Title: Trust assessment of X.509 certificate based on certificate authority trustworthiness and its certificate policy

Authors: Zakia El Uahhabi; Hanan El Bakkali

Addresses: Information Security Research Team, ENSIAS-Mohammed V University, Rabat, Morocco ' Information Security Research Team, ENSIAS-Mohammed V University, Rabat, Morocco

Abstract: Nowadays, X.509 certificate is largely used to prove its holder identity in open networks. Then, the relying party (RP) needs an automated mechanism for evaluating its trustworthiness in order to decide whether to accept it or not. In this context, we provide him with this mechanism allowing him to decide if he should trust in a received certificate or not. In our previous work, we have proposed an architecture for calculating a certificate trust level. Using a defined algorithm, this level is computed depending on three parameters: the calculated trust level of certificate authority (CA), the certificate policy quality, and the rating of the certificate fields. In this paper, we improve the algorithm used to calculate a CA trust level on the basis of trust level of the CAs that had issued certificates for it and their extension fields. By this way, the calculated trust level reflects a real trustworthiness of certificate because it is computed on the basis of the real factors influencing this trustworthiness. It is then more relevant for a relying party when deciding whether to accept a received certificate or not.

Keywords: certificate authority; reputation score; trust level; X.509 certificate; public key infrastructure; PKI; certificate policy.

DOI: 10.1504/IJITST.2018.092139

International Journal of Internet Technology and Secured Transactions, 2018 Vol.8 No.1, pp.103 - 136

Received: 27 Jun 2017
Accepted: 23 Oct 2017

Published online: 23 May 2018 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article