Security vulnerabilities in the trust-list PKI

被引:0
|
作者
Xenitellis, S [1 ]
Jarupunphol, P [1 ]
机构
[1] Univ London Royal Holloway & Bedford New Coll, Informat Secur Grp, Surrey, England
来源
SAM'03: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SECURITY AND MANAGEMENT, VOLS 1 AND 2 | 2003年
关键词
trust-list PKI; SSLITLS; self-signed certificate; certificate use accounting;
D O I
暂无
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
The trust-list public key infrastructure (TLPKI) and the current implementation by the clients (such as Web browsers), the servers (such as Web servers) and the Root Certification Authorities, is one of the most widely deployed type of PKI. Each client is distributed with a preconfigured set of self-signed root certificates (SSRCs) that enable the end-user to use secure services such as secure network connections, secure e-mail and execution of signed software. However, at present, the policies and procedures for the inclusion of SSRCs can be a source of security vulnerabilities. This paper identifies and analyses these security vulnerabilities and in order to tackle them, the Certificate Use Accounting mechanism is proposed.
引用
收藏
页码:72 / 77
页数:6
相关论文
共 50 条
  • [21] A closer look at PKI: Security and efficiency
    Boldyreva, Alexandra
    Fischlin, Marc
    Palacio, Adriana
    Warinschi, Bogdan
    PUBLIC KEY CRYPTOGRAPHY - PKC 2007, 2007, 4450 : 458 - +
  • [22] Wireless PKI Security and Mobile Voting
    Tepandi, Jaak
    Vassiljev, Stanislav
    Tsahhirov, Ilja
    COMPUTER, 2010, 43 (06) : 54 - 60
  • [23] Research on several security problems in PKI
    Wang, Lidong
    Yu, Xiangzhan
    Fang, Binxing
    Jisuanji Gongcheng/Computer Engineering, 2000, 26 (01): : 14 - 16
  • [24] Identifying Vulnerabilities in Trust and Reputation Systems
    Gunes, Taha D.
    Long Tran-Thanh
    Norman, Timothy J.
    PROCEEDINGS OF THE TWENTY-EIGHTH INTERNATIONAL JOINT CONFERENCE ON ARTIFICIAL INTELLIGENCE, 2019, : 308 - 314
  • [25] Security vulnerabilities in DNS and DNSSEC
    Ariyapperuma, Suranjith
    Mitchell, Chris J.
    ARES 2007: SECOND INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY, PROCEEDINGS, 2007, : 335 - +
  • [26] Exploring The Security Vulnerabilities of LoRa
    Aras, Emekcan
    Ramachandran, Gowri Sankar
    Lawrence, Piers
    Hughes, Danny
    2017 3RD IEEE INTERNATIONAL CONFERENCE ON CYBERNETICS (CYBCONF), 2017, : 361 - 366
  • [27] Analysis of Security Vulnerabilities and Countermeasures
    Son, Hyun-Min
    Joo, Nak-Keun
    Choi, Hyun-Taek
    Lee, Hyun-Cheol
    INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND NETWORK SECURITY, 2019, 19 (02): : 200 - 206
  • [28] Measuring Similarity for Security Vulnerabilities
    Wang, Ju An
    Zhou, Linfeng
    Guo, Minzhe
    Wang, Hao
    Camargo, Jairo
    43RD HAWAII INTERNATIONAL CONFERENCE ON SYSTEMS SCIENCES VOLS 1-5 (HICSS 2010), 2010, : 962 - 971
  • [29] Labeling Software Security Vulnerabilities
    Bojanova, Irena
    Guerrerio, John J.
    IT PROFESSIONAL, 2023, 25 (05) : 64 - 70
  • [30] A Taxonomy of Web Security Vulnerabilities
    Al-Kahla, Wafaa
    Shatnawi, Ahmed S.
    Taqieddin, Eyad
    2021 12TH INTERNATIONAL CONFERENCE ON INFORMATION AND COMMUNICATION SYSTEMS (ICICS), 2021, : 424 - 429
12345