PKI

Public key certificates are technologies of trust. Many aspects of the current X.509 trust system are broken, illustrated not only by the academic computer security literature, but by recent news stories. Alternative trust models (e.g., Perspectives, DANE, pinning) and modifications to the current infrastructure are built upon threat models that address neither human trust behaviors nor emerging trust domains. Specifically, these alternatives are being proposed in the context of a future network that is integrated with an Internet of Things but are not designed for that environment. Such things and the attributes certified should be aligned with reasonable expectations what the person living with the technology.

The goal of the research is to encourage viewing the PKI as an ecosystem of humans, technology, organizations, and physical devices where just a new warning or a new level of indirection is not going to be adequate for devices that act on the physical realm. This is particularly true when the operators are sometimes literally pre-literate, as with the Cloud Pets. We offer a human-centered framework to ground this larger conception of the infrastructure. The end goal for PKI is to align assertions with the trust and risk behaviors of human in aggregate; beginning with the trust behaviors and risk heuristics that have been documented off-line, sometimes for decades. This means not only creating new interactions but also changing the scope and authority of the certificate authorities so that these are not universally trusted, but rather creating smaller personalized zones of trust.


Publications
Conference publications (4)
  1. Skyler Johnson, Katherine Ferro, L Jean Camp, and Hilda Hadan. Human and Organizational Factors in Public Key Certificate Authority Failures. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pages 2414--2416, 2021.
    Keywords: PKI. [bibtex-entry]

  2. Hilda Hadan, Nicolas Serrano, Sanchari Das, and L. Jean Camp. Making IoT Worthy of Human Trust. In Social Science Research Network, 07 2019.
    Keywords: PKI. [bibtex-entry]

  3. Nicolas Serrano, Hilda Hadan, and L. Jean Camp. A Complete Study of P.K.I. (PKI’s Known Incidents). In The 47th Research Conference on Communications, Information, and Internet Policy, 2019. TPRC.
    Keywords: PKI. [bibtex-entry]

  4. L. Jean Camp, Helen Nissenbaum, and Cathleen McGrath. Trust: A collision of paradigms. In International Conference on Financial Cryptography, pages 91--105, October 2001. Springer Berlin Heidelberg.
    Keywords: Design for Trust, Human-Centered Security, PKI. [bibtex-entry]