Challenges of Establishing Trust in Online Entities and Beyond
暂无分享,去创建一个
In today's Internet, authenticating online entities is challenging since people lack the real-world cues upon which to base their context-dependent trust decisions. For example, how can a user confirm that a Facebook invitation truly originates from the claimed sender, as anyone can trivially set up a bogus online identity with someone else's photo? Given an SSL certificate warning, how can a user validate it be- fore proceeding, as the certificate could be legitimate (e.g., the certificate is signed by a legitimate authority that the browser does not recognize) or malicious (e.g., it is signed by a compromised CA)? This talk demonstrates that providing useful evidence can empower users to make informed context-dependent trust decisions regarding previously unknown entities in the context of identity and public-key authentication. We first introduce an identity authentication logic called RelationGram that visualizes interpersonal tie strength of virtual entities using both physical and social proximities [2,4]. RelationGram enables casual users to authenticate online identities in a safe and easy manner, and build trust in previously unknown online entities. We then introduce new public-key validation proposals called Accountable Key Infrastructure (AKI) [3] and Attack Resilient Public-Key Infrastructure (ARPKI) [1] that reduce the amount of trust in any single entity to improve the resilience of the current PKI systems. AKI and ARPKI support trust agility such that entities select a security policy for their public-key certificates, and checks and balances such that entities monitor each other for misbehavior and prevent a single point of failure. When users are given pieces of evidence to which they can easily relate, they can make context-dependent authentication decisions online and build trust in online entities. As concluding remarks, we highlight some of the remaining challenges and future research directions to truly empower users to make informed trust decisions.
[1] Collin Jackson,et al. Accountable key infrastructure (AKI): a proposal for a public-key validation infrastructure , 2013, WWW.
[2] Akira Yamada,et al. RelationGram: Tie-Strength Visualization for User-Controlled Online Identity Authentication , 2013, Financial Cryptography.
[3] Ralf Sasse,et al. ARPKI: Attack Resilient Public-Key Infrastructure , 2014, CCS.
[4] Adrian Perrig,et al. Soulmate or Acquaintance? Visualizing Tie Strength for Trust Inference , 2013, Financial Cryptography Workshops.