Attacks on Authentication Protocols with Compromised Certificates and How to Fix them (特集情報セキュリティの理論と応用)

概要

論文の詳細を見る
The security of authentication protocols based on public key cryptography depends on the validity and freshness of the certificate. It is usually assumed that a well deployed Public Key Infrastructure (PKI) can guarantee the validity and freshness of certificates through mechanisms such as Certificate Revocation List (CRL) or Online Certificate Status Protocol. In reality, such a guarantee is not always assured. This paper analyzes the security of public key authentication protocols in various situations with compromised certificates. A particular type of attack, namely the "ex-employee attack, " against the "named-server, anonymousclient" mode of the SSL/TLS handshake protocol is described, as well as a modified version of the SSL/TLS handshake protocol that can prevent the "ex-employee attack." Methods for analyzing these protocols are also presented.
一般社団法人情報処理学会の論文
2000-08-15