A calculus of trust and its application to PKI and identity management

Authors:
Jingwei Huang;David Nicol
Affiliations:
University of Illinois at Urbana-Champaign, Urbana, Illinois;University of Illinois at Urbana-Champaign, Urbana, Illinois
Venue:
Proceedings of the 8th Symposium on Identity and Trust on the Internet
Year:
2009

Citing 20
Cited 10

A logic of authentication

ACM Transactions on Computer Systems (TOCS)
Resilient Authentication Using Path Independence

IEEE Transactions on Computers
Authentication metric analysis and design

ACM Transactions on Information and System Security (TISSEC)
Authoritative sources in a hyperlinked environment

Journal of the ACM (JACM)
Inside risks: PKI: a question of trust and value

Communications of the ACM
To trust information sources: a proposal for a modal logical framework

Trust and deception in virtual societies
A logic for uncertain probabilities

International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems
Modelling a Public-Key Infrastructure

ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
A Social Mechanism of Reputation Management in Electronic Communities

CIA '00 Proceedings of the 4th International Workshop on Cooperative Information Agents IV, The Future of Information Agents in Cyberspace
The Eigentrust algorithm for reputation management in P2P networks

WWW '03 Proceedings of the 12th international conference on World Wide Web
A Computational Model of Trust and Reputation for E-businesses

HICSS '02 Proceedings of the 35th Annual Hawaii International Conference on System Sciences (HICSS'02)-Volume 7 - Volume 7
Propagation of trust and distrust

Proceedings of the 13th international conference on World Wide Web
Computing and applying trust in web-based social networks

Computing and applying trust in web-based social networks
PKI Trust Relationships: from a Hybrid Architecture to a Hierarchical Model

ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
Trusting advice from other buyers in e-marketplaces: the problem of unfair ratings

ICEC '06 Proceedings of the 8th international conference on Electronic commerce: The new e-commerce: innovations for conquering current barriers, obstacles and limitations to conducting successful business on the internet
An ontology of trust: formal semantics and transitivity

ICEC '06 Proceedings of the 8th international conference on Electronic commerce: The new e-commerce: innovations for conquering current barriers, obstacles and limitations to conducting successful business on the internet
Simplification and analysis of transitive trust networks

Web Intelligence and Agent Systems
Modeling and evaluation of certification path discovery in the emerging global PKI

EuroPKI 2006 Proceedings of the Third European conference on Public Key Infrastructure: theory and Practice
Trust, untrust, distrust and mistrust – an exploration of the dark(er) side

iTrust'05 Proceedings of the Third international conference on Trust Management
An overview of PKI trust models

IEEE Network: The Magazine of Global Internetworking

Safeguarding digital identity: the SPICI (Sharing Policy, Identity, and Control Information) approach to negotiating identity federation and sharing agreements

Proceedings of the 8th Symposium on Identity and Trust on the Internet
Federation proxy for cross domain identity federation

Proceedings of the 5th ACM workshop on Digital identity management
Formal definitions and complexity results for trust relations and trust domains fit for TTPs, the web of trust, PKIs, and ID-based cryptography

ACM SIGACT News
An authentication trust metric for federated identity management systems

STM'10 Proceedings of the 6th international conference on Security and trust management
Certification validation: back to the past

EuroPKI'11 Proceedings of the 8th European conference on Public Key Infrastructures, Services, and Applications
Identity management-based social trust model for mediating information sharing and privacy enhancement

Security and Communication Networks
Certification validation: Back to the past

Computers & Mathematics with Applications
Composite trust-based public key management in mobile ad hoc networks

Proceedings of the 28th Annual ACM Symposium on Applied Computing
Trust management on user behavioral patterns for a mobile cloud computing

Cluster Computing
Inferring and validating skills and competencies over time

Applied Ontology

Quantified Score

Hi-index	0.00

Visualization

Abstract

We introduce a formal semantics based calculus of trust that explicitly represents trust and quantifies the risk associated with trust in public key infrastructure (PKI) and identity management (IdM). We then show by example how to formally represent trust relationships and quantitatively evaluate the risk associated with trust in public key certificate chains. In the context of choosing a certificate chain, our research shows that the shortest chain need not be the most trustworthy, and that it may make sense to compare the trustworthiness of a potential chain against a threshold to govern acceptance, changing the problem to finding a chain with sufficiently high trustworthiness. Our calculus also shows how quantified trust relationships among CAs can be combined to achieve an overall trust assessment of an offered certificate.