmann Publishers, Inc., San Francisco (1988)
Reiter, M.K., Stubblebine, S.G.: Authentication metric analysis and design. ACM Transactions on Information and System Security 2(2) (May 1997)
Reiter, M.K., Stubblebine, S.G.: Path independence for authentication in large-scale systems. In: Proceedings of the 4th ACM Conference on Computer and Communications Security, pp. 57–66 (1997)
Reiter, M.K., Stubblebine, S.G.: Toward acceptable metrics of authentication. In: Proceedings of the 1997 IEEE Symposium on Security and Privacy, pp. 10–20 (1997)
Josang, A.: An algebra for assessing trust in certification chains. In: Network and Distributed Systems Security, NDSS 1999 (1999)
Shafer, G.: Non-additive probabilities in the work of Bernoulli and Lambert
Shafer, G.: A mathematical Theory of Evidence. Princeton University Press, Princeton (1996)
Stallings, W.: Protect your privacy. Prentice-Hall, Englewood Cliffs (1996)
Tarah, A., Huitema, C.: Associating metrics to certification paths. In: Computer Security ESORICS 1992. LNCS, pp. 175–189. Springer, Berlin (1992)
Zimmermann, P.R.: The Official PGP User’s Guide. MIT Press, Cambridge (1995)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kohlas, R., Maurer, U. (2000). Confidence Valuation in a Public-Key Infrastructure Based on Uncertain Evidence. In: Imai, H., Zheng, Y. (eds) Public Key Cryptography. PKC 2000. Lecture Notes in Computer Science, vol 1751. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-46588-1_8
Download citation
DOI: https://doi.org/10.1007/978-3-540-46588-1_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66967-8
Online ISBN: 978-3-540-46588-1
eBook Packages: Springer Book Archive