A Closer Look at Revocation and Key Compromise in Public Key Infrastructures
نویسنده
چکیده
Over time, in order to improve functionality or efficiency, new features have been added to the basic framework of public key infrastructures (PKIs). While these new features are useful, as with any other security critical application, new features can open the door for new types of attacks. In this paper, we will concentrate on those attacks against a PKI which allow an attacker to take advantage of a compromised private key. In particular, we will look at types of attacks that may allow an attacker, who has compromised someone else’s private key, to either circumvent or exploit the mechanisms designed to deal with key compromise. The paper includes descriptions of several such attacks as well as suggestions to either prevent these attacks or to mitigate the damage that they can cause.
منابع مشابه
A quantitative study of Public Key Infrastructures
Public Key Infrastructures have not reached the widespread diffusion they were expected to, although they are well understood from a security point of view, because, like many say, the killer application has not been found yet. The lack of a clear understanding of the performance of these systems also contributes significantly to their limited diffusion. Studies have appeared of specific aspect...
متن کاملPKI and Revocation Survey
This survey covers basic information about public key infrastructures and summarizes the predominant technology and standards. Special attention is given to mechanisms for certificate revocation. Methods for CRL distribution and validity checking are compared. Supported by KDD R&D Laboratories, Inc.
متن کاملEmpirical Analysis of Certificate Revocation Lists
Managing public key certificates revocation has long been a central issue in public key infrastructures. Though various certificate revocation mechanisms have been proposed to address this issue, little effort has been devoted to the empirical analysis of real-world certificate revocation data. In this paper, we conduct such an empirical analysis based on a large amount of data collected from V...
متن کاملMaintaining security and trust in large scale public key infrastructures
In Public Key Infrastructures (PKIs), trusted Certification Authorities (CAs) issue public key certificates which bind public keys to the identities of their owners. This enables the authentication of public keys which is a basic prerequisite for the use of digital signatures and public key encryption. These in turn are enablers for ebusiness, e-government and many other applications, because t...
متن کاملEecient Certiicate Revocation
We apply o -line/on-line signatures to provide an alternative solution to the problem of certi cate revocation. The new systems dismiss with traditional CRLs (Certi cate Revocation Lists) and yield public-key infrastructures that are substantially cheaper to run than traditional ones.
متن کامل