A non-transitive trust model for key distribution

S. Herald, S. Clarke, B. Christianson

    Research output: Contribution to journalArticlepeer-review

    208 Downloads (Pure)

    Abstract

    Key distribution mechanisms such as PKI or PGP implicitly assume trust to be transitive. This can be a problematic assumption. The user relies indirectly (often implicitly) on the remote entities to satisfy its trust requirements. In fact, over the years trust has been a much debated topic in the electronic world. In our view, trust is most usefully modeled as non-transitive and subjective to the user. This paper explores a novel way to address the well known asymmetric key distribution problem in the electronic world by mitigating the subjective risk of the user. We extend the conventional PKI and PGP models by deploying a recently introduced concept called trust*. Trust* is a way of building on existing trust relationships using an electronic equivalent of real-world guarantees so as to avoid the need for transitive trust. This application of trust* provides a flexible way to bridge the gap between the two unknown entities through the use of localized guarantees. Our model allows trust* to replace the need for transitive trust in PKI or PGP and thus reduce the perceived risk of the user in key distribution.
    Original languageEnglish
    Pages (from-to)618-625
    JournalJournal of Information Assurance and Security
    Volume5
    Issue number6
    Publication statusPublished - 2010

    Fingerprint

    Dive into the research topics of 'A non-transitive trust model for key distribution'. Together they form a unique fingerprint.

    Cite this