Issues in initializing security

Abstract

Initialization of security in a system must correctly capture the underlying prior context of trust assumptions. Technical security mechanisms like security protocols and cryptographic algorithms cannot be effective unless the initialization is done properly. We identify three sources of difficulty in initializing security: (1) basing initialization on real-world identities is expensive, (2) some usage scenarios require new types of indexical prior contexts, and (3) in certain systems, there may not be any real world prior context to link to. We provide an overview of these difficulties and how some recent research work is attempting to address them