• 1
    Artz D, Gil Y. A survey of trust in computer science and the semantic Web. Web Semantics: Science, Services and Agents on the World Wide Web 2007; 5(2):5871.
  • 2
    Diffie W, Hellman M. New directions in cryptography. IEEE Transactions on Information Theory 1976; 22(6):644654.
  • 3
    Ellison C, Schneier B. Ten risks of PKI: what you're not being told about public key infrastructure. Computer Security Journal 2000; 16:17.
  • 4
    ITU-T, “X.509 : Information technology – Open systems interconnection – The Directory: public-key and attribute certificate frameworks, 2008.
  • 5
    Davis D. Compliance defects in public-key cryptography,” in Proc. 6th Usenix Security Symp, 1996, pp. 171178.
  • 6
    Dhamija R, Tygar JD. The battle against phishing: dynamic security skins. Design 2005; 06:7788.
  • 7
    Zissis D, Lekkas D, Koutsabasis P. Cryptographic dysfunctionality-a survey on user perceptions of digital certificates, in International Conference in Global Security Safety and Sustainability., 2011.
  • 8
    Flechais I, Sasse MA. Stakeholder involvement, motivation, responsibility, communication: how to design usable security in e-Science. International Journal of Human-Computer Studies 2009; 67(4):281296.
  • 9
    Eckersley P. A Syrian man-in-the-middle attack against Facebook, Electronic Frontier Foundation, 2011. [Online]. Available: [Accessed: 14-Sep-2011].
  • 10
    Wood M. Want my autograph?“: the use and abuse of digital signatures by Malware, In Virus Bulletin Conference September 2010, 2010.
  • 11
    Straub T, Usability challenges of PKI, Doctor, vol. 5, no. November, 2006.
  • 12
    Gutmann P. Plug-and-play PKI : a PKI your mother can use, Proceedings of the 12th USENIX Security Symposium, pp. 116, 2003.
  • 13
    Smith SW. Position paper: effective PKI requires effective HCI, in Workshop on HumanComputer Interaction and Security Systems, 2003.
  • 14
    Straub T, Baier H. A framework for evaluating the usability and the utility of PKI-enabled applications. Security 2004; 3093:112125.
  • 15
    Kumaraguru P, Sheng S, Acquisti A, Cranor LF, Hong J. Teaching Johnny not to fall for phish. ACM Transactions on Internet Technology 2010; 10(2):131.
  • 16
    Whitten A, Tygar JD. Why Johnny can't encrypt: a usability evaluation of PGP 5.0, in Proceedings of the 8th USENIX Security Symposium, 1999, pp. 169184.
  • 17
    Whalen T. Gathering evidence : use of visual security cues in Web browsers. Security 2005:137144. Available:
  • 18
    Herzberg A, Jbara A. Security and identification indicators for browsers against spoofing and phishing attacks. ACM Transactions on Internet Technology 2008; 8(4):136.
  • 19
    Wu M, Miller RC, Garfinkel SL. Do security toolbars actually prevent phishing attacks? Proceedings of the SIGCHI conference on Human Factors in computing systems CHI 2006; 06:601610.
  • 20
    Whitten A. Making security usable. Carnegie Mellon University, 2003.
  • 21
    Jackson C, Simon DR, Tan DS, Barth A. An evaluation of extended validation and picture-in-picture phishing attacks. Financial Cryptography and Data Security 2007; 4886:281293.
  • 22
    Eckersley P, Burns J. Is the SSLiverse a safe place?, 2010.
  • 23
    De Paula R, Ding X, Dourish P, et al. In the eye of the beholder: a visualization-based approach to information system security. International Journal of Human-Computer Studies 2005; 63(1–2):524.
  • 24
    NIST. SP 800–27. Engineering principles for information technology security, 2001.
  • 25
    Sophos Corp. Sophos security threat report: 2011, 2011.
  • 26
    Farwell J, Rohozinski R. Stuxnet and the future of cyber war. Survival 2011; 53(1):2340.
  • 27
    Kaspersky Lab. Kaspersky lab provides its insights on Stuxnet worm, 2011.
  • 28
    Symantec Security Responce. W32.duqu The precursor to the next Stuxnet, 2011.
  • 29
    Naraine R. Secure list, Kaspersky, duqu FAQ, 2011.
  • 30
    Microsoft Corporation. Microsoft security advisory (2718704) unauthorized digital certificates could allow spoofing, 2012.
  • 31
    Sotirov A. Analyzing the MD5 collision in flame, in SUMMERCON 2012, 2012.
  • 32
    Constantin L. flame's Windows update hack required world-class cryptanalysis, researchers say, PC World, 2012.
  • 33
    Ducklin P. Microsoft speaks out on flame malware certificate forgery, Naked Security. Sophos Antivirus, 2012.
  • 34
    Wisniewski C. SSL certificate debacle includes CIA, MI6, Mossad and Tor, Sophos Naked Security, 2011. [Online]. Available: [Accessed: 08-Mar-2012].
  • 35
    Tor Project. The DigiNotar Debacle, and what you should do about it, Tor Project, 2011. [Online]. Available: [Accessed: 08-Mar-2012].
  • 36
    Fisher D. DigiNotar says its CA infrastructure was compromised, Threat Post. The Kaspersky Lab Security News Service, 2011. [Online]. Available: [Accessed: 08-Mar-2012].
  • 37
    Mozilla. Fraudulent * certificate, Mozilla Security Blog, 2011. [Online]. Available: [Accessed: 08-Mar-2012].
  • 38
    Adkins H. An update on attempted man-in-the-middle attacks, Google Online Security Blog, 2011. [Online]. Available: [Accessed: 08-Mar-2012].
  • 39
    Pettersen YN. DigiNotar second step: blacklisting the root, The Opera Rootstore The Roots of Internet trust, 2011. [Online]. Available: [Accessed: 08-Mar-2012].
  • 40
    Apple. Certificate trust policy. about security update 2011–005, 2011. [Online]. Available:
  • 41
    Wood M. Fraudulent certificates issued by Comodo, is it time to rethink who we trust?, Sophos Naked Security, 2011. [Online]. Available: [Accessed: 08-Mar-2012].
  • 42
    Eckersley P. How secure is HTTPS today? How often is it attacked?.
  • 43
    Niemelä J. It's signed, therefore it's clean, right?, in CARO 2010, 2010.
  • 44
    Microsoft Corporation. Managing Devices, TechNet, 2005. [Online]. Available: [Accessed: 08-Mar-2012].
  • 45
    Micosoft Corp. Trusted root certification authorities certificate store, Windows Dev Center- Hardware. [Online]. Available: = vs.85).aspx. [Accessed: 28-Dec-2011].
  • 46
    Microsoft Corporation. Code signing best practices, 2007.
  • 47
    Zetter K. flame hijacks Microsoft update to spread malware disguised as legit code, Wired, 2012.
  • 48
    Gostev A, Soumenkov I. Stuxnet/duqu: the evolution of drivers, SecureList, 2011. [Online]. Available:
  • 49
    Mariani B. Become fully aware of the potential dangers of ActiveX attacks.
  • 50
    Oracle. Deploying RSA-signed applets in Java plug-in. Oracle Java SE documentation, 2011.
  • 51
    Lekkas D, Spinellis D. Handling and reporting security advisories: a scorecard approach. IEEE Security and Privacy Magazine 2005; 3(4):3241.
  • 52
    Microsoft Corporation. Microsoft root certificate program, 2009.
  • 53
    Microsoft Corporation. Certificate support and the update root certificates component, 2004.
  • 54
    Locasto ME, Parekh JJ, Keromytis AD, Stolfo SJ. Towards collaborative security and P2P intrusion detection, Information Assurance Workshop, 2005. IAW '05. Proceedings from the Sixth Annual IEEE SMC, pp. 333339, 15-17 June 2005. doi: 10.1109/IAW.2005.1495971
  • 55
    Engage Project /e-Infrastructure. Open data for science and society, 2011.
  • 56
    Chadwick J, Snyder T, Panda H. Programming ASP.NET MVC 4: developing real-world Web applications with ASP.NET MVC. O′Reilly media, 2012, p. 492.
  • 57
    Galloway J, Haack P, Wilson B, Allen KS. Professional ASP.NET MVC 4 (Wrox Professional Guides). John Wiley & Sons: Indianapolis, IN, 2012; 504.
  • 58
    Microsoft MSDN. System.Security Namespace, Microsoft Developer Network, 2013. [Online]. Available:
  • 59
    Microsoft MSDN. System.Security.Cryptography.X509Certificates Namespace, Microsoft Developer Network, 2013. [Online]. Available:
  • 60
    Microsoft MSDN. X509Certificate2 Class, MSDN library, 2013. [Online]. Available: