Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

An anatomy of trust in public key infrastructure

An anatomy of trust in public key infrastructure Public key infrastructure (PKI) is a critical component of information infrastructure, which has strong impacts through cybersecurity to the whole system of interconnected independent critical infrastructures, particularly in the context of fast growth of Internet of Things, where traditional critical infrastructure systems are transforming into smart cyber-physical systems. PKI is a mechanism of trust to support identity authentication, digital certification, secure communication, and privilege authorization. This paper investigates the trust mechanism used in PKIs, and we found that the major PKI specification documents do not precisely define what trust exactly means in PKIs, and there are implicit trust assumptions in the real practice of PKIs. Some assumptions may not be always true. Those implicit trust assumptions may cause different parties particularly relying parties to have different understanding about the meaning of certificates and trust; thus possibly causing misuse of trust. This paper attempts to have an in-depth analysis to PKI trust mechanism. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png International Journal of Critical Infrastructures Inderscience Publishers

An anatomy of trust in public key infrastructure

Loading next page...
 
/lp/inderscience-publishers/an-anatomy-of-trust-in-public-key-infrastructure-IgjfPhOxmF
Publisher
Inderscience Publishers
Copyright
Copyright © Inderscience Enterprises Ltd
ISSN
1475-3219
eISSN
1741-8038
DOI
10.1504/IJCIS.2017.088234
Publisher site
See Article on Publisher Site

Abstract

Public key infrastructure (PKI) is a critical component of information infrastructure, which has strong impacts through cybersecurity to the whole system of interconnected independent critical infrastructures, particularly in the context of fast growth of Internet of Things, where traditional critical infrastructure systems are transforming into smart cyber-physical systems. PKI is a mechanism of trust to support identity authentication, digital certification, secure communication, and privilege authorization. This paper investigates the trust mechanism used in PKIs, and we found that the major PKI specification documents do not precisely define what trust exactly means in PKIs, and there are implicit trust assumptions in the real practice of PKIs. Some assumptions may not be always true. Those implicit trust assumptions may cause different parties particularly relying parties to have different understanding about the meaning of certificates and trust; thus possibly causing misuse of trust. This paper attempts to have an in-depth analysis to PKI trust mechanism.

Journal

International Journal of Critical InfrastructuresInderscience Publishers

Published: Jan 1, 2017

There are no references for this article.