Abstract

The steadily growing number of certification authorities (CAs) assigned to the Web Public Key Infrastructure (Web PKI) and trusted by current browsers imposes severe security issues. Apart from being impossible for relying entities to assess whom they actually trust, the current binary trust model implemented with the Web PKI makes each CA a single point of failure and creates an enormous attack surface. In this article, we present CA-TMS, a user-centric CA trust management system based on trust views. CA-TMS can be used by relying entities to individually reduce the attack surface. CA-TMS works by restricting the trust placed in CAs of the Web PKI to trusting in exactly those CAs actually required by a relying entity. This restriction is based on locally collected information and does not require the alteration of the existing Web PKI. CA-TMS is complemented by an optional reputation system that allows to utilize the knowledge of other entities while maintaining the minimal set of trusted CAs. Our evaluation of CA-TMS with real world data shows that an attack surface reduction by more than 95% is achievable.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.