DocumentCode
2197304
Title
Evaluating certification authority security
Author
Kent, Stephen
Author_Institution
BBN Technol., Cambridge, MA, USA
Volume
4
fYear
1998
fDate
21-28 Mar 1998
Firstpage
319
Abstract
A growing number of applications in the Internet are making use of X.509 public key certificates. Examples include security protocols such as SSL (used in web browsers), IPsec (used in firewalls and desktop computers), S/MIME (a secure e-mail protocol), and SET (the electronic commerce credit card transaction protocol). The public key certificates employed by the applications are created by Certification Authorities (CAs), that vouch for the binding of various attributes (e.g., identity) to a public key. Thus security of these applications is dependent on the security of the CA function. This paper examines security for CAs. It begins with a characterization of security requirements for CAs and continues with an exploration of the wide range of attacks that can be mounted against CAs. Included are attacks against network communications, against the operating systems used by CAs, “close-in” technical attacks against CA components (including cryptographic modules), and even misbehavior by human operators. The paper concludes with an examination of three approaches to implementing CA cryptographic support functions, analyzing each relative to the attack scenarios developed earlier in the paper
Keywords
Internet; access protocols; electronic commerce; electronic mail; security of data; Certification Authorities; IPsec; Internet; S/MIME; SET; SSL; X.509 public key certificates; certification authority security; cryptographic modules; cryptographic support functions; electronic commerce credit card transaction protocol; firewalls; human operators; network communications; operating systems; secure e-mail protocol; security protocols; web browsers; Application software; Certification; Communication system security; Computer security; Content addressable storage; Electronic mail; Internet; Protocols; Public key; Public key cryptography;
fLanguage
English
Publisher
ieee
Conference_Titel
Aerospace Conference, 1998 IEEE
Conference_Location
Snowmass at Aspen, CO
ISSN
1095-323X
Print_ISBN
0-7803-4311-5
Type
conf
DOI
10.1109/AERO.1998.682202
Filename
682202
Link To Document