Quantifying the value of SSL certification with web reputation metrics

Jani Suomalainen

Quantifying the value of SSL certification with web reputation metrics

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

Abstract

Protection in the Internet and World Wide Web is based on the Socket Secure Layer (SSL) protocol and certification authorities, who verify the identities of servers with SSL certificates. Trust in the Web is based on users' perception of sites' trustworthiness and privacy as well as knowledge of servers' monitored behavior. Community-based reputation systems enable users to share their views on servers' trustworthiness. In this paper, we provide a large-scale empirical analysis on the correlation of SSL certification and community-based reputation evaluations. By using publicly available global certificate and reputation databases, we study how availability of SSL support and properties of certificates correlates to users' perception of trust, dependability, and privacy. The paper proposes a metric for revealing the benefits that service providers gain from SSL certification in general, from authority selection, and from extended validation. The proposed reputation metric could provide a mean to quantify the users' valuation of security measures. Hence, it can be utilized when selecting and designing new web security mechanisms

Original language	English
Title of host publication	Proceedings of the Seventh International Conference on Internet Monitoring and Protection
Publisher	International Academy, Research, and Industry Association IARIA
Pages	7-12
ISBN (Print)	978-1-61208-201-1
Publication status	Published - 2012
MoE publication type	A4 Article in a conference publication
Event	The Seventh International Conference on Internet Monitoring and Protection, ICIMP 2012 - Stuttgart, Germany Duration: 27 May 2012 → 1 Jun 2012

Conference

Conference	The Seventh International Conference on Internet Monitoring and Protection, ICIMP 2012
Abbreviated title	ICIMP 2012
Country/Territory	Germany
City	Stuttgart
Period	27/05/12 → 1/06/12

Keywords

Web security
web reputation
web of Trust
SSL
HTTPS
certification
correlation analysis

Access to Document

http://thinkmind.org/index.php?view=article&articleid=icimp_2012_1_20_30027

Cite this

@inproceedings{01bdd4c5ad4f4246b5d8242011541f75,

title = "Quantifying the value of SSL certification with web reputation metrics",

abstract = "Protection in the Internet and World Wide Web is based on the Socket Secure Layer (SSL) protocol and certification authorities, who verify the identities of servers with SSL certificates. Trust in the Web is based on users' perception of sites' trustworthiness and privacy as well as knowledge of servers' monitored behavior. Community-based reputation systems enable users to share their views on servers' trustworthiness. In this paper, we provide a large-scale empirical analysis on the correlation of SSL certification and community-based reputation evaluations. By using publicly available global certificate and reputation databases, we study how availability of SSL support and properties of certificates correlates to users' perception of trust, dependability, and privacy. The paper proposes a metric for revealing the benefits that service providers gain from SSL certification in general, from authority selection, and from extended validation. The proposed reputation metric could provide a mean to quantify the users' valuation of security measures. Hence, it can be utilized when selecting and designing new web security mechanisms",

keywords = "Web security, web reputation, web of Trust, SSL, HTTPS, certification, correlation analysis",

author = "Jani Suomalainen",

note = "Project code: 75161; The Seventh International Conference on Internet Monitoring and Protection, ICIMP 2012, ICIMP 2012 ; Conference date: 27-05-2012 Through 01-06-2012",

year = "2012",

language = "English",

isbn = "978-1-61208-201-1",

pages = "7--12",

booktitle = "Proceedings of the Seventh International Conference on Internet Monitoring and Protection",

publisher = "International Academy, Research, and Industry Association IARIA",

address = "United States",

}

Suomalainen, J 2012, Quantifying the value of SSL certification with web reputation metrics. in Proceedings of the Seventh International Conference on Internet Monitoring and Protection. International Academy, Research, and Industry Association IARIA, pp. 7-12, The Seventh International Conference on Internet Monitoring and Protection, ICIMP 2012, Stuttgart, Germany, 27/05/12. <http://thinkmind.org/index.php?view=article&articleid=icimp_2012_1_20_30027>

Quantifying the value of SSL certification with web reputation metrics. / Suomalainen, Jani.

Proceedings of the Seventh International Conference on Internet Monitoring and Protection. International Academy, Research, and Industry Association IARIA, 2012. p. 7-12.

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

TY - GEN

T1 - Quantifying the value of SSL certification with web reputation metrics

AU - Suomalainen, Jani

N1 - Project code: 75161

PY - 2012

Y1 - 2012

N2 - Protection in the Internet and World Wide Web is based on the Socket Secure Layer (SSL) protocol and certification authorities, who verify the identities of servers with SSL certificates. Trust in the Web is based on users' perception of sites' trustworthiness and privacy as well as knowledge of servers' monitored behavior. Community-based reputation systems enable users to share their views on servers' trustworthiness. In this paper, we provide a large-scale empirical analysis on the correlation of SSL certification and community-based reputation evaluations. By using publicly available global certificate and reputation databases, we study how availability of SSL support and properties of certificates correlates to users' perception of trust, dependability, and privacy. The paper proposes a metric for revealing the benefits that service providers gain from SSL certification in general, from authority selection, and from extended validation. The proposed reputation metric could provide a mean to quantify the users' valuation of security measures. Hence, it can be utilized when selecting and designing new web security mechanisms

AB - Protection in the Internet and World Wide Web is based on the Socket Secure Layer (SSL) protocol and certification authorities, who verify the identities of servers with SSL certificates. Trust in the Web is based on users' perception of sites' trustworthiness and privacy as well as knowledge of servers' monitored behavior. Community-based reputation systems enable users to share their views on servers' trustworthiness. In this paper, we provide a large-scale empirical analysis on the correlation of SSL certification and community-based reputation evaluations. By using publicly available global certificate and reputation databases, we study how availability of SSL support and properties of certificates correlates to users' perception of trust, dependability, and privacy. The paper proposes a metric for revealing the benefits that service providers gain from SSL certification in general, from authority selection, and from extended validation. The proposed reputation metric could provide a mean to quantify the users' valuation of security measures. Hence, it can be utilized when selecting and designing new web security mechanisms

KW - Web security

KW - web reputation

KW - web of Trust

KW - SSL

KW - HTTPS

KW - certification

KW - correlation analysis

M3 - Conference article in proceedings

SN - 978-1-61208-201-1

SP - 7

EP - 12

BT - Proceedings of the Seventh International Conference on Internet Monitoring and Protection

PB - International Academy, Research, and Industry Association IARIA

T2 - The Seventh International Conference on Internet Monitoring and Protection, ICIMP 2012

Y2 - 27 May 2012 through 1 June 2012

ER -

Quantifying the value of SSL certification with web reputation metrics

Abstract

Conference

Keywords

Access to Document

Fingerprint

Cite this