ABSTRACT
In an a priori anonymous digitized world, notions such as authenticity and trust are of paramount importance. Unfortunately, the exact meaning of such key terms has never been consistently defined, and they are often used in an ambiguous way. In this paper, we introduce a new model for representing these fundamental notions in the context of rating systems in e-business applications as well as for public-key certification. When applied to existing systems, its goal is to shed light on the implicit assumptions actually made by the participants. As an example, we show that for the rating system used in eBay, there are a number of such implicit assumptions on which the drawn conclusions depend. A second example is PGP, where it turns out that the meaning of the (syntactically well-defined) certificates is not entirely clear.
- The official ebay website. http://www.ebay.com, April 2006.Google Scholar
- T. Beth, M. Borcherding, and B. Klein. Valuation of trust in open networks. In ESORICS'94, 3rd European Symposium on Research in Computer Security, LNCS 875, pages 3--18. Springer, 1994. Google ScholarDigital Library
- K. Bicakci, B. Crispo, and A. S. Tanenbaum. How to incorporate revocation status information into the trust metrics for public-key certification. International Journal for Infonomics, Special Issue: Selected papers of the ACM SAC 2005 TRECK Track, 2006. Google ScholarDigital Library
- M. Blaze, J. Feigenbaum, and A. D. Keromytis. KeyNote: Trust management for public-key infrastructures (position paper). In 6th International Workshop on Security Protocols, LNCS 1550, pages 59--63, Cambridge, UK, 1999. Google ScholarDigital Library
- P. P.-S. S. Chen. The entity-relationship model: Toward a unified view of data. ACM Transactions on Database Systems, 1(1):9--36, 1976. Google ScholarDigital Library
- C. J. Colbourn. The Combinatorics of Network Reliability. Oxford University Press, New York, USA, 1987. Google ScholarDigital Library
- R. Haenni. Using probabilistic argumentation for key validation in public-key cryptography. International Journal of Approximate Reasoning, 38(3):355--376, 2005. Google ScholarDigital Library
- R. Haenni, J. Jonczy, and R. Kohlas. Two-layer models for managing authenticity and trust. In R. Song, L. Korba, and G. Yee, editors, Trust in E-Services: Technologies, Practices and Challenges. 2006 (to appear).Google Scholar
- R. Haenni, J. Kohlas, and N. Lehmann. Probabilistic argumentation systems. In D. M. Gabbay and P. Smets, editors, Handbook of Defeasible Reasoning and Uncertainty Management Systems, volume 5: Algorithms for Uncertainty and Defeasible Reasoning, pages 221--288. Kluwer Academic Publishers, Dordrecht, Netherlands, 2000.Google Scholar
- J. Jonczy and R. Haenni. Credential networks: a general model for distributed trust and authenticity management. In A. Ghorbani and S. Marsh, editors, PST'05: 3rd Annual Conference on Privacy, Security and Trust, pages 101--112, St. Andrews, Canada, 2005.Google Scholar
- J. Jonczy and R. Haenni. Implementing credential networks. In iTrust'06, 4rd International Conference on Trust Management, pages 164--178, Pisa, Italy, 2006 (to appear). Google ScholarDigital Library
- A. Jøsang. An algebra for assessing trust in certification chains. In NDSS'99: 6th Annual Symposium on Network and Distributed System Security, San Diego, USA, 1999.Google Scholar
- A. Jøsang, S. Marsh, and S. Pope. Exploring different types of trust propagation (accepted). In iTrust'06: 4rd International Conference on Trust Management, Pisa, Italy, 2006. Google ScholarDigital Library
- S. D. Kamvar, M. T. Schlosser, and H. Garcia-Molina. The EigenTrust algorithm for reputation management in P2P networks. In WWW2003, 12th International World Wide Web Conference, pages 640--651, Budapest, Hungary, 2003. Google ScholarDigital Library
- R. Kohlas and U. Maurer. Confidence valuation in a public-key infrastructure based on uncertain evidence. In H. Imai and Y. Zheng, editors, PKC'2000, Third International Workshop on Practice and Theory in Public Key Cryptography, LNCS 1751, pages 93--112, Melbourne, Australia, 2000. Springer. Google ScholarDigital Library
- R. Kohlas and U. Maurer. Reasoning about public-key certification: On bindings between entities and public keys. IEEE Journal on Selected Areas in Communication, 18(4):591--600, Apr 2000.Google Scholar
- R. Levien and A. Aiken. Attack-resistant trust metrics for public key certification. In Security'98, 7th USENIX Security Symposium, pages 229--242, San Antonio, USA, 1998. Google ScholarDigital Library
- G. Mahoney, W. Myrvold, and G. C. Shoja. Generic reliability trust model. In A. Ghorbani and S. Marsh, editors, PST'05: 3rd Annual Conference on Privacy, Security and Trust, pages 113--120, St. Andrews, Canada, 2005.Google Scholar
- J. Marchesini and S. W. Smith. Modeling public key infrastructures in the real world. In D. Chadwick and G. Zhao, editors, EuroPKI'04, 2nd European PKI Workshop: Research and Applications, LNCS 3545, pages 118--134, Canterbury, U.K., 2005. Springer. Google ScholarDigital Library
- U. Maurer. Modelling a public-key infrastructure. In E. Bertino, H. Kurth, G. Martella, and E. Montolivo, editors, ESORICS, European Symposium on Research in Computer Security, LNCS 1146, pages 324--350. Springer, 1996. Google ScholarDigital Library
- U. Maurer. New approaches to digital evidence. Proceedings of the IEEE, 92(6):933--947, 2004.Google ScholarCross Ref
- M. K. Reiter and S. G. Stubblebine. Authentication metric analysis and design. ACM Transactions on Information and System Security, 2(2):138--158, 1999. Google ScholarDigital Library
- J. Shi, G. Bochmann, and C. Adams. A trust model with statistical foundation. In FAST'04, 2nd International Workshop on Formal Aspects in Security and Trust, pages 145--158, Toulouse, France, 2004.Google Scholar
- P. R. Zimmermann. The Official PGP User's Guide. MIT Press, 1994. Google ScholarDigital Library
Recommendations
Formal Analysis of Symbolic Authenticity
Frontiers of Combining SystemsAbstractAuthenticated encryption schemes are ways of encrypting messages which simultaneously assure the secrecy and authenticity of data. Designing authenticated encryption schemes can be error-prone. In this paper, we consider the authenticity of ...
How to Balance Privacy with Authenticity
Information Security and Cryptology --- ICISC 2008In several occasions, it is important to consider the privacy of an individual together with the authenticity of the message produced by that individual or hold by that individual. In the latter scenario, the authenticity of the message enables one to ...
Comments