TLS Connection Validation by Web Browsers: Why do Web Browsers still not agree?

The TLS protocol is the primary technology used for securing web transactions. It is based on X.509 certificates that are used for binding the identity of web servers’ owners to their public keys. Web browsers perform the validation of X.509 certificates on behalf of web users. Our previous research in 2009 showed that the validation process of web browsers is inconsistent and flawed. We showed how this situation might have a negative impact on web users. From 2009 until now, many new X.509 related standards have been created or updated. In this paper, we performed an increased set of experiments over our 2009 study in order to highlight the improvements and/or regressions in web browsers’ behaviours

Políticas e declaração de práticas de certificação digital para UFSC

Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico. Programa de Pós-Graduação em Ciência da Computação

PKI Seeks a Trusting Relationship

. All human co-operation is based on trust, meaning that we choose co-operation partners and make commitment decisions based on how much we trust the other party. Digital certificates and public-key infrastructures represent an attempt to mimic real-world human assessment of identity and trustworthiness in an automated and mechanical fashion, but present implementations are based on a very limited trust model making them inadequate as a general tool for trust assessment and decision making. This paper describes public-key infrastructures in general and discusses issues related to trust management of public-key infrastructures. 1 Introduction Public-key cryptography solves security problems in open networks but creates key management complexity. Digital messages can for example be signed by a private key allowing anyone with access to the corresponding public key to verify that the message is authentic, but this principle depends on the authenticity of public keys and the probl..

Evaluation criteria for trust models with specific reference to prejudice filters

The rapid growth of the Internet has resulted in the desperate need for alternative ways to keep electronic transactions secure while at the same time allowing entities that do not know each other to interact. This has, in turn, led to a wide area of interest in the issues of trust and trust modeling to be used by machines. A large amount of work has already been undertaken in this area in an attempt to transfer the trust and interaction decision making processes onto the machine. However this work has taken a number of different approaches with little to no correlation between various models and no standard set of criteria was even proposed that can be used to evaluate the value of such models. The proposed research chooses to use a detailed literature survey to investigate the current models in existence. This investigation focuses on identifying criteria that are required by trust models. These criteria are grouped into four categories that represent four important concepts to be implemented in some manner by trust models: trust representation, initial trust, trust update and trust evaluation. The process of identifying these criteria has led to a second problem. The trust evaluation process is a detailed undertaking requiring a high processing overhead. This process can either result in a value that allows an agent to trust another to a certain extent or in a distrust value that results in termination of the interaction. The evaluation process required to obtain the distrust value is just as process intensive as the one resulting in determining a level of trust and the constraints that will be placed on an interaction. This raises the question: How do we simplify the trust evaluation process for agents that have a high probability of resulting in a distrust value? This research solves this problem by adding a fifth category to the criteria already identified; namely: prejudice filters. These filters have been identified by the literature study and are tested by means of a prototype implementation that uses a specific scenario in order to test two simulation case studies.Dissertation (MSc)--University of Pretoria, 2008.Computer Scienceunrestricte