The Efficient Use of a List of Trusted Certificate Authorities

  • Essam Alnatsheh AMA International University, College of Engineering, Department of Informatics Engineering, Bahrain
Keywords: Man-in-the-middle attack, Certificate Authorities, Notary Servers, SSL protocol, PKI


Nowadays, many Certificate Authorities (CAs) that issue certificates may or may not be trusted because not all CAs are reliable and trustworthy. University laboratories and computers of its people (students, lecturer and staff) are thus susceptible to the risk resulting from this mistrust. This study proposes a university owned notary server, which will be managed by the university, to solve the problem using a Certificate Trust List (CTL). Simply put, when students and others use the Web, the notary server checks the certificate to see whether a conflict exists and verifies the signatures and key references in the certificate. If all the information is correct, the notary server sends a response of approval to the client to accept the certificate. Our system enhanced the security in a university by trusting only genuine CAs. Our proposed server is better than regular notary servers because it uses existing infrastructure and online connections, and it does not introduce any overheads or special configurations to the client’s Web browser. Compared with a well known notary server runs over the existing infrastructure, our proposed notary server is 10.8 seconds faster in terms of dealing with untrusted CA and 2.3 seconds faster in terms of dealing with mismatched address of the Web sites.