Dimitrios Lekkas - Information and Communication Systems Security, using Trusted Third Party Services

A reference to this work should always be done using the following citation:

(T2) Dimitrios Lekkas, "Information and Communication Systems Security, using Trusted Third Party Services", PhD Thesis, University of the Aegean, Samos, Greece, (January 2002)

Dimitrios Lekkas - Ph.D Thesis

Title: Information and Communication Systems Security, using Trusted Third Party Services

Full-Text (in Greek) in HTML
Full-Text (in Greek) in PDF Format (5,5 MB)
Presentation (in Greek) in PowerPoint (530 KB)

Abstract: The services provided by a Trusted Third Party play an important role in the assurance of the security characteristics of an Information System. The participation of a TTP in the environment of the IS causes direct or indirect modifications in the interactions between its elements. All the aspects that compose the functions of a TTP as an organization, are analysed in this context. During the study of the general principles it is concluded that the TTP plays an important role in the proactive control of the potential threats against an IS. The conflicts between policies adopted by different TTPs, the transitivity of trust and various technological incompatibilities cause serious interoperability problems. The policies consist a powerful mean of preserving the interoperability and the proposed meta-policy development system solves their conflicts. Trust is transitive and multiform and consists a fundamental principle for the existence and the operation of a TTP. The functional and technological aspects of the TTP operations are examined and the general, functional and ethical user requirements are listed. Successively, the services provided by the TTP in order to satisfy the user needs, are described in detail. Furthermore, a model for key administration and a model for privilege management are proposed. The design of a logical architecture for the Public Key Infrastructure is then approached in three abstraction levels. The proposed architecture is extensible, scaleable, flexible, based on standards and useful across national and application domains. The considerable and multiple role of the middleware technologies in the formation of an open, distributed architecture, is distinguished. Finally, the organisational aspects are analysed, where the quality assurance is examined under two perspectives: The quality of the management of the internal organisation and the quality of service.

Keywords: Trust, Cryptography, Interoperability, Policies, Certification services provider, Standards, Functional specifications, Architecture, Middleware, Technological profile, Quality.