RiskLaine: A Probabilistic Approach for Assessing Risk in Certificate-Based Security
| Autor: | M. Francisca Hinarejos, Andrés Marín López, Florina Almenarez, Patricia Arias Cabarcos, Josep Lluís Ferrer-Gomila |
|---|---|
| Rok vydání: | 2018 |
| Předmět: |
021110 strategic
defence & security studies Public key certificate Computer Networks and Communications Computer science business.industry Process (engineering) 0211 other engineering and technologies Probabilistic logic 020206 networking & telecommunications Public key infrastructure 02 engineering and technology Certificate Risk analysis (engineering) 0202 electrical engineering electronic engineering information engineering Trust management (information system) Safety Risk Reliability and Quality business Risk assessment Risk management |
| Zdroj: | IEEE Transactions on Information Forensics and Security. 13:1975-1988 |
| ISSN: | 1556-6021 1556-6013 |
| DOI: | 10.1109/tifs.2018.2807788 |
| Popis: | Digital certificates, based on X.509 PKI standard, are located at the core of many security mechanisms implemented in services and applications. However, the usage of certificates has revealed flaws in the certificate validation process (e.g., possibility of unavailable or non-updated data). This fact implies security risks that are not assessed. In order to address these issues that such flaws entail, we propose a novel probabilistic approach for quantitative risk assessment in X.509 PKI, together with trust management when there is uncertainty. We have evaluated our risk assessment approach and demonstrated its usage, considering as a use case the secure installation of mobile applications. The results show that our approach provides more granularity, appropriate values according to the impact, and relevant information in the risk calculation than other approaches. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|