Title :
A study of the threat of forgery of certificates issued online
Author :
Sung Wook Lee ; Jae Ik Lee ; Dong-Guk Han
Author_Institution :
Financial Security Agency, Seoul, South Korea
Abstract :
Many online certificate-issuing services are being made available, and the use of those services has increased due to their convenience and diversification. However, development of new hacking techniques has introduced new threats to online certificate issuing services. In this study, we show that the data transmitted from an online certificate issuing server to output devices (such as a PC or printer) can be accessed by a hacker and modified into a false certificate and that the falsified document or certificates can be printed. In addition, we show that hackers can bypass forgery prevention software. Our findings show that the data located in the memory of an Internet browser that conducts the issuing of certificates can be accessed and manipulated, and that the forged certificate can be printed. We also determined that a forged certificate can be printed using the data located in the spool file.
Keywords :
information services; security of data; Internet browser; certificate issuing services; certificates forgery threat; forgery prevention software; hacking techniques; online certificate-issuing services; spool file; Cryptography; Printers; Printing; Memory hacking; certificates issued online; forgery of online certificates;
Conference_Titel :
Security Technology (ICCST), 2013 47th International Carnahan Conference on
Conference_Location :
Medellin
DOI :
10.1109/CCST.2013.6922060
