Calculating and Evaluating Trustworthiness of Certification Authority

In  a  public  key  infrastructure  trust  model,  a  trust  is transferred along a set of certificates, issued by certificate authorities (CAs) considered  as  trustfully  third  parties,  providing  a  trust chain among  its  entities.  In  order  to  deserve  this trustworthiness,  a  CA should to apply the rigorous procedures for generating keys, checking the  identities,  and  following  reliable  security  practices.  Any deficiency in  these procedures  may influence its trustworthiness.  In this  context,  some  authorities  could  be  weaker  than  others.  Then, relying parties (RPs) and certificate holders (CHs) need a mechanism to evaluate CA trustworthiness. In this paper, we provide them this mechanism to have information about its trustworthiness. In fact, we propose  a  trust  level  calculation  algorithm  that  is  based  on  three parameters  which  are  the  CA  reputation,  the  quality  of  procedures described in the certificate policy and its security maturity level.

[1]  David M. Nicol,et al.  A calculus of trust and its application to PKI and identity management , 2009, IDtrust '09.

[2]  Vrushali Kulkarni,et al.  Risk Rating System of X.509 Certificates , 2016 .

[3]  Hanan El Bakkali,et al.  A predicate calculus logic for the PKI trust model analysis , 2001, Proceedings IEEE International Symposium on Network Computing and Applications. NCA 2001.

[4]  Max Mühlhäuser,et al.  CertainLogic: A Logic for Modeling Trust and Uncertainty - (Short Paper) , 2011, TRUST.

[5]  Oleena Thomas,et al.  Literature Analysis on Reputation Models for Feedback in E-commerce , 2015 .

[6]  Sean W. Smith,et al.  A Computational Framework for Certificate Policy Operations , 2009, EuroPKI.

[7]  E. Fess,et al.  Determining sample size. , 1995, Journal of hand therapy : official journal of the American Society of Hand Therapists.

[8]  Sanja Maravić Čisar,et al.  Optimization Methods of EWMA Statistics , 2012 .

[9]  S. W. Roberts,et al.  Control Chart Tests Based on Geometric Moving Averages , 2000, Technometrics.

[10]  James M. Lucas,et al.  Exponentially weighted moving average control schemes: Properties and enhancements , 1990 .

[11]  Abdelkader Ouali,et al.  Predictive preemptive certificate transfer in Cluster-Based Certificate Chain , 2014, Int. J. Commun. Networks Inf. Secur..

[12]  Georgios Mantas,et al.  PKI Security in Large-Scale Healthcare Networks , 2012, Journal of Medical Systems.

[13]  Ueli Maurer,et al.  Modelling a Public-Key Infrastructure , 1996, ESORICS.

[14]  S. Kent Evaluating certification authority security , 1998, 1998 IEEE Aerospace Conference Proceedings (Cat. No.98TH8339).

[15]  Romain Laborde,et al.  A formal model of trust for calculating the quality of X.509 certificate , 2011, Secur. Commun. Networks.

[16]  Carlisle Adams,et al.  Understanding PKI: Concepts, Standards, and Deployment Considerations , 1999 .

[17]  Romain Laborde,et al.  The X.509 trust model needs a technical and legal expert , 2012, 2012 IEEE International Conference on Communications (ICC).

[18]  Xianglin Wei,et al.  SMART: A Subspace based Malicious Peers Detection algorithm for P2P Systems , 2013, Int. J. Commun. Networks Inf. Secur..

[19]  Mehmet A. Orgun,et al.  Theory and Practice of Cryptography Solutions for Secure Information Systems , 2013 .

[20]  Peng Liu,et al.  Framework for Intrusion Tolerant Certification Authority System Evaluation , 2007, 2007 26th IEEE International Symposium on Reliable Distributed Systems (SRDS 2007).

[21]  V. Viji Rajendran,et al.  Hybrid model for dynamic evaluation of trust in cloud services , 2016, Wirel. Networks.

[22]  Max Mühlhäuser,et al.  Trust Views for the Web PKI , 2013, EuroPKI.

[23]  Max Mühlhäuser,et al.  A Distributed Reputation System for Certification Authority Trust Management , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[24]  Hanan El Bakkali,et al.  A comparative study of PKI trust models , 2014, 2014 International Conference on Next Generation Networks and Services (NGNS).

[25]  Warwick Ford,et al.  Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework , 2003, RFC.