Trust Management for Public Key Infrastructures: Implementing the X.509 Trust Broker

A Public Key Infrastructure (PKI) is considered one of the most important techniques used to propagate trust in authentication over the Internet. This technology is based on a trust model defined by the original X.509 (1988) standard and is composed of three entities: the certification authority (CA...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	Security and communication networks 2017-01, Vol.2017 (2017), p.1-23
Hauptverfasser:	Habbal, Adib, Benzekri, Abdelmalek, Barrere, Francois, Chadwick, David W., Laborde, Romain, Wazan, Ahmad Samer, Kaiiali, Mustafa
Format:	Artikel
Sprache:	eng
Schlagworte:	Authentication Computer industry Computer Science Computers Embedded Systems Hardware Architecture Internet Networking and Internet Architecture Operating Systems Quality assessment Social networks Software Trust Trusted third parties Trustworthiness Web browsers
Online-Zugang:	Volltext
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page	23
container_issue	2017
container_start_page	1
container_title	Security and communication networks
container_volume	2017
creator	Habbal, Adib Benzekri, Abdelmalek Barrere, Francois Chadwick, David W. Laborde, Romain Wazan, Ahmad Samer Kaiiali, Mustafa
description	A Public Key Infrastructure (PKI) is considered one of the most important techniques used to propagate trust in authentication over the Internet. This technology is based on a trust model defined by the original X.509 (1988) standard and is composed of three entities: the certification authority (CA), the certificate holder (or subject), and the Relying Party (RP). The CA plays the role of a trusted third party between the certificate holder and the RP. In many use cases, this trust model has worked successfully. However, we argue that the application of this model on the Internet implies that web users need to depend on almost anyone in the world in order to use PKI technology. Thus, we believe that the current TLS system is not fit for purpose and must be revisited as a whole. In response, the latest draft edition of X.509 has proposed a new trust model by adding new entity called the Trust Broker (TB). In this paper, we present an implementation approach that a Trust Broker could follow in order to give RPs trust information about a CA by assessing the quality of its issued certificates. This is related to the quality of the CA’s policies and procedures and its commitment to them. Finally, we present our Trust Broker implementation that demonstrates how RPs can make informed decisions about certificate holders in the context of the global web, without requiring large processing resources themselves.
doi_str_mv	10.1155/2017/6907146
format	Article
fullrecord	<record><control><sourceid>proquest_hal_p</sourceid><recordid>TN_cdi_hal_primary_oai_HAL_hal_01740029v1</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2455779009</sourcerecordid><originalsourceid>FETCH-LOGICAL-c394t-704a8fbf3498a079b8a5fba8d362d09c7da8136a8bb8472e3f48043f20cb3f3f3</originalsourceid><addsrcrecordid>eNqF0M1LwzAYBvAgCs7pzbMEPIl2e_PRpvE2h7rhRA8TvIW0S7bOrp1Jq-y_t7NjHiWHhPDj4X0fhM4J9AgJwz4FIvqRBEF4dIA6RDIZAKH0cP8m_BideL8EiAgXvIOmU1f7Cj_rQs_NyhQVtqXDr3WSZyl-Mhs8LqzTvnJ1WtXO-Fs8Xq3zX5kVc1wtDH7vhSBxm3Pnyg_jTtGR1bk3Z7u7i94e7qfDUTB5eRwPB5MgZZJXgQCuY5tYxmWsQcgk1qFNdDxjEZ2BTMVMx4RFOk6SmAtqmOUxcGYppAmzzemiqzZ3oXO1dtlKu40qdaZGg4na_jV9cAAqv0hjL1u7duVnbXyllmXtimY8RXkYCiEBZKNuWpW60ntn7D6WgNp2rLYdq13HDb_eDZAVM_2d_acvWm0aY6z-0xQYNKv-AIIWg1s</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2455779009</pqid></control><display><type>article</type><title>Trust Management for Public Key Infrastructures: Implementing the X.509 Trust Broker</title><source>EZB-FREE-00999 freely available EZB journals</source><source>Wiley Online Library (Open Access Collection)</source><creator>Habbal, Adib ; Benzekri, Abdelmalek ; Barrere, Francois ; Chadwick, David W. ; Laborde, Romain ; Wazan, Ahmad Samer ; Kaiiali, Mustafa</creator><contributor>Masucci, Barbara ; Barbara Masucci</contributor><creatorcontrib>Habbal, Adib ; Benzekri, Abdelmalek ; Barrere, Francois ; Chadwick, David W. ; Laborde, Romain ; Wazan, Ahmad Samer ; Kaiiali, Mustafa ; Masucci, Barbara ; Barbara Masucci</creatorcontrib><description>A Public Key Infrastructure (PKI) is considered one of the most important techniques used to propagate trust in authentication over the Internet. This technology is based on a trust model defined by the original X.509 (1988) standard and is composed of three entities: the certification authority (CA), the certificate holder (or subject), and the Relying Party (RP). The CA plays the role of a trusted third party between the certificate holder and the RP. In many use cases, this trust model has worked successfully. However, we argue that the application of this model on the Internet implies that web users need to depend on almost anyone in the world in order to use PKI technology. Thus, we believe that the current TLS system is not fit for purpose and must be revisited as a whole. In response, the latest draft edition of X.509 has proposed a new trust model by adding new entity called the Trust Broker (TB). In this paper, we present an implementation approach that a Trust Broker could follow in order to give RPs trust information about a CA by assessing the quality of its issued certificates. This is related to the quality of the CA’s policies and procedures and its commitment to them. Finally, we present our Trust Broker implementation that demonstrates how RPs can make informed decisions about certificate holders in the context of the global web, without requiring large processing resources themselves.</description><identifier>ISSN: 1939-0114</identifier><identifier>EISSN: 1939-0122</identifier><identifier>DOI: 10.1155/2017/6907146</identifier><language>eng</language><publisher>Cairo, Egypt: Hindawi Publishing Corporation</publisher><subject>Authentication ; Computer industry ; Computer Science ; Computers ; Embedded Systems ; Hardware Architecture ; Internet ; Networking and Internet Architecture ; Operating Systems ; Quality assessment ; Social networks ; Software ; Trust ; Trusted third parties ; Trustworthiness ; Web browsers</subject><ispartof>Security and communication networks, 2017-01, Vol.2017 (2017), p.1-23</ispartof><rights>Copyright © 2017 Ahmad Samer Wazan et al.</rights><rights>Copyright © 2017 Ahmad Samer Wazan et al. This is an open access article distributed under the Creative Commons Attribution License (the “License”), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License. https://creativecommons.org/licenses/by/4.0</rights><rights>Distributed under a Creative Commons Attribution 4.0 International License</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c394t-704a8fbf3498a079b8a5fba8d362d09c7da8136a8bb8472e3f48043f20cb3f3f3</citedby><cites>FETCH-LOGICAL-c394t-704a8fbf3498a079b8a5fba8d362d09c7da8136a8bb8472e3f48043f20cb3f3f3</cites><orcidid>0000-0003-1385-4462 ; 0000-0002-0943-6180 ; 0000-0002-1611-2870 ; 0000-0001-8236-8690</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>230,314,780,784,885,27924,27925</link.rule.ids><backlink>$$Uhttps://hal.science/hal-01740029$$DView record in HAL$$Hfree_for_read</backlink></links><search><contributor>Masucci, Barbara</contributor><contributor>Barbara Masucci</contributor><creatorcontrib>Habbal, Adib</creatorcontrib><creatorcontrib>Benzekri, Abdelmalek</creatorcontrib><creatorcontrib>Barrere, Francois</creatorcontrib><creatorcontrib>Chadwick, David W.</creatorcontrib><creatorcontrib>Laborde, Romain</creatorcontrib><creatorcontrib>Wazan, Ahmad Samer</creatorcontrib><creatorcontrib>Kaiiali, Mustafa</creatorcontrib><title>Trust Management for Public Key Infrastructures: Implementing the X.509 Trust Broker</title><title>Security and communication networks</title><description>A Public Key Infrastructure (PKI) is considered one of the most important techniques used to propagate trust in authentication over the Internet. This technology is based on a trust model defined by the original X.509 (1988) standard and is composed of three entities: the certification authority (CA), the certificate holder (or subject), and the Relying Party (RP). The CA plays the role of a trusted third party between the certificate holder and the RP. In many use cases, this trust model has worked successfully. However, we argue that the application of this model on the Internet implies that web users need to depend on almost anyone in the world in order to use PKI technology. Thus, we believe that the current TLS system is not fit for purpose and must be revisited as a whole. In response, the latest draft edition of X.509 has proposed a new trust model by adding new entity called the Trust Broker (TB). In this paper, we present an implementation approach that a Trust Broker could follow in order to give RPs trust information about a CA by assessing the quality of its issued certificates. This is related to the quality of the CA’s policies and procedures and its commitment to them. Finally, we present our Trust Broker implementation that demonstrates how RPs can make informed decisions about certificate holders in the context of the global web, without requiring large processing resources themselves.</description><subject>Authentication</subject><subject>Computer industry</subject><subject>Computer Science</subject><subject>Computers</subject><subject>Embedded Systems</subject><subject>Hardware Architecture</subject><subject>Internet</subject><subject>Networking and Internet Architecture</subject><subject>Operating Systems</subject><subject>Quality assessment</subject><subject>Social networks</subject><subject>Software</subject><subject>Trust</subject><subject>Trusted third parties</subject><subject>Trustworthiness</subject><subject>Web browsers</subject><issn>1939-0114</issn><issn>1939-0122</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2017</creationdate><recordtype>article</recordtype><sourceid>RHX</sourceid><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><sourceid>GNUQQ</sourceid><recordid>eNqF0M1LwzAYBvAgCs7pzbMEPIl2e_PRpvE2h7rhRA8TvIW0S7bOrp1Jq-y_t7NjHiWHhPDj4X0fhM4J9AgJwz4FIvqRBEF4dIA6RDIZAKH0cP8m_BideL8EiAgXvIOmU1f7Cj_rQs_NyhQVtqXDr3WSZyl-Mhs8LqzTvnJ1WtXO-Fs8Xq3zX5kVc1wtDH7vhSBxm3Pnyg_jTtGR1bk3Z7u7i94e7qfDUTB5eRwPB5MgZZJXgQCuY5tYxmWsQcgk1qFNdDxjEZ2BTMVMx4RFOk6SmAtqmOUxcGYppAmzzemiqzZ3oXO1dtlKu40qdaZGg4na_jV9cAAqv0hjL1u7duVnbXyllmXtimY8RXkYCiEBZKNuWpW60ntn7D6WgNp2rLYdq13HDb_eDZAVM_2d_acvWm0aY6z-0xQYNKv-AIIWg1s</recordid><startdate>20170101</startdate><enddate>20170101</enddate><creator>Habbal, Adib</creator><creator>Benzekri, Abdelmalek</creator><creator>Barrere, Francois</creator><creator>Chadwick, David W.</creator><creator>Laborde, Romain</creator><creator>Wazan, Ahmad Samer</creator><creator>Kaiiali, Mustafa</creator><general>Hindawi Publishing Corporation</general><general>Hindawi</general><general>Hindawi Limited</general><scope>ADJCN</scope><scope>AHFXO</scope><scope>RHU</scope><scope>RHW</scope><scope>RHX</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>8FD</scope><scope>8FE</scope><scope>8FG</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>GNUQQ</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K7-</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>P5Z</scope><scope>P62</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>1XC</scope><scope>VOOES</scope><orcidid>https://orcid.org/0000-0003-1385-4462</orcidid><orcidid>https://orcid.org/0000-0002-0943-6180</orcidid><orcidid>https://orcid.org/0000-0002-1611-2870</orcidid><orcidid>https://orcid.org/0000-0001-8236-8690</orcidid></search><sort><creationdate>20170101</creationdate><title>Trust Management for Public Key Infrastructures: Implementing the X.509 Trust Broker</title><author>Habbal, Adib ; Benzekri, Abdelmalek ; Barrere, Francois ; Chadwick, David W. ; Laborde, Romain ; Wazan, Ahmad Samer ; Kaiiali, Mustafa</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c394t-704a8fbf3498a079b8a5fba8d362d09c7da8136a8bb8472e3f48043f20cb3f3f3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2017</creationdate><topic>Authentication</topic><topic>Computer industry</topic><topic>Computer Science</topic><topic>Computers</topic><topic>Embedded Systems</topic><topic>Hardware Architecture</topic><topic>Internet</topic><topic>Networking and Internet Architecture</topic><topic>Operating Systems</topic><topic>Quality assessment</topic><topic>Social networks</topic><topic>Software</topic><topic>Trust</topic><topic>Trusted third parties</topic><topic>Trustworthiness</topic><topic>Web browsers</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Habbal, Adib</creatorcontrib><creatorcontrib>Benzekri, Abdelmalek</creatorcontrib><creatorcontrib>Barrere, Francois</creatorcontrib><creatorcontrib>Chadwick, David W.</creatorcontrib><creatorcontrib>Laborde, Romain</creatorcontrib><creatorcontrib>Wazan, Ahmad Samer</creatorcontrib><creatorcontrib>Kaiiali, Mustafa</creatorcontrib><collection>الدوريات العلمية والإحصائية - e-Marefa Academic and Statistical Periodicals</collection><collection>معرفة - المحتوى العربي الأكاديمي المتكامل - e-Marefa Academic Complete</collection><collection>Hindawi Publishing Complete</collection><collection>Hindawi Publishing Subscription Journals</collection><collection>Hindawi Publishing Open Access Journals</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>Advanced Technologies & Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>ProQuest Central Student</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>Computer Science Database</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>Advanced Technologies & Aerospace Database</collection><collection>ProQuest Advanced Technologies & Aerospace Collection</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Hyper Article en Ligne (HAL)</collection><collection>Hyper Article en Ligne (HAL) (Open Access)</collection><jtitle>Security and communication networks</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Habbal, Adib</au><au>Benzekri, Abdelmalek</au><au>Barrere, Francois</au><au>Chadwick, David W.</au><au>Laborde, Romain</au><au>Wazan, Ahmad Samer</au><au>Kaiiali, Mustafa</au><au>Masucci, Barbara</au><au>Barbara Masucci</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Trust Management for Public Key Infrastructures: Implementing the X.509 Trust Broker</atitle><jtitle>Security and communication networks</jtitle><date>2017-01-01</date><risdate>2017</risdate><volume>2017</volume><issue>2017</issue><spage>1</spage><epage>23</epage><pages>1-23</pages><issn>1939-0114</issn><eissn>1939-0122</eissn><abstract>A Public Key Infrastructure (PKI) is considered one of the most important techniques used to propagate trust in authentication over the Internet. This technology is based on a trust model defined by the original X.509 (1988) standard and is composed of three entities: the certification authority (CA), the certificate holder (or subject), and the Relying Party (RP). The CA plays the role of a trusted third party between the certificate holder and the RP. In many use cases, this trust model has worked successfully. However, we argue that the application of this model on the Internet implies that web users need to depend on almost anyone in the world in order to use PKI technology. Thus, we believe that the current TLS system is not fit for purpose and must be revisited as a whole. In response, the latest draft edition of X.509 has proposed a new trust model by adding new entity called the Trust Broker (TB). In this paper, we present an implementation approach that a Trust Broker could follow in order to give RPs trust information about a CA by assessing the quality of its issued certificates. This is related to the quality of the CA’s policies and procedures and its commitment to them. Finally, we present our Trust Broker implementation that demonstrates how RPs can make informed decisions about certificate holders in the context of the global web, without requiring large processing resources themselves.</abstract><cop>Cairo, Egypt</cop><pub>Hindawi Publishing Corporation</pub><doi>10.1155/2017/6907146</doi><tpages>23</tpages><orcidid>https://orcid.org/0000-0003-1385-4462</orcidid><orcidid>https://orcid.org/0000-0002-0943-6180</orcidid><orcidid>https://orcid.org/0000-0002-1611-2870</orcidid><orcidid>https://orcid.org/0000-0001-8236-8690</orcidid><oa>free_for_read</oa></addata></record>
fulltext	fulltext
identifier	ISSN: 1939-0114
ispartof	Security and communication networks, 2017-01, Vol.2017 (2017), p.1-23
issn	1939-0114 1939-0122
language	eng
recordid	cdi_hal_primary_oai_HAL_hal_01740029v1
source	EZB-FREE-00999 freely available EZB journals; Wiley Online Library (Open Access Collection)
subjects	Authentication Computer industry Computer Science Computers Embedded Systems Hardware Architecture Internet Networking and Internet Architecture Operating Systems Quality assessment Social networks Software Trust Trusted third parties Trustworthiness Web browsers
title	Trust Management for Public Key Infrastructures: Implementing the X.509 Trust Broker
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-02T17%3A00%3A16IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_hal_p&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Trust%20Management%20for%20Public%20Key%20Infrastructures:%20Implementing%20the%20X.509%20Trust%20Broker&rft.jtitle=Security%20and%20communication%20networks&rft.au=Habbal,%20Adib&rft.date=2017-01-01&rft.volume=2017&rft.issue=2017&rft.spage=1&rft.epage=23&rft.pages=1-23&rft.issn=1939-0114&rft.eissn=1939-0122&rft_id=info:doi/10.1155/2017/6907146&rft_dat=%3Cproquest_hal_p%3E2455779009%3C/proquest_hal_p%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2455779009&rft_id=info:pmid/&rfr_iscdi=true