A calculus for security boots trapping in distributed systems *

A calculus of channel security properties is presented which allows the analysis and comparison of protocols for establishing secure channels in a distributed open system at a high level of abstraction. A channel is characterized by its direction, its time of availability and its security properties. Cryptographic primitives as well as trust relations are interpreted as transformations for channel security properties, and a cryptographic protocol can be viewed as a sequence of such transformations. A protocol thus allows to transform a set of secure channels established during an initial setup phase, together with a set of insecure channels available during operation of the system, into the set of secure channels specified by the security requirements. The necessary and sufficient requirements for establishing a secure channel between two entities A and B are characterized in terms of secure channels to be made available during the initial setup phase and in terms of the minimal trust A and B must have into other entities or into trusted third parties.