Abstract
Determining the authenticity of public keys in large-scale open networks can not be based on certificates alone, but must also include the binding between the key used for certification and it’s owner, as well as the trust relationships between individual agents. This paper describes a method for computing authenticity measures based on certificates, on key binding, and on trust relationships. Two essential elements of the method are the opinion model which is a radically new way of representing trust, and subjective logic which consists of a set of logical operators for combining opinions. We show that our method for computing authenticity measures can be applied to both anarchic and hierarchic authentication networks.
Chapter PDF
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
T. Beth, M. Borcherding, and B. Klein. Valuation of trust in open networks. In ESORICS 94. Brighton, UK, November 1994.
Matt Blaze, Joan Feigenbaum, and Jack Lacy. Decentralized trust management. In Proceedings of the 1996 IEEE Conference on Security and Privacy, Oakland, CA, 1996.
George Casella and Roger L. Berger. Statistical Inference. Duxbury Press, 1990.
Daniel Ellsberg. Risk, ambiguity, and the Savage axioms. Quarterly Journal of Ecomonics, 75:643–669, 1961.
ITU. Recommendation X.509, The Directory Authentication Framework. International Telecommunications Union, 1989.
A. JØsang. The right type of trust for distributed systems. In C. Meadows, editor, Proc. of the 1996 New Security Paradigms Workshop. ACM, 1996.
A. JØsang. Artificial reasoning with subjective logic. In Abhaya Nayak, editor, Proceedings of the Second Australian Workshop on Commonsense Reasoning, 1997.
A. JØsang. A model for trust in security systems. In Arto Karila and Timo Aalto, editors, Proceedings of the Second Second Nordic Workshop on Secure Computer Systems. Helsinki University of Technology, November 1997.
A. JØsang. Prospectives for modelling trust in information security. In Vijay Varadharajan, editor, Proceedings of the 1997 Australasian Conference on Information Security and Privacy. Springer-Verlag, 1997.
Audun JØsang. Modelling Trust in Information Security. PhD thesis, Norwegian University of Science and Technology, 1997.
Ueli Maurer. Modelling a public-key infrastructure. In Computer Security—ESORICS’96. Springer-Verlag, 1996.
Michael K. Reiter and Stuart G. Stubblebine. Toward acceptable metrics of authentication. In Proceedings of the 1997 IEEE Conference on Security and Privacy, Oakland, CA, 1997.
P.R. Zimmermann. The Official PGP User’s Guide. MIT Press, 1995.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1998 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
JØsang, A. (1998). A subjective metric of authentication. In: Quisquater, JJ., Deswarte, Y., Meadows, C., Gollmann, D. (eds) Computer Security — ESORICS 98. ESORICS 1998. Lecture Notes in Computer Science, vol 1485. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0055873
Download citation
DOI: https://doi.org/10.1007/BFb0055873
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-65004-1
Online ISBN: 978-3-540-49784-4
eBook Packages: Springer Book Archive