It is common to implement access control, confidentiality, and data integrity within computer networks by means of cryptography. A common solution is to use end-to-end encryption, i.e., to cryptographically protect sessions initiated by a user or a computer program and terminated at a host device such as a server, a computer or other data processing device connected to a computer network. A network host may offer information resources, services, and applications to users or other nodes on the network. For instance, the SSH-2 (Secure Shell 2) protocol implements end-to-end encryption. SSH-2, among other security protocols, can allow users to authenticate themselves by using public-key cryptography.
In public key cryptography authentication schemes, keys are created in pairs comprising a private key and a public key. A user who wants to be authenticated has to demonstrate controlling or possessing a private key, without disclosing the private key itself. The host towards which the user is authenticating is configured to accept the corresponding public key. When the user demonstrates being in possession of a private key whose public key counterpart is registered as a public key granting access on the destination host, the user is allowed some type of system access on the destination host.
This mechanism creates a relationship between the private key and the target host via the public key, as the target host allows some form of access by an entity (a human operator or a computer program) who can demonstrate possessing the private key. Such relationships are called trust relationships. A trust relationship between a private key and a host can be extended to include (a) the host on which the private key is stored; (b) the user who is considered to be in control of that private key, or a group of users; and (c) the services or a group of services that are enabled for the private key, which can include for example unrestricted shell access or restricted system operations.
Cryptographic protocols have been used to secure end-to-end communications and to provide access control within computer networks for several decades. Security-conscious organizations need to be able to discover and catalogue existing trust relationships (rights to access services and other resources) within their networks. A reason for this is that traditionally users are able to create new private-public key pairs and register them to grant access to resources, that is, to create trust relationships, without centralized review or logging of created relationships. Additionally, when persons leave from organizations, it can happen that trust relationships they have created, or were created for them, are left intact and even forgotten. Large organizations may have millions of trust relationships that are unknown, abandoned, or in some other form not accounted for.
The previously known methods for discovering trust relationships are based on scanning network hosts for private keys and for access-granting public keys. This approach can suffer from certain drawbacks. Scanning based operation can require the discovery process to have universal access to all hosts within the network, making the discovery process itself a security risk. Additionally, the process can be slow as all the file systems have to be scanned in search for cryptographic keys. Additionally, the process may not be robust enough, as keys can be stored in non-standard locations. The keys may also be scrambled or encrypted so that a discovery process may not be able to detect them. Additionally, the processing may create extra load on the computer network both in terms of network as well as CPU (central processing unit) use. Furthermore, the procedure may not help in direct discovery of usage or access patterns but may only reveal static relationships between stored private keys and access-granting public keys.