A non-transitive trust model for key distribution

S. Herald, S. Clarke, B. Christianson

Research output: Contribution to journalArticlepeer-review

215 Downloads (Pure)

Abstract

Key distribution mechanisms such as PKI or PGP implicitly assume trust to be transitive. This can be a problematic assumption. The user relies indirectly (often implicitly) on the remote entities to satisfy its trust requirements. In fact, over the years trust has been a much debated topic in the electronic world. In our view, trust is most usefully modeled as non-transitive and subjective to the user. This paper explores a novel way to address the well known asymmetric key distribution problem in the electronic world by mitigating the subjective risk of the user. We extend the conventional PKI and PGP models by deploying a recently introduced concept called trust*. Trust* is a way of building on existing trust relationships using an electronic equivalent of real-world guarantees so as to avoid the need for transitive trust. This application of trust* provides a flexible way to bridge the gap between the two unknown entities through the use of localized guarantees. Our model allows trust* to replace the need for transitive trust in PKI or PGP and thus reduce the perceived risk of the user in key distribution.
Original languageEnglish
Pages (from-to)618-625
JournalJournal of Information Assurance and Security
Volume5
Issue number6
Publication statusPublished - 2010

Fingerprint

Dive into the research topics of 'A non-transitive trust model for key distribution'. Together they form a unique fingerprint.

Cite this