Quantifying the value of SSL certification with web reputation metrics

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

Abstract

Protection in the Internet and World Wide Web is based on the Socket Secure Layer (SSL) protocol and certification authorities, who verify the identities of servers with SSL certificates. Trust in the Web is based on users' perception of sites' trustworthiness and privacy as well as knowledge of servers' monitored behavior. Community-based reputation systems enable users to share their views on servers' trustworthiness. In this paper, we provide a large-scale empirical analysis on the correlation of SSL certification and community-based reputation evaluations. By using publicly available global certificate and reputation databases, we study how availability of SSL support and properties of certificates correlates to users' perception of trust, dependability, and privacy. The paper proposes a metric for revealing the benefits that service providers gain from SSL certification in general, from authority selection, and from extended validation. The proposed reputation metric could provide a mean to quantify the users' valuation of security measures. Hence, it can be utilized when selecting and designing new web security mechanisms
Original languageEnglish
Title of host publicationProceedings of the Seventh International Conference on Internet Monitoring and Protection
PublisherInternational Academy, Research, and Industry Association IARIA
Pages7-12
ISBN (Print)978-1-61208-201-1
Publication statusPublished - 2012
MoE publication typeA4 Article in a conference publication
EventThe Seventh International Conference on Internet Monitoring and Protection, ICIMP 2012 - Stuttgart, Germany
Duration: 27 May 20121 Jun 2012

Conference

ConferenceThe Seventh International Conference on Internet Monitoring and Protection, ICIMP 2012
Abbreviated titleICIMP 2012
CountryGermany
CityStuttgart
Period27/05/121/06/12

Fingerprint

World Wide Web
Servers
Computer systems
Availability
Internet
Network protocols

Keywords

  • Web security
  • web reputation
  • web of Trust
  • SSL
  • HTTPS
  • certification
  • correlation analysis

Cite this

Suomalainen, J. (2012). Quantifying the value of SSL certification with web reputation metrics. In Proceedings of the Seventh International Conference on Internet Monitoring and Protection (pp. 7-12). International Academy, Research, and Industry Association IARIA.
Suomalainen, Jani. / Quantifying the value of SSL certification with web reputation metrics. Proceedings of the Seventh International Conference on Internet Monitoring and Protection. International Academy, Research, and Industry Association IARIA, 2012. pp. 7-12
@inproceedings{01bdd4c5ad4f4246b5d8242011541f75,
title = "Quantifying the value of SSL certification with web reputation metrics",
abstract = "Protection in the Internet and World Wide Web is based on the Socket Secure Layer (SSL) protocol and certification authorities, who verify the identities of servers with SSL certificates. Trust in the Web is based on users' perception of sites' trustworthiness and privacy as well as knowledge of servers' monitored behavior. Community-based reputation systems enable users to share their views on servers' trustworthiness. In this paper, we provide a large-scale empirical analysis on the correlation of SSL certification and community-based reputation evaluations. By using publicly available global certificate and reputation databases, we study how availability of SSL support and properties of certificates correlates to users' perception of trust, dependability, and privacy. The paper proposes a metric for revealing the benefits that service providers gain from SSL certification in general, from authority selection, and from extended validation. The proposed reputation metric could provide a mean to quantify the users' valuation of security measures. Hence, it can be utilized when selecting and designing new web security mechanisms",
keywords = "Web security, web reputation, web of Trust, SSL, HTTPS, certification, correlation analysis",
author = "Jani Suomalainen",
note = "Project code: 75161",
year = "2012",
language = "English",
isbn = "978-1-61208-201-1",
pages = "7--12",
booktitle = "Proceedings of the Seventh International Conference on Internet Monitoring and Protection",
publisher = "International Academy, Research, and Industry Association IARIA",
address = "United States",

}

Suomalainen, J 2012, Quantifying the value of SSL certification with web reputation metrics. in Proceedings of the Seventh International Conference on Internet Monitoring and Protection. International Academy, Research, and Industry Association IARIA, pp. 7-12, The Seventh International Conference on Internet Monitoring and Protection, ICIMP 2012, Stuttgart, Germany, 27/05/12.

Quantifying the value of SSL certification with web reputation metrics. / Suomalainen, Jani.

Proceedings of the Seventh International Conference on Internet Monitoring and Protection. International Academy, Research, and Industry Association IARIA, 2012. p. 7-12.

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

TY - GEN

T1 - Quantifying the value of SSL certification with web reputation metrics

AU - Suomalainen, Jani

N1 - Project code: 75161

PY - 2012

Y1 - 2012

N2 - Protection in the Internet and World Wide Web is based on the Socket Secure Layer (SSL) protocol and certification authorities, who verify the identities of servers with SSL certificates. Trust in the Web is based on users' perception of sites' trustworthiness and privacy as well as knowledge of servers' monitored behavior. Community-based reputation systems enable users to share their views on servers' trustworthiness. In this paper, we provide a large-scale empirical analysis on the correlation of SSL certification and community-based reputation evaluations. By using publicly available global certificate and reputation databases, we study how availability of SSL support and properties of certificates correlates to users' perception of trust, dependability, and privacy. The paper proposes a metric for revealing the benefits that service providers gain from SSL certification in general, from authority selection, and from extended validation. The proposed reputation metric could provide a mean to quantify the users' valuation of security measures. Hence, it can be utilized when selecting and designing new web security mechanisms

AB - Protection in the Internet and World Wide Web is based on the Socket Secure Layer (SSL) protocol and certification authorities, who verify the identities of servers with SSL certificates. Trust in the Web is based on users' perception of sites' trustworthiness and privacy as well as knowledge of servers' monitored behavior. Community-based reputation systems enable users to share their views on servers' trustworthiness. In this paper, we provide a large-scale empirical analysis on the correlation of SSL certification and community-based reputation evaluations. By using publicly available global certificate and reputation databases, we study how availability of SSL support and properties of certificates correlates to users' perception of trust, dependability, and privacy. The paper proposes a metric for revealing the benefits that service providers gain from SSL certification in general, from authority selection, and from extended validation. The proposed reputation metric could provide a mean to quantify the users' valuation of security measures. Hence, it can be utilized when selecting and designing new web security mechanisms

KW - Web security

KW - web reputation

KW - web of Trust

KW - SSL

KW - HTTPS

KW - certification

KW - correlation analysis

M3 - Conference article in proceedings

SN - 978-1-61208-201-1

SP - 7

EP - 12

BT - Proceedings of the Seventh International Conference on Internet Monitoring and Protection

PB - International Academy, Research, and Industry Association IARIA

ER -

Suomalainen J. Quantifying the value of SSL certification with web reputation metrics. In Proceedings of the Seventh International Conference on Internet Monitoring and Protection. International Academy, Research, and Industry Association IARIA. 2012. p. 7-12