Challenges of Establishing Trust in Online Entities and Beyond

Workshop on Trustworthy Embedded Devices Pub Date : 2014-11-03 DOI:10.1145/2666141.2668385

T. Kim

{"title":"Challenges of Establishing Trust in Online Entities and Beyond","authors":"T. Kim","doi":"10.1145/2666141.2668385","DOIUrl":null,"url":null,"abstract":"In today's Internet, authenticating online entities is challenging since people lack the real-world cues upon which to base their context-dependent trust decisions. For example, how can a user confirm that a Facebook invitation truly originates from the claimed sender, as anyone can trivially set up a bogus online identity with someone else's photo? Given an SSL certificate warning, how can a user validate it be- fore proceeding, as the certificate could be legitimate (e.g., the certificate is signed by a legitimate authority that the browser does not recognize) or malicious (e.g., it is signed by a compromised CA)? This talk demonstrates that providing useful evidence can empower users to make informed context-dependent trust decisions regarding previously unknown entities in the context of identity and public-key authentication. We first introduce an identity authentication logic called RelationGram that visualizes interpersonal tie strength of virtual entities using both physical and social proximities [2,4]. RelationGram enables casual users to authenticate online identities in a safe and easy manner, and build trust in previously unknown online entities. We then introduce new public-key validation proposals called Accountable Key Infrastructure (AKI) [3] and Attack Resilient Public-Key Infrastructure (ARPKI) [1] that reduce the amount of trust in any single entity to improve the resilience of the current PKI systems. AKI and ARPKI support trust agility such that entities select a security policy for their public-key certificates, and checks and balances such that entities monitor each other for misbehavior and prevent a single point of failure. When users are given pieces of evidence to which they can easily relate, they can make context-dependent authentication decisions online and build trust in online entities. As concluding remarks, we highlight some of the remaining challenges and future research directions to truly empower users to make informed trust decisions.","PeriodicalId":350304,"journal":{"name":"Workshop on Trustworthy Embedded Devices","volume":"31 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Workshop on Trustworthy Embedded Devices","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2666141.2668385","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

In today's Internet, authenticating online entities is challenging since people lack the real-world cues upon which to base their context-dependent trust decisions. For example, how can a user confirm that a Facebook invitation truly originates from the claimed sender, as anyone can trivially set up a bogus online identity with someone else's photo? Given an SSL certificate warning, how can a user validate it be- fore proceeding, as the certificate could be legitimate (e.g., the certificate is signed by a legitimate authority that the browser does not recognize) or malicious (e.g., it is signed by a compromised CA)? This talk demonstrates that providing useful evidence can empower users to make informed context-dependent trust decisions regarding previously unknown entities in the context of identity and public-key authentication. We first introduce an identity authentication logic called RelationGram that visualizes interpersonal tie strength of virtual entities using both physical and social proximities [2,4]. RelationGram enables casual users to authenticate online identities in a safe and easy manner, and build trust in previously unknown online entities. We then introduce new public-key validation proposals called Accountable Key Infrastructure (AKI) [3] and Attack Resilient Public-Key Infrastructure (ARPKI) [1] that reduce the amount of trust in any single entity to improve the resilience of the current PKI systems. AKI and ARPKI support trust agility such that entities select a security policy for their public-key certificates, and checks and balances such that entities monitor each other for misbehavior and prevent a single point of failure. When users are given pieces of evidence to which they can easily relate, they can make context-dependent authentication decisions online and build trust in online entities. As concluding remarks, we highlight some of the remaining challenges and future research directions to truly empower users to make informed trust decisions.

查看原文本刊更多论文

建立在线实体及其他信任的挑战

在今天的互联网中，对在线实体进行身份验证是一项挑战，因为人们缺乏基于上下文的信任决策的真实世界线索。例如，用户如何确认Facebook的邀请确实来自声称的发件人，因为任何人都可以轻易地用别人的照片建立一个虚假的在线身份?给定一个SSL证书警告，用户如何在继续之前验证它，因为证书可能是合法的(例如，证书是由浏览器无法识别的合法机构签署的)或恶意的(例如，它是由受损害的CA签署的)?这次演讲表明，提供有用的证据可以使用户能够在身份和公钥认证的上下文中对先前未知的实体做出知情的依赖于上下文的信任决策。我们首先引入了一种名为RelationGram的身份认证逻辑，该逻辑可以使用物理和社会接近度来可视化虚拟实体的人际联系强度[2,4]。RelationGram使普通用户能够以安全简便的方式验证在线身份，并对以前未知的在线实体建立信任。然后，我们引入了新的公钥验证建议，称为可问责密钥基础设施(AKI)[3]和攻击弹性公钥基础设施(ARPKI)[1]，它们减少了对任何单个实体的信任量，以提高当前PKI系统的弹性。AKI和ARPKI支持信任敏捷性，这样实体就可以为它们的公钥证书选择安全策略，并进行检查和平衡，这样实体就可以相互监视错误行为并防止单点故障。当向用户提供他们可以轻松关联的证据时，他们可以在线做出与上下文相关的身份验证决策，并建立对在线实体的信任。作为结束语，我们强调了一些仍然存在的挑战和未来的研究方向，以真正授权用户做出明智的信任决策。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Workshop on Trustworthy Embedded Devices

自引率

0.00%

发文量