Table of Contents Author Guidelines Submit a Manuscript
Security and Communication Networks
Volume 2017, Article ID 6907146, 23 pages
https://doi.org/10.1155/2017/6907146
Research Article

Trust Management for Public Key Infrastructures: Implementing the X.509 Trust Broker

1Paul Sabatier University, Toulouse, France
2University of Kent, Kent, UK
3Queen’s University, Belfast, UK
4Universiti Utara Malaysia, Kedah, Malaysia

Correspondence should be addressed to Ahmad Samer Wazan; rf.tiri@nazaw.remas-damha

Received 25 July 2016; Revised 21 November 2016; Accepted 12 December 2016; Published 9 February 2017

Academic Editor: Barbara Masucci

Copyright © 2017 Ahmad Samer Wazan et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Linked References

  1. Lenovo, “Superfish attack,” 2015, https://twitter.com/kennwhite/status/568270748638318593.
  2. Lenovo, Guidelines for removing superfish, 2015, https://support.lenovo.com/fr/en/product_security/ps500066.
  3. Dell, Dell edellroot, 2015, http://www.dell.com/support/article/us/en/19/SLN300321.
  4. Dell, “Guidelines for removinf the ca of dell,” 2015, http://www.dell.com/support/article/fr/fr/frbsdt1/SLN300321?c=fr&l=fr&s=bsd&cs=frbsdt1.
  5. Z. Ye, S. Smith, and D. Anthony, “Trusted paths for browsers,” ACM Transactions on Information and System Security, vol. 8, no. 2, pp. 153–186, 2005. View at Publisher · View at Google Scholar · View at Scopus
  6. J. Marchesini and S. Smith, “Modeling public key infrastructures in the real world,” in Public Key Infrastructure, D. Chadwick and G. Zhao, Eds., vol. 3545 of Lecture Notes in Computer Science, pp. 118–134, Springer, Berlin, Germany, 2005. View at Google Scholar
  7. A. Jøsang, I. Glenn Pedersen, and D. Povey, “PKI seeks a trusting relationship,” in Information Security and Privacy: 5th Australasian Conference, ACISP 2000, Brisbane, Australia, July 10–12, 2000. Proceedings, vol. 1841 of Lecture Notes in Computer Science, pp. 191–205, Springer, Berlin, Germany, 2000. View at Publisher · View at Google Scholar
  8. R. Dhamija, J. D. Tygar, and M. Hearst, “Why phishing works,” in Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '06), pp. 581–590, ACM, Montréal, Canada, 2006.
  9. J. Sunshine, S. Egelman, H. Almuhimedi, N. Atri, and L. F. Cranor, “Crying wolf: an empirical study of SSL warning effectiveness,” in Proceedings of the 18th Conference on USENIX Security Symposium (SSYM '09), pp. 399–416, USENIX Association, Montreal, Canada, August 2009.
  10. R. Dhamija and L. Dusseault, “The seven flaws of identity management: usability and security challenges,” IEEE Security and Privacy, vol. 6, no. 2, pp. 24–29, 2008. View at Publisher · View at Google Scholar · View at Scopus
  11. R. Biddle, P. C. Van Oorschot, A. S. Patrick, J. Sobey, and T. Whalen, “Browser interfaces and extended validation SSL certificates: an empirical study,” in Proceedings of the ACM Workshop on Cloud Computing Security (CCSW '09), pp. 19–30, New York, NY, USA, November 2009. View at Publisher · View at Google Scholar · View at Scopus
  12. A. S. Wazan, R. Laborde, D. W. Chadwick, F. Barrere, and A. Benzekri, “Which web browsers process ssl certificates in a standardized way?” in Emerging Challenges for Security, Privacy and Trust, D. Gritzalis and J. Lopez, Eds., vol. 297 of IFIP Advances in Information and Communication Technology, pp. 432–442, Springer, Berlin, Germany, 2009. View at Google Scholar
  13. N. Luhmann, “Familiarity, confidence, trust: problems and alternatives,” in Trust: Making and Breaking Cooperative Relations, D. Gambetta, Ed., chapter 6, pp. 94–107, Department of Sociology, University of Oxford, 2000. View at Google Scholar
  14. Google, Certificate transparency project, 2015, https://www.certificate-transparency.org.
  15. L. Chuat, P. Szalachowski, A. Perrig, B. Laurie, and E. Messeri, “Efficient gossip protocols for verifying the consistency of certificate logs,” in Proceedings of the 3rd IEEE International Conference on Communications and Network Security (CNS '15), pp. 415–423, IEEE, Florence, Italy, September 2015. View at Publisher · View at Google Scholar · View at Scopus
  16. Electronic Frontier Foundation, Sovereign keys project, 2015, https://www.eff.org/fr/sovereign-keys.
  17. R. Sleevi, C. Evans, C. Palmer, and Google Inc, “Public key pinning extension for HTTP,” Tech. Rep. Rfc7469, 2015, https://tools.ietf.org/html/rfc7469. View at Google Scholar
  18. A. S. Wazan, R. Laborde, F. Barrere, and A. Benzekri, “The X.509 trust model needs a technical and legal expert,” in Proceedings of the IEEE International Conference on Communications (ICC '12), Ottawa, Canada, June 2012. View at Publisher · View at Google Scholar · View at Scopus
  19. A. S. Wazan, R. Laborde, F. Barrere, A. Benzekri, and D. W. Chadwick, “PKI interoperability: still an issue? A solution in the X.509 realm,” in Information Assurance and Security Education and Training, pp. 68–82, Springer, Berlin, Germany, 2013. View at Google Scholar
  20. ITU, Current Status of the Eighth Edition of x.509 Standard, 2016, http://www.itu.int/itu-t/aap/AAPRecDetails.aspx?AAPSeqNo=5686.
  21. W. A. Samer, L. Romain, B. Francois, and B. AbdelMalek, “A formal model of trust for calculating the quality of X.509 certificate,” Security and Communication Networks, vol. 4, no. 6, pp. 651–665, 2011. View at Publisher · View at Google Scholar · View at Scopus
  22. W. T. Polk and N. E. Hastings, “Bridge certification authorities: connecting b2b public key infrastructures,” 2000, http://csrc.nist.gov/groups/ST/crypto_apps_infra/documents/B2B-article.pdf.
  23. Gatekeeper PKI Framework, “Cross recognition policy,” 2009, https://www.finance.gov.au/sites/default/files/Cross_Recognition_Policy.pdf.
  24. Mozilla, “Mozilla CA certificate inclusion policy,” https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/inclusion/.
  25. Microsoft, Microsoft root certificate program, 2009, http://technet.microsoft.com/en-us/library/cc751157.aspx.
  26. S. P. Marsh, Formalising trust as a computational concept [Ph.D. thesis], Department of Computer Science and Mathematics, University of Stirling, 1994.
  27. M. Deutsch, Cooperation and Trust: Some Theoretical Notes, Nebraska University Press, 1962.
  28. N. Luhmann, Trust and Power, John Wiley & Sons, 1979.
  29. B. Barber, Logic and Limits of Trust, Rutgers University, 1983.
  30. A. Baier, “Trust and antitrust,” Ethics, vol. 96, no. 2, pp. 231–260, 1986. View at Publisher · View at Google Scholar
  31. D. Gambetta, “Can we trust trust?” in Trust: Making and Breaking Cooperative Relations, D. Gambetta, Ed., pp. 213–237, Blackwell, 1988. View at Google Scholar
  32. A. Jøsang, “The right type of trust for distributed systems,” in Proceedings of the the workshop on new security paradigms (NSPW '96), pp. 119–131, Lake Arrowhead, Calif, USA, September 1996. View at Publisher · View at Google Scholar
  33. A. S. Wazan, R. Laborde, F. Barrére, and A. Benzekri, “Validating X.509 certificates based on their quality,” in Proceedings of the 9th International Conference for Young Computer Scientists (ICYCS '08), pp. 2055–2060, IEEE, Hunan, China, November 2008. View at Publisher · View at Google Scholar · View at Scopus
  34. J. Sabater and C. Sierra, “Regret: reputation in gregarious societies,” in Proceedings of the 5th International Conference on Autonomous Agents (AGENTS ’01), pp. 194–195, Montreal, Canada, June 2001. View at Scopus
  35. D. W. Chadwick and A. Basden, “Evaluating trust in a public key certification authority,” Computers & Security, vol. 20, no. 7, pp. 592–611, 2001. View at Publisher · View at Google Scholar · View at Scopus
  36. J. Dumortier, S. Kelm, H. Nilsson, G. Skouma, and P. van Eecke, “Study for the European Commission: the legal and market aspects of electronic signatures,” Tech. Rep., European Commission, 2003. View at Google Scholar
  37. CABrowser Forum, “Guidelines for the issuance and management of extended validation certificates v1.5.2,” https://cabforum.org/wp-content/uploads/ EV-V1_5_2Libre.pdf.
  38. M. Georgiev, S. Iyengar, S. Jana, R. Anubhai, D. Boneh, and V. Shmatikov, “The most dangerous code in the world: validating SSL certificates in non-browser software,” in Proceedings of the ACM Conference on Computer and Communications Security (CCS '12), pp. 38–49, ACM, Raleigh, Calif, USA, October 2012. View at Publisher · View at Google Scholar · View at Scopus