Home // ICIMP 2012, The Seventh International Conference on Internet Monitoring and Protection // View article

Quantifying the Value of SSL Certification with Web Reputation Metrics

Authors:
Jani Suomalainen

Keywords: Web security; Web reputation; Web of Trust; SSL; HTTPS; certification; correlation analysis

Abstract:
Protection in the Internet and World Wide Web is based on the Socket Secure Layer (SSL) protocol and certification authorities, who verify the identities of servers with SSL certificates. Trust in the Web is based on users’ perception of sites’ trustworthiness and privacy as well as knowledge of servers’ monitored behavior. Community-based reputation systems enable users to share their views on servers’ trustworthiness. In this paper, we provide a large-scale empirical analysis on the correlation of SSL certification and community-based reputation evaluations. By using publicly available global certificate and reputation databases, we study how availability of SSL support and properties of certificates correlates to users’ perception of trust, dependability, and privacy. The paper proposes a metric for revealing the benefits that service providers gain from SSL certification in general, from authority selection, and from extended validation. The proposed reputation metric could provide a mean to quantify the users’ valuation of security measures. Hence, it can be utilized when selecting and designing new web security mechanisms.

Pages: 7 to 12

Copyright: Copyright (c) IARIA, 2012

Publication date: May 27, 2012

Published in: conference

ISSN: 2308-3980

ISBN: 978-1-61208-201-1

Location: Stuttgart, Germany

Dates: from May 27, 2012 to June 1, 2012