Trust Management for Public Key Infrastructures: Implementing the X.509 Trust Broker

Wazan, Ahmad Samer and Laborde, Romain and Chadwick, David W. and Barrere, Francois and Benzekri, Abdelmalek and Habbal, Abid M.M. and Kaiiali, Mustafa (2017) Trust Management for Public Key Infrastructures: Implementing the X.509 Trust Broker. Security and Communication Networks, 2017 (690714). pp. 1-23. ISSN 1939-0114. E-ISSN 1939-0122. (doi:https://doi.org/10.1155/2017/6907146) (Full text available)

PDF - Publisher pdf

Creative Commons Licence
This work is licensed under a Creative Commons Attribution 4.0 International License.
Download (1MB) Preview
[img]
Preview
Official URL
http://dx.doi.org/10.1155/2017/6907146

Abstract

A Public Key Infrastructure (PKI) is considered one of the most important techniques used to propagate trust in authentication over the Internet. This technology is based on a trust model defined by the original X.509 (1988) standard and is composed of three entities: the Certification Authority (CA), the certificate holder (or subject) and the Relying Party (RP). The CA plays the role of a trusted third party between the certificate holder and the RP. In many use cases, this trust model has worked successfully. However on the Internet, PKI technology is currently facing many obstacles that slow down its global adoption. In this paper, we argue that most of these obstacles boil down to one problem, which is the trust issue, i.e. how can an RP trust an unknown CA over the Internet? We demonstrate that the original X.509 trust model is not appropriate for the Internet and must be extended to include a new entity, called the Trust Broker, which helps RPs make trust decisions about CAs. We present an approach to assess the quality of a certificate that is related to the quality of the CA’s policy and its commitment to it. The Trust Broker, which is proposed for inclusion in the 2016 edition of X.509, could follow this approach to give RPs trust information about CAs. Finally, we present a prototype Trust Broker that demonstrates how RPs can make informed decisions about certificates in the context of the Web, by using its services.

Item Type: Article
Uncontrolled keywords: Public Key Infrastructure, X.509, Certification Authority, Relying Party, trust model, Trust Broker.
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 75 Electronic computers. Computer science
Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming, > QA76.76 Computer software
Divisions: Faculties > Sciences > School of Computing > Security Group
Depositing User: David Chadwick
Date Deposited: 10 Feb 2017 10:51 UTC
Last Modified: 13 Feb 2017 10:30 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/60311 (The current URI for this page, for reference purposes)
Chadwick, David W.: https://orcid.org/0000-0003-3145-055X
  • Depositors only (login required):

Downloads

Downloads per month over past year