ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Digital Library logoTake a look at the new version of this page: [ beta version ]. Tell us what you think.
Authentication metric analysis and design
Full text PdfPdf (154 KB)
Source ACM Transactions on Information and System Security (TISSEC) archive
Volume 2 ,  Issue 2  (May 1999) table of contents
Pages: 138 - 158  
Year of Publication: 1999
ISSN:1094-9224
Authors
Michael K. Reiter  Lucent Technologies, Murray Hill, NJ
Stuart G. Stubblebine  Cert Co., New York, NY
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 9,   Downloads (12 Months): 71,   Citation Count: 19
Additional Information:

abstract   references   cited by   index terms   review   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/317087.317088
What is a DOI?

ABSTRACT

Authentication using a path of trusted intermediaries, each able to authenicate the next in the path, is a well-known technique for authenicating entities in a large-scale system. Recent work has extended this technique to include multiple paths in an effort to bolster authentication, but the success of this approach may be unclear in the face of intersecting paths, ambiguities in the meaning of certificates, and interdependencies in the use of different keys. Thus, several authors have proposed metrics to evaluate the confidence afforded by a set of paths. In this paper we develop a set of guiding principles for the design of such metrics. We motivate our principles by showing how previous approaches failed with respect to these principles and what the consequences to authentication might be. We then propose a new metric that appears to meet our principles, and so to be a satisfactory metric of authenticaiton.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Martín Abadi , Roger Needham, Prudent Engineering Practice for Cryptographic Protocols, IEEE Transactions on Software Engineering, v.22 n.1, p.6-15, January 1996  [doi>10.1109/32.481513]
 
2
R. K. Ahuja , J. B. Orlin , R. E. Tarjan, Improved time bounds for the maximum flow problem, SIAM Journal on Computing, v.18 n.5, p.939-954, Oct. 1989  [doi>10.1137/0218065]
 
3
Ross J. Anderson , Roger M. Needham, Robustness Principles for Public Key Protocols, Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology, p.236-247, August 27-31, 1995
 
4
Thomas Beth , Malte Borcherding , Birgit Klein, Valuation of Trust in Open Networks, Proceedings of the Third European Symposium on Research in Computer Security, p.3-18, November 07-09, 1994
 
5
BIRRELL, A. D., LAMPSON, B. W., NEEDHAM, R. M., AND SCHROEDER, M. D. 1986. A global authentication service without global trust. In Proceedings of the 1986 IEEE Symposium on Security and Privacy (Oakland, CA, Apr. 7-9, 1986). IEEE Computer Society Press, Los Alamitos, CA, 223-230.
 
6
FORD, L. R. JR. AND FULKERSON, D. R. 1956. Maximal flow through a network. Can. J. Math. 8, 399-404.
 
7
Michael R. Garey , David S. Johnson, Computers and Intractability: A Guide to the Theory of NP-Completeness, W. H. Freeman & Co., New York, NY, 1979
 
8
GASSER, M., GOLDSTEIN, A., KAUFMAN, C., AND LAMPSON, B. 1989. The digital distributed system security architecture. In Proceedings of the 12th NIST/NCSC National Conference on Computer Security (Gaithersburg, MD, Oct.). 305-319.
 
9
Virgil D. Gligor , Shyh-Wei Luan , Joseph N. Pato, On Inter-RealmAuthentication in Large Distributed Systems, Proceedings of the 1992 IEEE Symposium on Security and Privacy, p.2, May 04-06, 1992
10
Andrew V. Goldberg , Robert E. Tarjan, A new approach to the maximum-flow problem, Journal of the ACM (JACM), v.35 n.4, p.921-940, Oct. 1988  [doi>10.1145/48014.61051]
11
Stephen T. Kent, Internet Privacy Enhanced Mail, Communications of the ACM, v.36 n.8, p.48-60, Aug. 1993  [doi>10.1145/163381.163390]
 
12
V. King , S. Rao , R. Tarjan, A faster deterministic maximum flow algorithm, Proceedings of the third annual ACM-SIAM symposium on Discrete algorithms, p.157-164, September 1992, Orlando, Florida, United States
13
Gennady Medvinsky , Charlie Lai , B. Clifford Neuman, Endorsements, licensing, and insurance for distributed system services, Proceedings of the 2nd ACM Conference on Computer and communications security, p.170-175, November 1994, Fairfax, Virginia, United States  [doi>10.1145/191177.191215]
14
Butler Lampson , Martín Abadi , Michael Burrows , Edward Wobber, Authentication in distributed systems: theory and practice, ACM Transactions on Computer Systems (TOCS), v.10 n.4, p.265-310, Nov. 1992  [doi>10.1145/138873.138874]
 
15
LAWLER, E. L. 1976. Combinatorial Optimization: Networks and Matroids. Holt Rinehart & Winston, Inc./School Division, Austin, TX.
 
16
LEVIEN, R. AND AIKEN, A. 1998. Attack-resistant trust metrics for public key certification. In Proceedings of the 7th on USENIX Security Symposium (Jan.). USENIX Assoc., Berkeley, CA, 229 -241.
 
17
Ueli M. Maurer, Modelling a Public-Key Infrastructure, Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security, p.325-350, September 25-27, 1996
 
18
S. Mendes , C. Huitema, A new approach to the X.509 framework: allowing a global authentication infrastructure without a global trust model, Proceedings of the 1995 Symposium on Network and Distributed System Security (SNDSS'95), p.172, February 16-17, 1995
 
19
Michael K. Reiter , Stuart G. Stubblebine, Resilient Authentication Using Path Independence, IEEE Transactions on Computers, v.47 n.12, p.1351-1362, December 1998  [doi>10.1109/12.737682]
 
20
William Stallings, Protect your privacy: a guide for PGP users, Prentice-Hall, Inc., Upper Saddle River, NJ, 1995
 
21
Paul Syverson, Limitations on Design Principles for Public Key Protocols, Proceedings of the 1996 IEEE Symposium on Security and Privacy, p.62, May 06-08, 1996
 
22
Anas Tarah , Christian Huitema, Associating Metrics to Certification Paths, Proceedings of the Second European Symposium on Research in Computer Security, p.175-189, November 23-25, 1992
 
23
TARDO, J. J. AND ALAGAPPAN, K. 1991. PX: Global authentication using public key certificates. In Proceedings of the 1991 IEEE Symposium on Research in Security and Privacy (May). IEEE Computer Society Press, Los Alamitos, CA, 232-244.
 
24
ITT CONSULTATIVE COMMITTEE (CCITT), 1988. The Directory--Authentication Framework, Recommendation X.509.
 
25
ANSI X9F1, 1994. ANSI X9.45 Enhanced Management Controls Using Attribute Certificates (draft).
 
26
Raphael Yahalom , Birgit Klein , Thomas Beth, Trust-based navigation in distributed systems, Computing Systems, v.7 n.1, p.45-73, Winter 1994
 
27
Philip R. Zimmermann, The official PGP user's guide, MIT Press, Cambridge, MA, 1995

CITED BY  19
Richard Au , Mark Looi , Paul Ashley, Automated cross-organisational trust establishment on extranets, Australian Computer Science Communications, v.23 n.6, January 2001
Michal Feldman , Kevin Lai , Ion Stoica , John Chuang, Robust incentive techniques for peer-to-peer networks, Proceedings of the 5th ACM conference on Electronic commerce, May 17-20, 2004, New York, NY, USA
Jean-Pierre Hubaux , Levente Buttyán , Srdan Capkun, The quest for security in mobile ad hoc networks, Proceedings of the 2nd ACM international symposium on Mobile ad hoc networking & computing, October 04-05, 2001, Long Beach, CA, USA
George Theodorakopoulos , John S. Baras, Trust evaluation in ad-hoc networks, Proceedings of the 2004 ACM workshop on Wireless security, October 01-01, 2004, Philadelphia, PA, USA
Efficient, Self-Contained Handling of Identity in Peer-to-Peer Systems, IEEE Transactions on Knowledge and Data Engineering, v.16 n.7, p.858-869, July 2004
Srdjan Capkun , Levente Buttyán , Jean-Pierre Hubaux, Self-Organized Public-Key Management for Mobile Ad Hoc Networks, IEEE Transactions on Mobile Computing, v.2 n.1, p.52-64, January 2003
Kemal Bicakci , Bruno Crispo , Andrew S. Tanenbaum, How to incorporate revocation status information into the trust metrics for public-key certification, Proceedings of the 2005 ACM symposium on Applied computing, March 13-17, 2005, Santa Fe, New Mexico
Susan J. Chinburg , Ramesh Sharda , Mark Weiser, Establishing the business value of network security using analytical hierarchy process, Creating business value with information technology: challenges and solutions, Idea Group Publishing, Hershey, PA, 2003
David Lai , Zhongwei Zhang, Network service sharing infrastructure: service authentication and authorization revocation, Proceedings of the 9th WSEAS International Conference on Communications, p.1-6, July 14-16, 2005, Athens, Greece
Lingyu Wang , Anoop Singhal , Sushil Jajodia, Toward measuring network security using attack graphs, Proceedings of the 2007 ACM workshop on Quality of protection, October 29-29, 2007, Alexandria, Virginia, USA
Kanta Matsuura, Digital Security Tokens and Their Derivatives, Netnomics, v.5 n.2, p.161-179, November 2003
Eunjin (EJ) Jung , Mohamed G. Gouda, Vulnerability analysis of certificate graphs, International Journal of Security and Networks, v.1 n.1/2, p.13-23, September 2006
Valentina Casola , Antonino Mazzeo , Nicola Mazzocca , Valeria Vittorini, A policy-based methodology for security evaluation: A Security Metric for Public Key Infrastructures, Journal of Computer Security, v.15 n.2, p.197-229, April 2007
Christian Skalka , X. Sean Wang , Peter Chapin, Risk management for distributed authorization, Journal of Computer Security, v.15 n.4, p.447-489, September 2007
Marcel Frigault , Lingyu Wang , Anoop Singhal , Sushil Jajodia, Measuring network security using dynamic bayesian network, Proceedings of the 4th ACM workshop on Quality of protection, October 27-27, 2008, Alexandria, Virginia, USA
Reto Kohlas , Jacek Jonczy , Rolf Haenni, Towards a precise semantics for authenticity and trust, Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services, October 30-November 01, 2006, Markham, Ontario, Canada
Zhengping Wu , Alfred C. Weaver, Requirements of federated trust management for service-oriented architectures, Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services, October 30-November 01, 2006, Markham, Ontario, Canada
Jingwei Huang , David Nicol, A calculus of trust and its application to PKI and identity management, Proceedings of the 8th Symposium on Identity and Trust on the Internet, April 14-16, 2009, Gaithersburg, Maryland
Daniel Cvrček , Václav Matyáš, Jr. , Ahmed Patel, Evidence processing and privacy issues in evidence-based reputation systems, Computer Standards & Interfaces, v.27 n.5, p.533-545, June, 2005

INDEX TERMS

Primary Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Authentication

Additional Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)
          Subjects: Authentication


General Terms:
Measurement, Security


Keywords:
metrics of authentication, public key infrastructure


REVIEW

"Anthony Donald Vanker : Reviewer"

This paper addresses the issue of determining the owner of a public key or, on the other hand, determining a user's public key in order to encrypt data for secure transmission. In most real-life situations that involve different ad  more...

Collaborative Colleagues:
Michael K. Reiter: colleagues
Stuart G. Stubblebine: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2010 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player