A Model of Trust Evaluation for A Model of Trust Evaluation for - - PowerPoint PPT Presentation

▶

Feb 10, 2023 380 likes •583 views

A Model of Trust Evaluation for A Model of Trust Evaluation for X.509 Certificate Abu Shohel Ahmed Abu Shohel Ahmed NordSecMob, University of Tartu How to identify an anonymous persons in online or virtual world? or virtual world? Whom to

SLIDE 1

A Model of Trust Evaluation for A Model of Trust Evaluation for X.509 Certificate

Abu Shohel Ahmed Abu Shohel Ahmed NordSecMob, University of Tartu

SLIDE 2

How to identify an anonymous persons in online

r virtual world?
r virtual world?

Whom to Trust

SLIDE 3

Overview

Digital Certificate & Public Key Infrastructure X.509 Certificate Fields Trust in Certificate Authority policy Proposed Trust Evaluation Technique 3

SLIDE 4

Digital Certificate

”A digital certificate is an electronic document

which uses a digital signature to bind together a which uses a digital signature to bind together a public key with an identity” — wiki

Name Issuer Public Key Signature

Signature

SLIDE 5

Public Key Infrastructure

PKI allows us to PKI allows us to know that a given key belongs to a given user.

SLIDE 6

How to Get a Certificate

Create a public/private key pair

Send a Certificate Signing Request.

Send a Certificate Signing Request. Provide your identity Get the signed certificate from CA Publish certificate 6

SLIDE 7

How Validation Works

Certificate validation chain

Checking against OCSP or CRL

Checking against OCSP or CRL 7

SLIDE 8

X.509 Certificate

Certificate format defined by IETF

Some important fields: Some important fields:

Key Usage Certificate Policy Name Constraint

SLIDE 9

Extended Validated Certificate

A special type of X.509 certificate that requires

more extensive investigation of the requesting more extensive investigation of the requesting entity

Based on certifcate

policy mapping field.

SLIDE 10

Certificate Authorities

A set of trusted entities known as Certificate

Authorities (CAs) are established to sign Authorities (CAs) are established to sign certificates.

X.509 certificate delegates trust in certificate to

CA.

SLIDE 11

Where is Trust in Certificate

Certificate is granted based on two documents

Certificate policy

Certification practice statement But who will evaluate these policy and actual CA practice? practice? How to automate trust evaluation process from this document?

SLIDE 12

Trust evaluation in CA policy

Some previous research: Criteriata for certificate trust requirements

Criteriata for certificate trust requirements Certificate practice statement formalization or

semi-formalization.

Platform for Internet Content Selection rating

service

SLIDE 13

What Needs to be Introduced

Introduction of a trust level in certificate Introduction of a trust level in certificate

fields. (currently defined in CP)

Semi-formalization of CPS document

SLIDE 14

Comparison

Solution Advantage Disadvantage CPS semi formalization Processing is performed using local knowledge which means applications can independently evaluate a certificate. Trust evaluation is based

n weak assumptions

(e.g., counting MUST). Requires online request to get CPS file. CPS formalization Provides more accurate information about the CPS file. CPS has no common

standard. Requires an
nline request for CPS

CPS file.

nline request for CPS

file. Ratings service Flexible and easy to find rating for a certificate. Provides a clear direction about a certificate. Trust depends on the in- dependent auditing

authority. Requires an
nline request to get rating

information.

SLIDE 15

Proposed Evaluation Model

Based on all the best known Trust solution for

certificate. certificate.

Rating based system. Stepwise – Modular Incorporate online and offline evaluation 15

SLIDE 16

SLIDE 17

Discussion

Model can be used for trust evaluation in most

f the cases.

Model is extendable with other rating feature. Mapped with VirtualLife indentification strategy. 17

SLIDE 18

Questions

SLIDE 19

References

http://www.ietf.org/rfc/rfc2560.txt. http://www.ietf.org/rfc/rfc3280.txt. http://www.ietf.org/rfc/rfc3280.txt. Borja Sotomayor. Certicates and certicate authorities.

http://gdp.globus.org/gt3-tutorial/multipehtml/ch10s04.html.

Gabriel A, Weaver, Scott Rea, Sean W, and Smith. A

A Model of Trust Evaluation for A Model of Trust Evaluation for X.509 Certificate

Abu Shohel Ahmed Abu Shohel Ahmed NordSecMob, University of Tartu

How to identify an anonymous persons in online

Whom to Trust

Overview

Digital Certificate

which uses a digital signature to bind together a which uses a digital signature to bind together a public key with an identity” — wiki

Public Key Infrastructure

PKI allows us to PKI allows us to know that a given key belongs to a given user.

How to Get a Certificate

Send a Certificate Signing Request.

How Validation Works

Checking against OCSP or CRL

X.509 Certificate

Certificate format defined by IETF

Some important fields: Some important fields:

Extended Validated Certificate

more extensive investigation of the requesting more extensive investigation of the requesting entity

policy mapping field.

Certificate Authorities

Authorities (CAs) are established to sign Authorities (CAs) are established to sign certificates.

CA.

Where is Trust in Certificate

Certificate policy

Certificate policy

Certification practice statement But who will evaluate these policy and actual CA practice? practice? How to automate trust evaluation process from this document?

Trust evaluation in CA policy

Some previous research: Criteriata for certificate trust requirements

semi-formalization.

service

What Needs to be Introduced

Introduction of a trust level in certificate Introduction of a trust level in certificate

Semi-formalization of CPS document

Comparison

Proposed Evaluation Model

certificate. certificate.

Discussion

Model can be used for trust evaluation in most

Questions

References

http://gdp.globus.org/gt3-tutorial/multipehtml/ch10s04.html.

computational framework for certificate policy operations. In Dartmouth College Hanover, NH03755, USA