Skip to main content
Springer Nature Link
Log in

Trust Views for the Web PKI

  • Conference paper
Public Key Infrastructures, Services and Applications (EuroPKI 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8341))

Included in the following conference series:

  • 885 Accesses

Abstract

The steadily growing number of certification authorities (CAs) assigned to the Web Public Key Infrastructure (Web PKI) and trusted by current browsers imposes severe security issues. Apart from being impossible for relying entities to assess whom they actually trust, the current binary trust model implemented with the Web PKI makes each CA a single point of failure. In this paper, we present the concept of trust views to manage variable trust levels for exactly those CAs actually required by a relying entity. This reduces the set of trusted CAs and minimizes the risk to rely on malicious certificates issued due to CA failures or compromises.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Braun, J., Rynkowski, G.: The potential of individualized trusted root stores: Minimizing the attack surface in the light of ca failures. Cryptology ePrint Archive, Report 2013/275 (2013), http://eprint.iacr.org/

  2. Carnegie Mellon University. Perspectives Project, http://perspectives-project.org/ (visited July 2012)

  3. Chadwick, D.W., Basden, A.: Evaluating trust in a public key certification authority. Computers & Security 20(7), 592–611 (2001)

    Article  Google Scholar 

  4. Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., Polk, W.: RFC 5280 – Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280 (Proposed Standard) (2008)

    Google Scholar 

  5. Eckersley, P., Burns, J.: The (Decentralized) SSL Observatory. Invited talk at 20th USENIX Security Symposium (August 2011)

    Google Scholar 

  6. The EFF SSL Observatory, https://www.eff.org/observatory

  7. Ellison, C., Schneier, B.: Ten Risks of PKI: What You’re Not Being Told About Public Key Infrastructure. Computer Security Journal 16(1), 1–7 (2000)

    Google Scholar 

  8. Evans, C., Palmer, C., Sleevi, R.: Public Key Pinning Extension for HTTP. Internet-Draft (2013)

    Google Scholar 

  9. Gutmann, P.: Pki: it’s not dead, just resting. Computer 35(8), 41–49 (2002)

    Article  Google Scholar 

  10. Gutmann, P.: Engineering Security (2013), Book draft available online at http://www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf

  11. h online. Flame – oversights and expertise made for Windows Update worst case scenario, http://h-online.com/-1614234 (visited July 2012)

  12. h online. Fake Google certificate is the result of a hack, http://h-online.com/-1333728 (visited November 2011)

  13. Herley, C.: So long, and no thanks for the externalities: the rational rejection of security advice by users. In: Proceedings of the 2009 Workshop on New Security Paradigms Workshop, NSPW 2009, pp. 133–144. ACM, New York (2009)

    Chapter  Google Scholar 

  14. Holz, R., Braun, L., Kammenhuber, N., Carle, G.: The ssl landscape: a thorough analysis of the x.509 pki using active and passive measurements. In: Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference, IMC 2011, pp. 427–444. ACM, New York (2011)

    Chapter  Google Scholar 

  15. Huang, J., Nicol, D.: A calculus of trust and its application to pki and identity management. In: IDTrust 2009, pp. 23–37. ACM, New York (2009)

    Google Scholar 

  16. ICSI. The ICSI Certificate Notary (2013), http://notary.icsi.berkeley.edu/

  17. Jøsang, A.: A logic for uncertain probabilities. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems 9, 279–311 (2001)

    MathSciNet  Google Scholar 

  18. Jøsang, A., Ismail, R.: The beta reputation system. In: Proceedings of the 15th Bled Electronic Commerce Conference (2002)

    Google Scholar 

  19. Jøsang, A., Ismail, R., Boyd, C.: A survey of trust and reputation systems for online service provision. Decision Support Systems 43, 618–644 (2007)

    Article  Google Scholar 

  20. Jøsang, A.: An algebra for assessing trust in certification chains. In: Proceedings of the Network and Distributed Systems Security Symposium (NDSS 1999). The Internet Society (1999)

    Google Scholar 

  21. Marlinspike, M.: Convergence, http://convergence.io/ (visited July 2012)

  22. Maurer, M.-E., Luca, A.D., Kempe, S.: Using data type based security alert dialogs to raise online security awareness. In: SOUPS, p. 2 (2011)

    Google Scholar 

  23. Maurer, U.M.: Modelling a Public-Key Infrastructure. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 325–350. Springer, Heidelberg (1996)

    Chapter  Google Scholar 

  24. PSYC. Certificate Patrol, http://patrol.psyced.org/

  25. Ries, S.: Extending bayesian trust models regarding context-dependence and user friendly representation. In: Proceedings of the 2009 ACM Symposium on Applied Computing, pp. 1294–1301. ACM, New York (2009)

    Chapter  Google Scholar 

  26. Ries, S., Habib, S.M., Mühlhäuser, M., Varadharajan, V.: Certainlogic: A logic for modeling trust and uncertainty (short paper). In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, A.-R., Sasse, A., Beres, Y. (eds.) Trust 2011. LNCS, vol. 6740, pp. 254–261. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  27. Ruohomaa, S., Kutvonen, L., Koutrouli, E.: Reputation management survey. In: Seventh International Conference on Availability, Reliability and Security (ARES 2007), pp. 103–111 (2007)

    Google Scholar 

  28. Sunshine, J., Egelman, S., Almuhimedi, H., Atri, N., Cranor, L.F.: Crying wolf: An empirical study of ssl warning effectiveness (2009), http://static.usenix.org/event/sec09/tech/full_papers/sunshine.pdf

  29. Wazan, A.S., Laborde, R., Barrère, F., Benzekri, A.: A formal model of trust for calculating the quality of x.509 certificate. Security and Communication Networks 4(6), 651–665 (2011)

    Article  Google Scholar 

  30. Wazan, A.S., Laborde, R., Barrère, F., Benzekri, A.: The x.509 trust model needs a technical and legal expert. In: ICC, pp. 6895–6900 (2012)

    Google Scholar 

  31. Weaver, G.A., Rea, S., Smith, S.W.: A computational framework for certificate policy operations. In: Martinelli, F., Preneel, B. (eds.) EuroPKI 2009. LNCS, vol. 6391, pp. 17–33. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  32. Zhang, Y., Hong, J.I., Cranor, L.F.: Cantina: a content-based approach to detecting phishing web sites. In: WWW 2007: Proceedings of the 16th International Conference on World Wide Web, pp. 639–648. ACM, New York (2007)

    Chapter  Google Scholar 

  33. Zimmermann, P.R.: The official PGP user’s guide. MIT Press, Cambridge (1995)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Technische Universität Darmstadt/CASED, Hochschulstraße 10, 64283, Darmstadt, Germany

    Johannes Braun, Florian Volk, Johannes Buchmann & Max Mühlhäuser

Authors
  1. Johannes Braun
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Florian Volk
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Johannes Buchmann
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Max Mühlhäuser
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Digital Systems, University of Piraeus, 150 Androutsou St., 185 32, Piraeus, Greece

    Sokratis Katsikas

  2. Department of Computer Science, University of Malaga, Campus de Teatinos s/n, 29071, Málaga, Spain

    Isaac Agudo

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Braun, J., Volk, F., Buchmann, J., Mühlhäuser, M. (2014). Trust Views for the Web PKI. In: Katsikas, S., Agudo, I. (eds) Public Key Infrastructures, Services and Applications. EuroPKI 2013. Lecture Notes in Computer Science, vol 8341. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-53997-8_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-53997-8_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-53996-1

  • Online ISBN: 978-3-642-53997-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics