PeerCert Information

Information

www.Peer-Cert.net provides a simulation platform for a Public-Key-Infrastructure (PKI)
based on a structured Peer-to-Peer (P2P) network.

Motivation

Asymmetric cryptography plays a decisive role for security in the internet
These methods require a proof of public-key authenticity
The goal of a Public-Key-Infrastructure (PKI) is to prove public-key authenticity
Existing PKIs are controlled by operating organisations (e.g. certificate authorities)
This conflicts with the internets paradigm of self-government

A PKI based on a P2P-Network enables higher user acceptance
and matches well the requirements of a widespread PKI for the internet.

Advantages

Independence of an operating organization
Intrinsic load distribution, e.g. for numerous certificate requests
Scalability, e.g. for numerous participants
Self administration
Fault resistance

Structure of the Peer-to-Peer Network
PeerCert ring

PeerCert Nodes are the participants of the P2P-network. They supply
some of their own ressources (e.g. storage space, bandwith) to other nodes and
use ressources of other nodes.
In PeerCert, a node gets an unique indentifier (e.g. N14), which is determined by
means of a hash-function, based on the physical network address of the node.
The identifiers are ordered with aid of modulo-arithmetic to a logical ring.
The P2P-part of PeerCert is based on FreePastry.
For further information we refer to http://freepastry.rice.edu/

PeerCert architecture

PeerCert consists of three parts:

PeerCert Node: communicates with other nodes, provides P2P functionality
PeerCert Client: user frontend, derives public-key authenticity, (connects to a PeerCert Node)
PeerCert Monitoring Server: central monitoring system for test and simulation

For simulation purposes, this site runs a PeerCert network with 20 nodes,
connected to a Monitoring Server. You can download the PeerCert Client software
and connect to an existing node of our PeerCert network. The Client allows you to
issue and retrieve certificate and recommendation messages. It enables you to
prove the authenticity of a public key based on retrieved messages from the P2P-network
and based on your local settings (private Trust and Aut statements, cf. below).

Note: The simulation is restarted every day at 03:00am CET. This procedure
discards all public messages.

system architecturet

PeerCert public messages

Certificates are the common messages which are transmitted in a PKI.
PeerCert uses the following string to represent public-key-certificates.

1. Certificates
certificate message type

Semantics: This message represents a digitally signed certificate, issued by node X.
The certificate attests the binding of node Y (subject of the certificate) to public key PY.
The digital signature of the message is valid, iff node X is the
authentic owner of public key PX, i.e. the digital signature can be validated via public key PX.

Graphical representation:

graphical certificate representation

2. Recommendations
A second type of message is used to express, that a certain node recommends another
node to be trustworty. Trust is the decisive factor for the acceptance of certificates
(cf. private trust statements). PeerCert uses the following string to represent a recommendation:
recommendation message type

Semantics: This message type is used to transport a recommendation of level i for node Y (subject).
It is issued and digitally signed by node X. The digital signature of the message is valid,
iff node X is the authentic owner of public key PX, i.e. the digital signature can be
validated via public key PX.

Graphical representation:

graphical recommendation representation

You can use the PeerCert Client software to issue certificate and recommendation messages.

PeerCert private statements

Private statements are used to describe a node's belief in other nodes. They are not accessible for
any other node except the local one. There are two types of private statements.

1. Authenticity
authenticity private statement

Semantics: This statement type denotes the local node’s conviction that node X is the
authentic owner of public key PX.

Graphical representation:

authenticity

2. Trust
trust private statement

Semantics: This statement type denotes the local node’s trust in a certain
node X with level i. It is used to represent the node’s degree of belief in node X
to act in accordance with its security requirements.

Graphical representation:

graphical authenticity represenation

You can use the PeerCert Client software to issue authenticity and trust statements.

PeerCert trust model

The PeerCert Client works in accordance with following five rules:

Trust(X, 1) denotes, that the node, which holds this
statement, is willing to accept certificate messages issued
by node X, but no recommendation message issued by node X.
Trust(X, i) with i > 1 denotes, that the node, which
holds this statement, is willing to accept recommendation
messages issued by node X with a level less than i.
A trust statement Trust(X, i) with i > 1 implies all trust
statements Trust(X, j) with j < i, particularly it implies
Trust(X, 1).
4. A recommendation message Rec(X, PX, Y, i) is treated
like the statement Trust(Y, i), if the node holds a
statement Trust(X, j) with j > i and if the
recommendation’s digital signature is valid.
A recommendation message Rec(X, PX, Y, i) with i > 1
implies all recommendation messages Rec(X, PX, Y, j) with j < i.

Rule number 1 links the trust model to the process of certificate verification (executed by
the PeerCert Client). Trust of level 1 in a certain node is demanded for the acceptance
of certificates, issued by this node. Recommendation messages can be the basis for new
trust in other nodes. They are used to communicate from one node to another that
a certain node is trustworthy.