SECURITY SEMINAR SERIES
| Title: |
Certificate Management Using Distributed Trusted Third Parties |
| Speaker: |
Alex Dent, Information Security Group, Royal Holloway, University of London |
| Date: |
Tuesday, 15 March 2005, 16:15 |
| Place: |
Lecture Theatre 2, William
Gates Building |
Abstract:
Trust is a key component in any ubiquitous computing system. Users
have to trust the devices to be secure, devices have to
authenticate the users in order to trust their inputs and devices
have to trust each others' identity and authorisation. A central
question in dealing with trust is how to distribute copies of a
user's public key in such a way that other users can verify that
it does, indeed, belong to the user that claims ownership.
Traditional answers to this question have involved using a trusted
Certificate Authority (CA) to generate and distribute digitally
signed certificates that bind a user's name to his public key (and
any other data that may be required). However, the centralised CA
model is particularly unsuited to the rapidly changing, ad hoc
network topologies that are associated with ubiquitous computing
environments.
Our solution to the problem of running a CA in a ubiquitous
computing environment is to allow every user in that environment
to download a ``CA applet'' – a self-contained application that
will run on the user's SEE and will issue certificates for that
user's public keys (and, potentially, other users that have been
authorised by a pre-determined policy). Furthermore, that applet
may, optionally, take the role of the directory service and make
these certificates available to other network users. Hence, these
CA applets may be placed anywhere within a network's topology, as
required by either the user or by some sort of controlling entity.
This talk discusses methods whereby a CA-applet scheme can be
implemented, the situations where it might be useful to do so and
the problems that are present with this approach.
|
