Selected publications by Stefan Schwoon

Abstract:
Trust-management systems address the authorization problem in distributed systems. They offer several advantages over other approaches, such as support for delegation and making authorization decisions in a decentralized manner. Nonetheless, trust-management systems such as KeyNote and SPKI/SDSI have seen limited deployment in the real world. One reason for this is that both systems require a public-key infrastructure (PKI) for authentication, and PKI has proven difficult to deploy, because each user is required to manage his/her own private/public key pair. The key insight of our work is that issuance of certificates in trust-management systems, a task that usually requires public-key cryptography, can be achieved using secret-key cryptography as well. We demonstrate this concept by showing how SPKI/SDSI can be modified to use Kerberos, a secret-key based authentication system, to issue SPKI/SDSI certificates. The resulting trust-management system retains all the capabilities of SPKI/SDSI, but is much easier to use because a public key is only required for each SPKI/SDSI server, but no longer for every user. Moreover, because Kerberos is already well established, our approach makes SPKI/SDSI-based trust management systems easier to deploy in the real world.

@inproceedings{WJRSS-esorics06,
   address = {Hamburg, Germany},
   author = {Wang, Hao and Jha, Somesh and Reps, Thomas and Schwoon, Stefan and Stubblebine, Stuart},
   booktitle = {{P}roceedings of the 11th {E}uropean {S}ymposium on {R}esearch in {C}omputer {S}ecurity ({ESORICS}'06)},
   DOI = {10.1007/11863908_11},
   editor = {Gollmann, Dieter and Meier, Jan and Sabelfeld, Andrei},
   month = sep,
   pages = {156-173},
   publisher = {Springer},
   series = {Lecture Notes in Computer Science},
   title = {Reducing the Dependence of {SPKI}{\slash}{SDSI} on~{PKI}},
   url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/WJRSS-esorics06.pdf},
   volume = {4189},
   year = {2006},
}

About LSV