Security vulnerabilities in the trust-list PKI

被引:0
|
作者
Xenitellis, S [1 ]
Jarupunphol, P [1 ]
机构
[1] Univ London Royal Holloway & Bedford New Coll, Informat Secur Grp, Surrey, England
来源
SAM'03: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SECURITY AND MANAGEMENT, VOLS 1 AND 2 | 2003年
关键词
trust-list PKI; SSLITLS; self-signed certificate; certificate use accounting;
D O I
暂无
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
The trust-list public key infrastructure (TLPKI) and the current implementation by the clients (such as Web browsers), the servers (such as Web servers) and the Root Certification Authorities, is one of the most widely deployed type of PKI. Each client is distributed with a preconfigured set of self-signed root certificates (SSRCs) that enable the end-user to use secure services such as secure network connections, secure e-mail and execution of signed software. However, at present, the policies and procedures for the inclusion of SSRCs can be a source of security vulnerabilities. This paper identifies and analyses these security vulnerabilities and in order to tackle them, the Certificate Use Accounting mechanism is proposed.
引用
收藏
页码:72 / 77
页数:6
相关论文
共 50 条
  • [1] Vulnerabilities of PKI based smartcards
    Dasgupta, Partha
    Chatha, Karnivir
    Gupta, Sandeep K. S.
    2007 IEEE MILITARY COMMUNICATIONS CONFERENCE, VOLS 1-8, 2007, : 1828 - 1832
  • [2] An overview of PKI trust models
    Perlman, R
    IEEE NETWORK, 1999, 13 (06): : 38 - 43
  • [3] PKI: A question of trust and value
    Forno, R
    Feinbloom, W
    COMMUNICATIONS OF THE ACM, 2001, 44 (06) : 120 - 120
  • [4] Research on Model of Trust Degrees for PKI
    Zhang, Mingde
    Zheng, Xuefeng
    Yang, Wensheng
    Lv, Shuwang
    Zhang, Qingguo
    FIFTH INTERNATIONAL CONFERENCE ON INFORMATION ASSURANCE AND SECURITY, VOL 2, PROCEEDINGS, 2009, : 647 - +
  • [5] CA trust management for the Web PKI
    Braun, Johannes
    Volk, Florian
    Classen, Jiska
    Johannes, Buchmann
    Muehlhaeuser, Max
    JOURNAL OF COMPUTER SECURITY, 2014, 22 (06) : 913 - 959
  • [6] A new trust model for PKI interoperability
    Guo, Z
    Okuyama, T
    Finley, MR
    2005 JOINT INTERNATIONAL CONFERENCE ON AUTONOMIC AND AUTONOMOUS SYSTEMS AND INTERNATIONAL CONFERENCE ON NETWORKING AND SERVICES (ICAS/ICNS), 2005, : 230 - 234
  • [7] SECURITY SYSTEM VULNERABILITIES
    Constantinescu, Nicolae
    PROCEEDINGS OF THE ROMANIAN ACADEMY SERIES A-MATHEMATICS PHYSICS TECHNICAL SCIENCES INFORMATION SCIENCE, 2012, 13 (02): : 175 - 179
  • [8] Android Vulnerabilities and Security
    Yadav, Saurav
    Apurva, Aviral
    Ranakoti, Pranshu
    Tomer, Shashank
    Roy, Nihar Ranjan
    2017 INTERNATIONAL CONFERENCE ON COMPUTING AND COMMUNICATION TECHNOLOGIES FOR SMART NATION (IC3TSN), 2017, : 204 - 208
  • [9] Moodle Security Vulnerabilities
    Galan Hernandez, Juan Carlos
    Leon Chavez, Miguel Angel
    2008 5TH INTERNATIONAL CONFERENCE ON ELECTRICAL ENGINEERING, COMPUTING SCIENCE AND AUTOMATIC CONTROL (CCE 2008), 2008, : 199 - 204
  • [10] Security Vulnerabilities in LoRaWAN
    Yang, Xueying
    Karampatzakis, Evgenios
    Doerr, Christian
    Kuipers, Fernando
    2018 IEEE/ACM THIRD INTERNATIONAL CONFERENCE ON INTERNET-OF-THINGS DESIGN AND IMPLEMENTATION (IOTDI 2020), 2018, : 129 - 140
12345