A calculus of trust and its application to PKI and identity management

摘要

We introduce a formal semantics based calculus of trust that explicitly represents trust and quantifies the risk associated with trust in public key infrastructure (PKI) and identity management (IdM). We then show by example how to formally represent trust relationships and quantitatively evaluate the risk associated with trust in public key certificate chains. In the context of choosing a certificate chain, our research shows that the shortest chain need not be the most trustworthy, and that it may make sense to compare the trustworthiness of a potential chain against a threshold to govern acceptance, changing the problem to finding a chain with sufficiently high trustworthiness. Our calculus also shows how quantified trust relationships among CAs can be combined to achieve an overall trust assessment of an offered certificate.