Saturday, October 23, 2010

Different trust model


Trust model describes how to create a different certification path between the certification body and the confidence to build and find the path rules.

The so-called trust model is a relationship of trust establishment and management framework. In public key infrastructure, when the two certification bodies in the public key of a party to the other or both public key certificates to each other, the two rooms on the establishment of this trust. Trust model describes how to create a different certification path between the certification body and the confidence to build and find the path rules.

Hierarchical Trust Model

1. The strict hierarchy of certification bodies

CA's strict certification hierarchy can be described as an inverted tree, roots of the tree top, branches extended downward, leaves in the bottom end. Inverted tree in the tree, the root represents a whole PKI for all entities within the special significance of CA, is often called the root CA, the root of it as a trust or "trust anchor." The root CA is zero below the intermediate layer or layers of CA, because it belongs to root, also known as sub-CA, CA can be used as the middle child node, then branch out, and finally the tree leaves, known as end-entity or as end-user.

Upside down tree's roots, the tree structure as a starting point, it is not only network, communication or sub-structure of the starting point, it is a starting point of trust. In this system, all entities (including end-entity and all of the sub-CA) are to the root CA's public key as the anchor they trust that their decisions on all certificates of trust starting point or destination. The structure shown in Figure 1.



End-entity authentication process: a trusted root CA public key held by entities in a terminal, you can test the following procedure to another end-entity certificate B. Assuming that Bob's certificate issued by CA2, while the CA2's certificate issued by CA1, CA1 of the certificate is issued by the CA.

Because A has a root CA's public key Kr, so the public key can verify the CA1 K1, so you can extract the public key of CA1 credible. Then, the public key can be used as public key authentication CA2, CA2 similar to the credibility of the public key can be K2, K2 will be able to verify the public key certificate of B, B to get the credibility of the public key K B. A key can now be under the B type is the encryption key or a signature key, to use the key K B.

2. Subordinate-level trust model

Subordinate-level model and the general level models differ, subordinate-level model is a subset of general-level model, universal level model allows two-way trust relationship, and subordinate-level model is only one way to prove the next layer of the subordinate CA. In the subordinate-level model, the root CA has a special significance, it was named anchor for all end users of public trust. By definition it is the most trusted certificate authority, all other relations of trust are derived from it.

In the model, only superior to a subordinate CA issuing CA can, Er subordinate CA issuing CA can not turn to a higher level, to prove the superior CA.

Because the root CA in the model is the only trust anchor, and the trust relationship is established from the most trusted CA up, so there is no other certification body for the root CA certificates. Root CA to issue a self-signed their own CA, so the certificate subject and certificate issuer is the same. Public key certificate in the certificate and private key for the certificate signature is the corresponding.

Root CA trust anchor as the only designated the root certificate of the certificate must be distributed to all users, because in the model, all paths must include the root certificate, so the root CA key is very important, once the leak, the entire trust models will have catastrophic consequences.

Feature

Subordinate hierarchy, all are in the root CA certificate path terminate the certificate, so only the path leading to the root CA certificates only need to check and verify times and does not need to establish or verify the user certificate from the root CA to CA's anti-path. General Hierarchical Model Certification Path shorter than the half.



Figure 2 is a subordinate-level model certificate certification path, the figure for their own self-signed root CA issued the root certificate, and then issuing CA certificate for the user, the user CA certificate issued to end users.

Subordinate hierarchy model in support of the strict hierarchy of the environment using the most effective. U.S. Department of Defense-level model used to support subordinate defense system (DMS), because the United States Department of Defense's organizational structure itself is level-based. Strictly subordinate hierarchy is another well-known application of Internet privacy enhanced email PEM.

Network trust model

To understand the network trust model, we must first understand the "peer model", in the other models developed on the basis of fully connected mesh network and thus constitute a trust model.

1. On the other model

Definition: reciprocal confidence-building trust model is the assumption that the two certification bodies are not subordinate relationship, not one of the subordinate to another, but they are point to point, on the other the (peer-to-peer).

In this model, there is no trust anchor as a root CA, certificate users rely on their local award authority, and as the trust anchor. Shown in Figure 3.



4 cross-certification: Cross-certification is not related to the CA before a useful mechanism for linking, allowing the main body in between their respective security communications. The actual cross-certification form method, such as the specific message exchange protocol, have the same general certificate of authentication, but cross-certification of the subject and issuer are the CA, instead of end-entity. To note the following points:

鈼?If the CA is the same domain (such as the hierarchy of subordinate CA), this treatment is called cross-domain authentication.

鈼?If the CA under different domain (a company in the CA certificate of another company, CA), this treatment is called inter-domain cross-certification.

One-way cross-certification can also be both ways. CA1 can be cross-certified CA2, but no cross-certification CA2 CA1. This led to a single one-way cross-cross-certification certificate, the strict application of the hierarchy is typical.

2. Reticular

Network structure that contains multiple CA provides PKI services, each end-entity certificates issued only to trust its CA certificates issued by these CA to peer (peer-to-peer) mode each certificate that the cross-authentication technology to two-way trust purposes.

Each issue contains between multiple CA cross each other's public key certificate, ensure that the users of each CA cross-certified CA certificate to trust the other users in order to achieve the trust's expansion and interoperability.

In the network structure, all must cross between the root CA certificate, in the fully connected network, if there are several root CA, it needs to build a n 脳 (n-1) a cross-authentication protocol, when n When large enough, such a cross-certification agreements close to n2. For the n-CA, to their mutual trust between the 22 exchange, you need to issue and maintain the n 脳 (n-1) / 2 cross-cutting certificate, if n = 7, you need 21 cross-certification, and Each CA in the need to install n-1 by cross-cutting the root certificate of authentication.

Advantage

鈼?network structure of the PKI is flexible, because there are multiple trusted starting point, one of the CA problem, then to the CA that issued the certificate of the CA had just revoked the certificate, PKI domain can be deleted from the CA. CA associated with the other users still have a correct starting point of trust, to maintain a secure PKI domain with the rest of the user communications. Therefore, the weakening of a single CA security will not affect the operation of the PKI domain.

Shortcoming

鈼?Expansion of the certification path is more complex than hierarchy;

鈼?from the user certificate to the trusted certificate from the path is uncertain, there are several possible options to find a more difficult path; when the CA increase in the number, there may be a certificate endless loop.

Trust list structure

PKI trust trust list structure is a way to structure it with the hierarchical structure, network structure and hybrid trust structure (bridge mode) has its unique characteristics. Trust list is a very useful concept, it provides a mechanism, Shide from different hierarchies or other trust model of CA was Mingque De Ke Yi trust.

Trust list is a dynamic set at the application layer two-dimensional control list, the table contains trusted CA root certificate, each CA itself can be a hierarchical structure or network structure.

Advantage

鈼?The biggest advantage of the trust list for the simple structure, reducing the complexity of the steps to find trust paths; increase confidence in CA it easier to remove. Trust in the dynamic list, calling for an organization to have just one central administrator to determine the strategy, within the provisions of the trust which the user should accept the trust anchor, the administrator that the list of additions and deletions can trust new trust anchor, the changed set of trust anchor certificate can be downloaded to the user.

鈼?options in dealing with different PKI trust list of practical benefits. Because of the different CA, provider of the product has a different trust model, and some only support the hierarchical model, some support for such cross-certification, others are mixed models, etc., so that makes the difference between the PKI and trust model to achieve interaction between a problem. The trust list can avoid these difficulties.

Shortcoming

鈼?From the user's point of view, to bring a particular CA trust list into its main purpose of the CA's Mouxie users with communication Yu verify their Zheng Shu Jin Xing's 闇?眰, while listed in the CA trust list itself, Bing without fully understanding and trust;

鈼?users will trust the new CA to join their list, you must investigate and understand the CA; the same time must also be regularly updated by the CA trust important information, as listed in the list to increase the number of CA, using burdens have increased;

鈼?a list of structures can not properly handle the trust on the list has been a failure, the operation of the CA is no longer the situation, because the failure of the CA and CA belong to the list of holders there was no trust relationship between the failure of CA do not even know they are the trust of a user object, and therefore can not inform the user itself is invalid.

Hybrid trust model

Hybrid trust model structure, bridge-shaped structure that is. It is the common structure of the trust structure, which combines hierarchical, mesh, trust lists, and a different trust model integrated structure, it has many advantages, application of more common.

Network trust structure is a trust based on cross-certification intermediary point of the bridge structure. It is through the establishment of a clearing house for CA, by it to various forms of trust and cross-domain authentication, and as with other PKI / CA build bridges of confidence. Clearinghouse CA CA as an independent center, and trust each CA domain, including an independent CA, mesh, hierarchy or structure of the CA domain, on an equal cross-certification, the establishment of reciprocal trust, allows the user to retain their own original trust anchor.

CA as a trusted central exchange point and passed the intermediate focal point, making any structural type of PKI structures can be connected through this central structure, to achieve mutual trust and confidence in each individual cross-domain through the exchange center CA extends to the entire PKI system. Centre for the exchange of CA as a trusted intermediary, it is different from a root CA, it is not the start and end point of the entire trust, not the entire bridge in the domain of trust anchor, and trust each CA domain retains the trust of their original source.

In this structure, the trust's transfer is not as strict as the hierarchy, all entities to a trusted root CA key as the anchor, rather than the exchange of CA's key centers as anchors. Each end-entity with its root CA in the domain key, followed by the certification path processing to obtain central CA key, and then get another field center of a CA key, and finally achieved the goal that the terminal domain entity key. Certificate path processing generally use "heuristics" or "graph theory method", as the depth or complexity of the path varies.

Advantage

鈼?Bridge CA Centre as the different trust domains trust the bridge and guarantor of exchange, assume the role of third parties, such a neutral position with supervision will be conducive to safeguarding the credibility of the whole system based on trust and seriousness. The establishment of the exchange center will establish a set of CA on the CA to achieve mutual trust resources, methods, strategies, norms and other rules of the article, the different CA to audit and supervision of the trust domain, thus ensuring the reliability of the entire chain of trust.

鈼?Switching Center CA trust model structure is different from the network structure is also different from the hierarchy, but a focal point of the wheel there is a radiation-like structure. It is an open trust model, in passing this bridge CA trust level below the network still allow the existence of cross-certification, certification level of the root CA trust chain exists different.

鈼?in the structure to increase or reduce a CA or PKI domain is relatively easy. Changes in the size of its system, the trust relationship easier to manage.

鈼?The bridge CA approach, n a CA certificate need to cross only the number of n, from a management point of view, very economical and simple.

Shortcoming

鈼?PKI architecture more complex, including the hierarchical structure, network structure and trust in the list structure, thus forming a variety of different features of PKI structures connected to form a complex search for the certificate and certificate path validation and complex problems;

鈼?鍦ㄤ俊浠诲叧绯荤殑寤虹珛鏂归潰锛屾ˉCA鏄悇淇′换鍩熷缓绔嬩俊浠诲叧绯荤殑妗ユ锛屼笉寮鸿皟寤虹珛缁熶竴鐨勮瘉涔︾瓥鐣ワ紝鍗充笉寮鸿皟鍦ㄥ缓绔嬩俊浠诲叧绯绘椂蹇呴』閬靛惊浜ゅ弶璁よ瘉璇佷功涓墍纭畾鐨勬媴淇濈瓑绾т箣闂寸殑涓?竴鏄犲皠鍏崇郴銆傝繖姣斿眰娆$粨鏋勪腑蹇呴』缁忚繃涓ぎ璁よ瘉鏈烘瀯缁熶竴璁よ瘉鏈夋墍鍖哄埆銆?br />





相关链接:



Easy Food And Drink



I used so cool Music box, easy to download favorite songs



Getting Started with Corel Draw 10 (4) hands to Create vector graphics (1)



Ansys thermal analysis guide chapter ii



MPG to 3GP



New System Utilities



Flash highlights examples of forms produced (7)



H.264 To AVI



MPEG to MOV



Unix's "new life"



RMAN Beginners Guide



Trace And Ping Tools reviews



Foxconn high price told reporters: an Asymmetric war



"Golden Land PROJECT" supervision of our lifeline



Expert Gallery And Cataloging Tools



Performance Evaluation Of 10 Folly



No comments:

Post a Comment