Petname

Last updated March 01, 2024

Petname systems are naming systems that claim to possess all three naming properties of Zooko's triangle - global, secure, and memorable.^[1] Software that uses such a system can satisfy all three requirements. Such systems can be used to enhance security, such as preventing phishing attacks.^[2] Unlike traditional identity systems, which focus on the service provider, Petname systems are decentralized and designed to facilitate the needs of the enduser as they interact with multiple services.^[3]^[4]

History

Though the Petname model was formally described in 2005 by Mark Stiegler, the potential of the system was discovered by several people successively.^[3]

Examples

The GNU Name System (GNS) – a decentralized alternative to DNS based on the principle of a petname system^[5]
CapDesk – a distributed desktop environment^[6]
Petname Tool (discontinued browser extension) – There was a browser extension available for Firefox called Petname Tool that allowed pet names to be assigned to secure websites. Use of this extension could help prevent phishing attacks.^[7]

PetName Markup Language

The PetName Markup Language (PNML) is a proposal for embedding Petname information into other systems using a custom markup language.^[4]

PNML consists of two tags:

<pn>pet-name-string</pn>
<key>stringified-cryptographic-key</key>

Related Research Articles

<span class="mw-page-title-main">World Wide Web</span> Linked hypertext system on the Internet

The World Wide Web is an information system that enables content sharing over the Internet through user-friendly ways meant to appeal to users beyond IT specialists and hobbyists. It allows documents and other web resources to be accessed over the Internet according to specific rules of the Hypertext Transfer Protocol (HTTP).

In cryptography and computer security, a man-in-the-middle (MITM) attack or on-path attack is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other, as the attacker has inserted themselves between the two parties.

Authorization or authorisation is the function of specifying access rights/privileges to resources, which is related to general information security and computer security, and to access control in particular. More formally, "to authorize" is to define an access policy. For example, human resources staff are normally authorized to access employee records and this policy is often formalized as access control rules in a computer system. During operation, the system uses the access control rules to decide whether access requests from (authenticated) consumers shall be approved (granted) or disapproved (rejected). Resources include individual files or an item's data, computer programs, computer devices and functionality provided by computer applications. Examples of consumers are computer users, computer software and other hardware on the computer.

In cryptography, a public key certificate, also known as a digital certificate or identity certificate, is an electronic document used to prove the validity of a public key. The certificate includes the public key and information about it, information about the identity of its owner, and the digital signature of an entity that has verified the certificate's contents. If the device examining the certificate trusts the issuer and finds the signature to be a valid signature of that issuer, then it can use the included public key to communicate securely with the certificate's subject. In email encryption, code signing, and e-signature systems, a certificate's subject is typically a person or organization. However, in Transport Layer Security (TLS) a certificate's subject is typically a computer or other device, though TLS certificates may identify organizations or individuals in addition to their core role in identifying devices. TLS, sometimes called by its older name Secure Sockets Layer (SSL), is notable for being a part of HTTPS, a protocol for securely browsing the web.

WASTE is a peer-to-peer and friend-to-friend protocol and software application developed by Justin Frankel at Nullsoft in 2003 that features instant messaging, chat rooms, and file browsing/sharing capabilities. The name WASTE is a reference to Thomas Pynchon's novel The Crying of Lot 49. In the novel, W.A.S.T.E. is an underground postal service.

GNUnet is a software framework for decentralized, peer-to-peer networking and an official GNU package. The framework offers link encryption, peer discovery, resource allocation, communication over many transports and various basic peer-to-peer algorithms for routing, multicast and network size estimation.

In cryptography, X.509 is an International Telecommunication Union (ITU) standard defining the format of public key certificates. X.509 certificates are used in many Internet protocols, including TLS/SSL, which is the basis for HTTPS, the secure protocol for browsing the web. They are also used in offline applications, like electronic signatures.

<span class="mw-page-title-main">Phishing</span> Form of social engineering

Phishing is a form of social engineering and scam where attackers deceive people into revealing sensitive information or installing malware such as ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim is navigating the site, and transverse any additional security boundaries with the victim. As of 2020, it is the most common type of cybercrime, with the FBI's Internet Crime Complaint Center reporting more incidents of phishing than any other type of computer crime.

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

Security Assertion Markup Language is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based markup language for security assertions. SAML is also:

Anti-pharming techniques and technology are used to combat pharming.

PNML may refer to:

Zooko's triangle is a trilemma of three properties that some people consider desirable for names of participants in a network protocol:

OpenDNS is an American company providing Domain Name System (DNS) resolution services—with features such as phishing protection, optional content filtering, and DNS lookup in its DNS servers—and a cloud computing security product suite, Umbrella, designed to protect enterprise customers from malware, botnets, phishing, and targeted online attacks. The OpenDNS Global Network processes an estimated 100 billion DNS queries daily from 85 million users through 25 data centers worldwide.

Zooko Wilcox-O'Hearn, is an American Colorado-based computer security specialist, self-proclaimed cypherpunk, and ex-CEO of the Electric Coin Company (ECC), a for-profit company leading the development of Zcash.

Internet censorship circumvention, also referred to as going over the wall or scientific browsing in China, is the use of various methods and tools to bypass internet censorship.

Browser security is the application of Internet security to web browsers in order to protect networked data and computer systems from breaches of privacy or malware. Security exploits of browsers often use JavaScript, sometimes with cross-site scripting (XSS) with a secondary payload using Adobe Flash. Security exploits can also take advantage of vulnerabilities that are commonly exploited in all browsers.

DNS-based Authentication of Named Entities (DANE) is an Internet security protocol to allow X.509 digital certificates, commonly used for Transport Layer Security (TLS), to be bound to domain names using Domain Name System Security Extensions (DNSSEC).

Trojan.Win32.DNSChanger is a backdoor trojan that redirects users to various malicious websites through the means of altering the DNS settings of a victim's computer. The malware strain was first discovered by Microsoft Malware Protection Center on December 7, 2006 and later detected by McAfee Labs on April 19, 2009.

References

↑ "An Introduction to Petname Systems".
↑ Sadek Ferdous; Audun Jøsang; Kuldeep Singh; Ravishankar Borgaonkar (2009). Security Usability of Petname Systems. Lecture Notes in Computer Science. Springer Science+Business Media. ISBN 9783642047657.
1 2 Audun Jøsang; Torleiv Maseng; Svein J. Knapskog (29 September 2009). Identity and Privacy in the Internet Age: 14th Nordic Conference on Secure IT Systems, NordSec 2009, Oslo, Norway, 14-16 October 2009, Proceedings. Springer Science & Business Media. pp. 1–. ISBN 978-3-642-04765-7.
1 2 "The PetName Markup Language".
↑ Schanzenbach, Martin; Grothoff, Christian; B., Fix (2022-02-03). "The GNU Name System". GNUnet. IETF. Retrieved 2022-02-04. The design of GNS incorporates the capability to integrate and coexist with DNS. GNS is based on the principle of a petname system and builds on ideas from the Simple Distributed Security Infrastructure [SDSI].
↑ "E and CapDesk".
↑ Markus Jakobsson; Steven Myers (2006). Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft . Wiley-Interscience. ISBN 0471782459.

External links

This cryptography-related article is a stub. You can help Wikipedia by expanding it.

This free and open-source software article is a stub. You can help Wikipedia by expanding it.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[petname-1] "An Introduction to Petname Systems".

[2] Sadek Ferdous; Audun Jøsang; Kuldeep Singh; Ravishankar Borgaonkar (2009). Security Usability of Petname Systems. Lecture Notes in Computer Science. Springer Science+Business Media. ISBN 9783642047657.

[JøsangMaseng2009-3] 1 2 Audun Jøsang; Torleiv Maseng; Svein J. Knapskog (29 September 2009). Identity and Privacy in the Internet Age: 14th Nordic Conference on Secure IT Systems, NordSec 2009, Oslo, Norway, 14-16 October 2009, Proceedings. Springer Science & Business Media. pp. 1–. ISBN 978-3-642-04765-7.

[pnml-4] 1 2 "The PetName Markup Language".

[5] Schanzenbach, Martin; Grothoff, Christian; B., Fix (2022-02-03). "The GNU Name System". GNUnet. IETF. Retrieved 2022-02-04. The design of GNS incorporates the capability to integrate and coexist with DNS. GNS is based on the principle of a petname system and builds on ideas from the Simple Distributed Security Infrastructure [SDSI].

[6] "E and CapDesk".

[7] Markus Jakobsson; Steven Myers (2006). Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft . Wiley-Interscience. ISBN 0471782459.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

v t e Object-capability security
Concepts	Principle of least privilege (PoLP) Confused deputy problem Ambient authority File descriptor C-list Object-capability model Capability-based security Capability-based addressing Zooko's triangle Petnames
Operating systems, kernels	Capsicum Fuchsia Genode GNOSIS → KeyKOS → EROS → CapROS Hydra iMAX 432 Midori NLTSS seL4 HarmonyOS (HarmonyOS NEXT) Phantom OS
Programming languages	Cajita E Joe-E Joule
File systems	Tahoe-LAFS
Specialised hardware	BiiN Cambridge CAP Flex IBM System/38 Intel iAPX 432 Plessey System 250