Reducing the Dependence of SPKI/SDSI on PKI

12 years 3 months ago
Reducing the Dependence of SPKI/SDSI on PKI
Abstract. Trust-management systems address the authorization problem in distributed systems. They offer several advantages over other approaches, such as support for delegation and making authorization decisions in a decentralized manner. Nonetheless, trust-management systems such as KeyNote and SPKI/SDSI have seen limited deployment in the real world. One reason for this is that both systems require a public-key infrastructure (PKI) for authentication, and PKI has proven difficult to deploy, because each user is required to manage his/her own private/public key pair. The key insight of our work is that issuance of certificates in trust-management systems, a task that usually requires public-key cryptography, can be achieved using secret-key cryptography as well. We demonstrate this concept by showing how SPKI/SDSI can be modified to use Kerberos, a secret-key based authentication system, to issue SPKI/SDSI certificates. The resulting trustmanagement system retains all the capabilities...
Hao Wang, Somesh Jha, Thomas W. Reps, Stefan Schwo
Added 22 Aug 2010
Updated 22 Aug 2010
Type Conference
Year 2006
Authors Hao Wang, Somesh Jha, Thomas W. Reps, Stefan Schwoon, Stuart G. Stubblebine
Comments (0)