pgp;self-organized;ad-hoc;certificate recommendation;pki;public key;webs of trust;certificate
Jiang, Qinglin ; Wenye Wang, Committee Member,Douglas S. Reeves, Committee Chair,Peng Ning, Committee Co-Chair,Greg T. Byrd, Committee Member,Jiang, Qinglin ; Wenye Wang ; Committee Member ; Douglas S. Reeves ; Committee Chair ; Peng Ning ; Committee Co-Chair ; Greg T. Byrd ; Committee Member
The correct recognition of a user's public key is very important for many security functions, such as confidentiality, integrity and non-repudiation. If we mistakenly recogniz ean illegitimate public key as legitimate, then these security functions may be compromised.In distributed webs of trust systems, each user's public-key information is provided by other users. Because users can be unreliable (untrustworthy, malicious, compromised users or who make mistakes), the correctness of the public-key information they provided remains a question. For this reason, a method to verify the correctness of the user-provided public-key information is very much needed.Previous works have suggested the use of redundancy to compute the trustworthiness on user-provided public key information. However, the problem of how to improve the trustworthiness has never been considered. In this paper, we will focus on the problem of how to improve the trustworthiness of user-provided public-key information. Firstly, we observe that the trustworthiness computed on a public key may be inaccurate if users claim multiple false identities and/or (either legitimately or illegitimately) possess multiple public keys. We explain it and show that the result of trust computation can be made more accurate if we also consider identities. Secondly, we analyze conflicting certificates and show that it can be used to detect malicious users and improve the trustworthiness on public keys. Thirdly, we show that the current webs of trust system's robustness can be significantly improved by the two kinds of certificate recommendation methods we have proposed. The applications of both recommendation methods will result in richly-connected and very robust webs of trust systems. In the last, we present a very efficient and robust mechanism to apply the webs of trust system in wireless ad-hoc networks.Our mechanism enables users to exchange certificate path information so they can easily find certificate paths and authenticate each other. Our presented mechanism is very efficient and requires less communication overheads. Our mechanism is also very robust because it considers the case of network partitions and can construct and find multiple certificate paths between users. For all the works presented in this paper, we illustrate their concepts and show the results on practical web of trust PGP keyrings.
PDF
download
878987797
028-85220240
