Overview

The holy grail of Internet security still remains a global authentication infrastructure that will be able to provide the basis for secure communications across a wide range of network technologies. The failure of Public Key Infrastructure (PKI) to fulfill this role clearly demonstrates the complexity of the problem and its interdisciplinary nature which transcends technical difficulties and has socioeconomic aspects. In CTVR, we focus on the economic dimensions of the problem and have performed a comparison of three existing public key authentication infrastructures. Specifically, we have conducted a security assessment of the PKI, Identity-Based Encryption (IBE) and Secure Shell (SSH) authentication systems while modelling the economic value exchanges between the participating actors. Our approach constitutes a step towards the examination of the authentication problem in a wider context than just a technical one. Finally, we have demonstrated how this research can help in the design of a solution for secure telecommunications.

The problem of authentication is fundamental to the security of communications protocols. As such, many infrastructural models have been proposed in the literature for addressing it in the global scale of the Internet. PKI, despite being the most widely deployed and commercially mature of these proposals, has failed to become accepted by the majority of system designers. Furthermore, many PKI providers have experienced significant losses. Newer authentication models, like IBE and SSH, have emerged to offer alternative solutions and compete with PKI in the commercial world. Although SSH has initially been designed to replace legacy insecure protocols for remote shell access, its underlying authentication model, which does not rely on any kind of infrastructure and external trusted third parties, can be used as an economic alternative to both PKI and IBE. This is achieved by accepting an authenticity risk in the initial exchange between two communicating entities. Understanding the trade-offs between risks and infrastructure costs related to these different authentication models can help us design and deploy security solutions using economic considerations.