Asymmetric Cryptography and Entity Recognition

Our CTK also supports traditional asymmetric (public-key) cryptographic signatures as yet
another possible technique for address authentication. Note that, unlike in the traditional
signature methods mentioned in the introduction, there is no need to bind the key to a
real-world identity – the key needs only to be bound to an email address the user has
already established a trusting relationship with. The creation of this trusting
relationship could take place in many different waysout of band, using a trust/risk
security framework as described in the next section, or using a CTK bootstrapping protocol
using C/R, which this time can be based on a cryptographic nonce challenge signed by the
receiver’s private key. The response must be signed by the sender’s private key and once
the bootstrapping is completed, it may be sufficient to rely on local checks of shared
hashes of past messages and not use challenge/response each time an email is received.
The extended sequence is described in Fig. 1.

Claim Tool Kit(CTK)

 

Fig. 1. Extended Newcomer Bootstrapping Sequence

By using a suitable trust-establishment protocol, effectively the requirement is changed
from the need to authenticate a realworld identity to the ability to recognise a
triggering entity for whom trust information can then be accessed. To allow for dynamic
enrolment of strangers and unknown entities (as it is required in the standard email system),
we have proposed an entity recognition (ER) process.

The ER process consists of four steps:
1. Triggering of the recognition mechanism.
2. Detective Work to recognize the entity using the available recognition scheme(s).
3. Discriminative Retention of information relevant for possible recall or recognition.
4. Upper-level Actions based on the outcome of recognition with a level of confidence in recognition.

Generally, in order to increase the level of confidence in whether it is a spoofing attack
or not, challenge/response, check of common hashes and signature verification as well as other
recognition/authentication schemes may be combined.

Advertisements

, , , , , , , ,

  1. Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: