Wazan, Ahmad Samer, Laborde, Romain, Chadwick, David W., Barrere, Francois, Benzekri, Abdelmalek, Habbal, Abid M.M., Kaiiali, Mustafa (2017) Trust Management for Public Key Infrastructures: Implementing the X.509 Trust Broker. Security and Communication Networks, 2017 (690714). pp. 1-23. ISSN 1939-0114. E-ISSN 1939-0122. (doi:10.1155/2017/6907146) (KAR id:60311)
PDF
Publisher pdf
Language: English
This work is licensed under a Creative Commons Attribution 4.0 International License.
|
|
Download this file (PDF/3MB) |
Preview |
Request a format suitable for use with assistive technology e.g. a screenreader | |
Official URL: http://dx.doi.org/10.1155/2017/6907146 |
Abstract
A Public Key Infrastructure (PKI) is considered one of the most important techniques used to propagate trust in authentication over the Internet. This technology is based on a trust model defined by the original X.509 (1988) standard and is composed of three entities: the Certification Authority (CA), the certificate holder (or subject) and the Relying Party (RP). The CA plays the role of a trusted third party between the certificate holder and the RP. In many use cases, this trust model has worked successfully. However on the Internet, PKI technology is currently facing many obstacles that slow down its global adoption. In this paper, we argue that most of these obstacles boil down to one problem, which is the trust issue, i.e. how can an RP trust an unknown CA over the Internet? We demonstrate that the original X.509 trust model is not appropriate for the Internet and must be extended to include a new entity, called the Trust Broker, which helps RPs make trust decisions about CAs. We present an approach to assess the quality of a certificate that is related to the quality of the CA’s policy and its commitment to it. The Trust Broker, which is proposed for inclusion in the 2016 edition of X.509, could follow this approach to give RPs trust information about CAs. Finally, we present a prototype Trust Broker that demonstrates how RPs can make informed decisions about certificates in the context of the Web, by using its services.
Item Type: | Article |
---|---|
DOI/Identification number: | 10.1155/2017/6907146 |
Uncontrolled keywords: | Public Key Infrastructure, X.509, Certification Authority, Relying Party, trust model, Trust Broker. |
Subjects: |
Q Science > QA Mathematics (inc Computing science) > QA 75 Electronic computers. Computer science Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming, > QA76.76 Computer software |
Divisions: | Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing |
Depositing User: | David Chadwick |
Date Deposited: | 10 Feb 2017 10:51 UTC |
Last Modified: | 05 Nov 2024 10:53 UTC |
Resource URI: | https://kar.kent.ac.uk/id/eprint/60311 (The current URI for this page, for reference purposes) |
- Link to SensusAccess
- Export to:
- RefWorks
- EPrints3 XML
- BibTeX
- CSV
- Depositors only (login required):