Introduction
A New Model for Public-Key Authentication
Conclusion
A New Model for Public-Key Authentication Reto Kohlas, Jacek Jonczy, and Rolf Haenni Reasoning under UNcertainty Group Institute of Computer Science and Applied Mathematics University of Berne, Switzerland http://www.iam.unibe.ch/∼run/index.html
KiVS 2007 March 1st, 2007 1 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Outline 1
Introduction Public-Key Authentication Decentralized Public-Key Authentication Motivation and Goal
2
A New Model for Public-Key Authentication Our Entity-Relationship Model Formalizing Public-Key Authenticity and Trust Probabilistic Public-Key Authentication (Outlook)
3
Conclusion Achievements and Future Work
2 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Outline 1
Introduction Public-Key Authentication Decentralized Public-Key Authentication Motivation and Goal
2
A New Model for Public-Key Authentication Our Entity-Relationship Model Formalizing Public-Key Authenticity and Trust Probabilistic Public-Key Authentication (Outlook)
3
Conclusion Achievements and Future Work
2 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Outline 1
Introduction Public-Key Authentication Decentralized Public-Key Authentication Motivation and Goal
2
A New Model for Public-Key Authentication Our Entity-Relationship Model Formalizing Public-Key Authenticity and Trust Probabilistic Public-Key Authentication (Outlook)
3
Conclusion Achievements and Future Work
2 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Outline 1
Introduction Public-Key Authentication Decentralized Public-Key Authentication Motivation and Goal
2
A New Model for Public-Key Authentication Our Entity-Relationship Model Formalizing Public-Key Authenticity and Trust Probabilistic Public-Key Authentication (Outlook)
3
Conclusion Achievements and Future Work
3 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Public-Key Authentication
Public-Key Authentication Evaluating the authenticity of a public-key entity for a physical entity.
Bob Smith .
3ZALM39Q3.
Public-key certificates. Trust assumptions. Recommendations, discredits. 4 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Public-Key Authentication
Public-Key Authentication Evaluating the authenticity of a public-key entity for a physical entity.
Bob Smith .
3ZALM39Q3.
Public-key certificates. Trust assumptions. Recommendations, discredits. 4 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Decentralized Public-Key Authentication
PGP’s Web of Trust. No trust. Marginal trust. Full trust. B
D
A
F C
E
5 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Decentralized Public-Key Authentication
PGP’s Web of Trust. No trust. Marginal trust. Full trust. B
D
A
F C
E
5 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Decentralized Public-Key Authentication
Maurer’s Probabilistic Method.
∀X ∀Y : AutA,X ∧ TrustA,X,1 ∧ CertX,Y ` AutA,Y
conf(AutA,b ) = 0.402.
6 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Decentralized Public-Key Authentication
Maurer’s Probabilistic Method. ∀X ∀Y : AutA,X ∧ TrustA,X,1 ∧ CertX,Y ` AutA,Y p1
A
b p3
p2
conf(AutA,b ) = 0.402. 6 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Decentralized Public-Key Authentication
Maurer’s Probabilistic Method. ∀X ∀Y : AutA,X ∧ TrustA,X,1 ∧ CertX,Y ` AutA,Y p1
A
b p3
p2
conf(AutA,b ) = 0.402. 6 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Decentralized Public-Key Authentication
Maurer’s Probabilistic Method. ∀X ∀Y : AutA,X ∧ TrustA,X,1 ∧ CertX,Y ` AutA,Y p1
0.4
0.8 0.8 0.7
A
b p3
0.8
0.9
0.9
0.9 0.6 p2
conf(AutA,b ) = 0.402. 6 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Decentralized Public-Key Authentication
Maurer’s Probabilistic Method. ∀X ∀Y : AutA,X ∧ TrustA,X,1 ∧ CertX,Y ` AutA,Y p1
0.4
0.8 0.8 0.7
A
b p3
0.8
0.9
0.9
0.9 0.6 p2
conf(AutA,b ) = 0.402. 6 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Classification of Methods
Classification of Methods Non-probabilistic methods PGP’s + GnuPG’s Web of Trust (1994). Reiter-Stubblebine authentication metric (1997). Advogato trust metric (Levien, Aiken, 1998). Probabilistic methods Maurer’s probabilistic method (1996). Jøsang’s certification algebra (1999). Haenni’s key validation method (2005). Credential Networks (Jonczy and Haenni, 2006). Bicacki’s revocation metric (2006). 7 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Motivation and Goal
Motivation
Current methods rely on different models, e.g.:
Reiter-Stubblebine, Advogato: No bindings between physical entities and public-key entities. PGP, Maurer, Jøsang, Haenni, Credential Networks, Bicakci: Each physical entity is assumed to control exactly one public-key entity.
8 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Motivation and Goal
Motivation
⇒ “Appropriate” model for public-key authentication?
⇒ Alternative semantics for concepts as public-key authenticity?
9 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Motivation and Goal
Motivation
⇒ “Appropriate” model for public-key authentication?
⇒ Alternative semantics for concepts as public-key authenticity?
9 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Motivation and Goal
Public-Key Authenticity
Physical entity using different public-key entities.
p1 A
k1 k2
b kb
10 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Motivation and Goal
Public-Key Authenticity
Public-key entity controlled by two physical entities.
p1
b
k1
k3 p3
A
k4 p2
p3
k2
k3
11 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Motivation and Goal
Trust Trust values assigned to public-key or physical entities.
Entities using different identifiers. Distrust.
12 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Motivation and Goal
Trust Trust values assigned to public-key or physical entities.
Entities using different identifiers. Distrust.
12 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Motivation and Goal
Trust Trust values assigned to public-key or physical entities.
Entities using different identifiers. Distrust.
12 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Motivation and Goal
Goal
Propose a general model for public-key authentication that extends and improves existing models, forms the basis for enhanced public-key authentication methods, which is applicable also for trust metrics.
13 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Outline 1
Introduction Public-Key Authentication Decentralized Public-Key Authentication Motivation and Goal
2
A New Model for Public-Key Authentication Our Entity-Relationship Model Formalizing Public-Key Authenticity and Trust Probabilistic Public-Key Authentication (Outlook)
3
Conclusion Achievements and Future Work
14 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Our Entity-Relationship Model
Our Entity-Relationship Model
Public-key Entity
Physical Entity
Digital Entity
A
15 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Our Entity-Relationship Model
Our Entity-Relationship Model
Public-key Entity
n
controls
n
Physical Entity
n
controls
n
n
n
signs
Digital Entity n
authors
authors n n
A
n
15 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Our Entity-Relationship Model
Our Entity-Relationship Model
e-mail address
age
finger_ print
public_ key
Public-key Entity
n
family_ name
controls
n
first_ name
Physical Entity
n
DNS_ name
controls
n
n
n
signs
pseudo_ nym
Digital Entity n
authors
authors n n
A
n
15 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Formalizing Public-Key Authenticity and Trust
Public-Key Authenticity
Deriving public-key authenticity.
∀.P ∀.K :
authorsp (P, controlsk (P, K)) → aut(P, K) .
16 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Formalizing Public-Key Authenticity and Trust
Public-Key Authenticity
Ascribing digital signatures to an entity.
∀.P ∀.K ∀.S :
( aut(P, K) ∧ signs(K, S) ) → authorsp (P, S) .
17 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Formalizing Public-Key Authenticity and Trust
Public-Key Authenticity
Sole public-key entity control.
∀.P1 ∀.P2 ∀.K :
( aut(P1 , K) ∧ (P1 6= P2 ) ) → ¬ aut(P2 , K) .
18 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Formalizing Public-Key Authenticity and Trust
Trust Semantics
Positive trust assumption. ∀.P ∀.S :
( trust(P, S) ∧ authorsp (P, S) ) → S .
Negative trust assumption. ∀.P ∀.S :
( ¬ trust(P, S) ∧ authorsp (P, S) ) → ¬ S .
19 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Probabilistic Public-Key Authentication (Outlook)
Probabilistic Public-Key Authentication (Outlook)
p1 +0.8
k1
+1.0
+0.9 −0.8
A
b k3
−0.3 p2 +0.8
k2
−0.3
+0.7 +0.9
p4 k4
p3 +0.6
qs(⊥) = 0.456. dsp(aut(b, k3 )) = 0.708. dpl(aut(b, k3 )) = 0.758. dsp(aut(p3 , k3 )) = 0.111. dpl(aut(p3 , k3 )) = 0.245. dsp(aut(b, k3 ) ∧ aut(p3 , k3 )) = 0.000.
k3
20 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Probabilistic Public-Key Authentication (Outlook)
Probabilistic Public-Key Authentication (Outlook)
p1 +0.8
k1
+1.0
+0.9 −0.8
A
b k3
−0.3 p2 +0.8
k2
−0.3
+0.7 +0.9
p4 k4
p3 +0.6
qs(⊥) = 0.456. dsp(aut(b, k3 )) = 0.708. dpl(aut(b, k3 )) = 0.758. dsp(aut(p3 , k3 )) = 0.111. dpl(aut(p3 , k3 )) = 0.245. dsp(aut(b, k3 ) ∧ aut(p3 , k3 )) = 0.000.
k3
20 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Outline 1
Introduction Public-Key Authentication Decentralized Public-Key Authentication Motivation and Goal
2
A New Model for Public-Key Authentication Our Entity-Relationship Model Formalizing Public-Key Authenticity and Trust Probabilistic Public-Key Authentication (Outlook)
3
Conclusion Achievements and Future Work
21 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Achievements and Future Work
Conclusion
Achievements General model for public-key authentication. Possible semantics for public-key authenticity and trust. A probabilistic public-key authentication method, based on the new model.
22 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Achievements and Future Work
Conclusion
Achievements General model for public-key authentication. Possible semantics for public-key authenticity and trust. A probabilistic public-key authentication method, based on the new model.
22 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Achievements and Future Work
Conclusion
Achievements General model for public-key authentication. Possible semantics for public-key authenticity and trust. A probabilistic public-key authentication method, based on the new model.
22 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Achievements and Future Work
Conclusion
Achievements General model for public-key authentication. Possible semantics for public-key authenticity and trust. A probabilistic public-key authentication method, based on the new model.
22 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland
Introduction
A New Model for Public-Key Authentication
Conclusion
Achievements and Future Work
Conclusion
Future work Elaborating the probabilistic public-key authentication method further. Modeling time issues and revocation of statements and public keys.
23 of 23
Reto Kohlas, Jacek Jonczy, and Rolf Haenni
University of Berne, Switzerland