Risk assessment of X.509 certificate by evaluating Certification Practice Statements
01 Dec 2016-pp 501-506
TL;DR: A model which calculates the risk associated with X.509 certificates by evaluating Certificate Practice statement (CPS) document and by using certain trust criteria is suggested, which has application in detecting phishing websites which contain Https URL.
Abstract: Now a days, a lot of people and groups are using X.509 certificates to represent their identity, during online trade, so the level of purity and trustworthiness of these certificates becomes dubious. Hence, we have suggested a model which calculates the risk associated with X.509 certificates by evaluating Certificate Practice statement (CPS) document and by using certain trust criteria. For evaluating CPS document we have proposed a novel algorithm which locates certain attributes, in the CPS document. We are referring to these attributes from the prior paper of Omar and Lindsay. Our model categorizes risk in three levels-High, Medium and Low risk. It has application in detecting phishing websites which contain Https URL.
References
More filters
10 Jun 2012
TL;DR: A new role of technical and legal expert is introduced into the X.509 trust model to help the RP make this task for each and every CA chosen by the certificate holders.
Abstract: The X.509 trust model is based on three entities: the certification authority (CA), the certificate holder and the relying party (RP). The CA plays the role of a trusted third party between the certificate holder and the RP. It guarantees to the RP the correctness of the certificate information. This trust model is based on hypothesis that RPs have a predefined trust relation with a CA and that the trust level in CA can be determined by reading and analyzing a set of technical and legal documents. The X.509 trust model is so complex to RPs because an RP must realize this task for each and every CA chosen by the certificate holders. We introduce a new role of technical and legal expert into the X.509 trust model to help the RP make this task.
13 citations
20 Apr 2006
TL;DR: This paper addresses the issue of rating the trustworthiness level of entities holding certificates issued by otherwise unconnected certification authorities by defining a set of criteria that have to apply to the certificate policy (CP) that rules their certificates.
Abstract: This paper extends the work described in "An Approach to the Formalisation of a Certification Policy", 7th International Symposium on System and Information Security (SSI 2005) by developing the preliminary formalisation process. It addresses the issue of rating the trustworthiness level of entities holding certificates issued by otherwise unconnected certification authorities by defining a set of criteria that have to apply to the certificate policy (CP) that rules their certificates. A semantic meaning of these criteria is given in this paper.
8 citations
18 Nov 2008
TL;DR: This paper presents an approach that helps a relying party to assess thequality of a certificate that is related to the quality of CA policy and its commitment to it.
Abstract: The growing number of PKIs (Public Key Infrastructure) and the increasing number of situations where partners of a transaction may carry certificates signed by different CAs (Certification Authority) point out the problematic of trust between the different CAs. The degree to which a relying party can trust a CA depends upon the quality of its announced policy and its commitment to this policy. In this paper, we present an approach that helps a relying party to assess the quality of a certificate that is related to the quality of CA policy and its commitment to it.
8 citations
01 Jan 2010
TL;DR: This paper presents a model for evaluating trust in X.509 certificates that considers extended certification fields, rating services and certification policy formalization methods to find a good way for determining the trust level of a single certificate.
Abstract: Currently, X.509 certificates are the de facto standard for verified identification of a person or entity on the Internet. As more and more people and organizations are using X.509 certificates to prove their identities in online transactions, the reliability and trust level of certificates come into question. X.509 certificates are based on public key cryptography such as the RSA scheme. However, the certificate granting process is based on the certification policy of the certification authority. Non-conformant issuing policies turn the trust evaluation of a certificate into a subjective matter which creates a lack of interoperability among certificates and certificate authorities. This paper presents a model for evaluating trust in X.509 certificates. Our model considers extended certification fields, rating services and certification policy formalization methods to find a good way for determining the trust level of a single certificate.
3 citations