A Calculus for Security Bootstrapping in Distributed Systems
Ueli Maurer and Pierre Schmid
A calculus of channel security properties is presented which allows to analyze and compare protocols for establishing secure channels in a distributed open system at a high level of abstraction. A channel is characterized by its direction, its time of availability and its security properties. Cryptographic primitives as well as trust relations are interpreted as transformations for channel security properties, and a cryptographic protocol can be viewed as a sequence of such transformations. A protocol thus allows to transform a set of secure channels established during an initial setup phase, together with a set of insecure channels available during operation of the system, into the set of secure channels specified by the security requirements. The necessary and sufficient requirements for establishing a secure channel between two entities are characterized in terms of secure channels to be made available during the initial setup phase and in terms of trust relations between users and/or between users and trusted third parties.
Keywords: Network security, Distributed systems, Key management, Cryptography, Security transformations, Formal models.
BibTeX Citation
@article{MauSch96, author = {Ueli Maurer and Pierre Schmid}, title = {A Calculus for Security Bootstrapping in Distributed Systems}, journal = {Journal of Computer Security}, pages = {55--80}, number = {1}, volume = {4}, year = {1996}, note = {Preliminary version: \cite{MauSch94}}, }