Title: An anatomy of trust in public key infrastructure

Authors: Jingwei Huang; David M. Nicol

Addresses: Department of Engineering Management and Systems Engineering, Old Dominion University, Norfolk, VA, USA ' Information Trust Institute, University of Illinois at Urbana-Champaign, Urbana, IL, USA

Abstract: Public key infrastructure (PKI) is a critical component of information infrastructure, which has strong impacts through cybersecurity to the whole system of interconnected independent critical infrastructures, particularly in the context of fast growth of Internet of Things, where traditional critical infrastructure systems are transforming into smart cyber-physical systems. PKI is a mechanism of trust to support identity authentication, digital certification, secure communication, and privilege authorization. This paper investigates the trust mechanism used in PKIs, and we found that the major PKI specification documents do not precisely define what trust exactly means in PKIs, and there are implicit trust assumptions in the real practice of PKIs. Some assumptions may not be always true. Those implicit trust assumptions may cause different parties particularly relying parties to have different understanding about the meaning of certificates and trust; thus possibly causing misuse of trust. This paper attempts to have an in-depth analysis to PKI trust mechanism.

Keywords: critical infrastructures; information infrastructure; cybersecurity; identity authentication; digital certification; public key infrastructure; PKI; risks in PKI; trust; PKI trust; meaning of trust; trust modelling; certificate policy.

DOI: 10.1504/IJCIS.2017.088234

International Journal of Critical Infrastructures, 2017 Vol.13 No.2/3, pp.238 - 258

Received: 07 Jan 2017
Accepted: 07 May 2017
Published online: 30 Nov 2017 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article