PKI as Part of an Integrated Risk Management Strategy for Web Security

• Published in: Public Key Infrastructures, Services and Applications pp. 128 - 146
• Main Author: Gutmann, Peter
• Format: Book Chapter
• Language: English
• Published: Berlin, Heidelberg Springer Berlin Heidelberg
• Series: Lecture Notes in Computer Science
• Subjects: crime prevention through environmental design; PKI; risk management
• ISBN: 3642298036; 9783642298035
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-642-29804-2_9

In the real world, risk is never binary but always comes in shades of grey. When security systems treat risk as a purely boolean process, they’re prone to failure because the quantisation that’s required in order to produce a boolean result has to over- or under-estimate the actual risk. What’s worse, if an all-or-nothing system like this fails, it fails completely, with no fallback position available to catch errors. Drawing on four decades of experience with security design for the built environment (buildings and houses) known as crime prevention through environmental design (CPTED), this paper looks at how CPTED is applied in practice and, using browser PKI as the best-known example of large-scale certificate use, examines certificates as part of a CPTED-style risk-mitigation system that isn’t prone to all-or-nothing failures and that neatly integrates concepts like EV vs. DV vs. OV and OCSP vs. non-checked certificates into the risk-assessment process, as well as dealing with the too-big-to-fail problem of trusted browser CAs.