Public-key support for group collaboration

被引：26

作者：

Ellison, Carl ^{[1
,2
]}

Dohrmann, Steve ^{[1
,2
]}

机构：

[1] Intel Corporation, Hillsboro, OR 97124

来源：

ACM Transactions on Information and System Security | 2003年 / 6卷 / 04期

关键词：

Human-computer interface; IPsec; PGP; PKI; S/MIME; SDSI; SPKI; SSH;

D O I：

10.1145/950191.950195

中图分类号：

学科分类号：

摘要：

This paper characterizes the security of group collaboration as being a product not merely of cryptographic algorithms and coding practices, but also of the man-machine process of group creation. We show that traditional security mechanisms do not properly address the needs of a secured collaboration and present a research prototype, called NGC (next generation collaboration), that was designed to meet those needs. NGC distinguishes itself in the care with which the man-machine process was analyzed and shaped to improve the security of the whole process. We include a detailed analysis of the problem of binding a name to a key, traditionally thought to be the province of PKI, but we show that the SDSI local name concept produces a result with superior security to that produced by standard PKI.

引用

页码：547 / 565

页数：18

共 8 条

[1]

(2000)

[2]

Diffie W., Hellman M., New directions in cryptography, IEEE Trans. Inf. Theory, IT-22, pp. 644-654, (1976)

[3]

Ellison C.M., Frantz B., Lampson B., Rivest R., Thomas B., Ylonen T., SPKI certificate theory, RFC2693, (1999)

[4]

Fox A., Brewer E.A., Harvest, yield and scalable tolerant systems, Proceedings HotOS-VII, (1999)

[5]

Gilbert S., Lynch N., Brewer's conjecture and the feasibility of consistent, available, partition-tolerant web services, Sigact News, 33, (2002)

[6]

Rivest R.L., S-expressions, (1997)

[7]

Rivest R.L., Lampson B., SDSI - A Simple Distributed Security Infrastructure, (1996)

[8]

Whitten A., Tygar J.D., Why Johnny can't encrypt: A usability evaluation of POP 5.0, Proceedings of the 8th USENIX Security Symposium, (1999)

← 1 →