Incorporation Of Certification Revocation And Time Concept Into A Trust Model For Information Security System
In large open networks, handling trust and authenticity adequately is an important prerequisite for security policy. Trust issues influence not only the specification of security policies but also the techniques needed to manage and implement security policies for systems. Certification is one of...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English English |
| Published: |
2007
|
| Subjects: | |
| Online Access: | http://psasir.upm.edu.my/id/eprint/5268/1/FK_2007_55a.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my-upm-ir.5268 |
|---|---|
| record_format |
uketd_dc |
| spelling |
my-upm-ir.52682013-05-27T07:21:36Z Incorporation Of Certification Revocation And Time Concept Into A Trust Model For Information Security System 2007 Azimzadeh, Fatemeh In large open networks, handling trust and authenticity adequately is an important prerequisite for security policy. Trust issues influence not only the specification of security policies but also the techniques needed to manage and implement security policies for systems. Certification is one of the main components of trust models and is known as a common mechanism for authentic public key distribution. In order to obtain a public key, verifiers need to extract a certificate path from a network of certificates, which is called the public key infrastructure (PKI). There are two classifications of PKI; namely the centralized and decentralized PKIs. In this thesis, attention is paid the decentralized PKIs, such as Maurer’s model. This model is comprised of two parts; the deterministic and probabilistic models. An important limitation in this model is that certification revocation is not considered. Revocation happens in cases, among others, such as the loss of private key. Another limitation of Maurer’s model is that it lacks time consideration, which is important as trust changes over time. In this thesis, a novel trust model is developed, addressing the limitations of other models. Negative values such as revocation of certification have been incorporated, making a complete trust model that includes both positive and negative evidences. Particularly, certification is considered as positive evidence while certification revocation is considered negative. The time concept is then added to the model in order to address the change of trusts status over time. Hence, the complete trust model is able to incorporate certification revocation and time concept into both deterministic and probabilistic parts of a model. Incorporating two new concepts into Maurer’s model increases the generality and expressive power of the model. Novel extension of the trust model enabling it to capture all aspects of public key certification which includes trust, recommendations, confidence values for trust metric and authenticity of public keys, multiple certification paths, certification revocation and the time concept. Experimental results show that after incorporating the new concept, a decrease in confidence value in comparison to Maurer’s model was observed, resulting to a more realistic model. Trust, Industrial Security systems 2007 Thesis http://psasir.upm.edu.my/id/eprint/5268/ http://psasir.upm.edu.my/id/eprint/5268/1/FK_2007_55a.pdf application/pdf en public masters Universiti Putra Malaysia Trust, Industrial Security systems Faculty of Engineering English |
| institution |
Universiti Putra Malaysia |
| collection |
PSAS Institutional Repository |
| language |
English English |
| topic |
Trust Industrial Security systems |
| spellingShingle |
Trust Industrial Security systems Azimzadeh, Fatemeh Incorporation Of Certification Revocation And Time Concept Into A Trust Model For Information Security System |
| description |
In large open networks, handling trust and authenticity adequately is an
important prerequisite for security policy. Trust issues influence not only the
specification of security policies but also the techniques needed to manage and
implement security policies for systems. Certification is one of the main
components of trust models and is known as a common mechanism for
authentic public key distribution. In order to obtain a public key, verifiers need
to extract a certificate path from a network of certificates, which is called the
public key infrastructure (PKI). There are two classifications of PKI; namely
the centralized and decentralized PKIs. In this thesis, attention is paid the
decentralized PKIs, such as Maurer’s model. This model is comprised of two
parts; the deterministic and probabilistic models. An important limitation in this
model is that certification revocation is not considered. Revocation happens in cases, among others, such as the loss of private key. Another limitation of
Maurer’s model is that it lacks time consideration, which is important as trust
changes over time.
In this thesis, a novel trust model is developed, addressing the limitations of
other models. Negative values such as revocation of certification have been
incorporated, making a complete trust model that includes both positive and
negative evidences. Particularly, certification is considered as positive evidence
while certification revocation is considered negative. The time concept is then
added to the model in order to address the change of trusts status over time.
Hence, the complete trust model is able to incorporate certification revocation
and time concept into both deterministic and probabilistic parts of a model.
Incorporating two new concepts into Maurer’s model increases the generality
and expressive power of the model. Novel extension of the trust model enabling
it to capture all aspects of public key certification which includes trust,
recommendations, confidence values for trust metric and authenticity of public
keys, multiple certification paths, certification revocation and the time concept.
Experimental results show that after incorporating the new concept, a decrease
in confidence value in comparison to Maurer’s model was observed, resulting
to a more realistic model. |
| format |
Thesis |
| qualification_level |
Master's degree |
| author |
Azimzadeh, Fatemeh |
| author_facet |
Azimzadeh, Fatemeh |
| author_sort |
Azimzadeh, Fatemeh |
| title |
Incorporation Of Certification Revocation And Time Concept Into A Trust Model For Information Security System |
| title_short |
Incorporation Of Certification Revocation And Time Concept Into A Trust Model For Information Security System |
| title_full |
Incorporation Of Certification Revocation And Time Concept Into A Trust Model For Information Security System |
| title_fullStr |
Incorporation Of Certification Revocation And Time Concept Into A Trust Model For Information Security System |
| title_full_unstemmed |
Incorporation Of Certification Revocation And Time Concept Into A Trust Model For Information Security System |
| title_sort |
incorporation of certification revocation and time concept into a trust model for information security system |
| granting_institution |
Universiti Putra Malaysia |
| granting_department |
Faculty of Engineering |
| publishDate |
2007 |
| url |
http://psasir.upm.edu.my/id/eprint/5268/1/FK_2007_55a.pdf |
| _version_ |
1747810388060143616 |