The Potential of an Individualized Set of Trusted CAs: Defending against CA Failures in the Web PKI

机译：个性化的一组受信任CA的潜力：防御Web PKI中的CA故障

获取原文

获取原文并翻译 | 示例

页面导航

摘要
著录项
相似文献
相关主题

摘要

Abstract-The security of most Internet applications relies on underlying public key infrastructures (PKIs) and thus on an ecosystem of certification authorities (CAs). The pool of PKIs responsible for the issuance and the maintenance of SSL certificates, called the Web PKI, has grown extremely large and complex. Herein, each CA is a single point of failure, leading to an attack surface, the size of which is hardly assessable. This paper approaches the issue if and how the attack surface can be reduced in order to minimize the risk of relying on a malicious certificate. In particular, we consider the individualization of the set of trusted CAs. We present a tool called Rootopia, which allows to individually assess the respective part of the Web PKI relevant for a user. Our analysis of browser histories of 22 Internet users reveals, that the major part of the PKI is completely irrelevant to a single user. On a per user level, the attack surface can be reduced by more than 90%, which shows the potential of the individualization of the set of trusted CAs. Furthermore, all the relevant CAs reside within a small set of countries. Our findings confirm that we unnecessarily trust in a huge number of CAs, thus exposing ourselves to unnecessary risks. Subsequently, we present an overview on our approach to realize the possible security gains.

机译：摘要-大多数Internet应用程序的安全性都依赖于基础公钥基础结构（PKI），因此依赖于证书颁发机构（CA）的生态系统。负责发布和维护SSL证书的PKI池（称为Web PKI）已经变得非常庞大和复杂。在此，每个CA都是单个故障点，导致了攻击面，其规模很难评估。本文探讨了是否以及如何减少攻击面，以最大程度地降低依赖恶意证书的风险。特别地，我们考虑信任的CA集合的个性化。我们提供了一个称为Rootopia的工具，该工具可以单独评估与用户相关的Web PKI的各个部分。我们对22个Internet用户的浏览器历史记录的分析表明，PKI的主要部分与单个用户完全无关。在每个用户级别上，攻击面可以减少90％以上，这表明可信任的CA集合具有个性化的潜力。此外，所有相关的CA都位于少数国家/地区中。我们的发现证实，我们不必要地信任大量的CA，从而使自己面临不必要的风险。随后，我们对实现可能的安全收益的方法进行了概述。

著录项

来源
《2013 ASE/IEEE International Conference on Social Computing》|2013年|600-605|共6页
会议地点 Washington DC(US)
作者
Braun Johannes; Rynkowski Gregor;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种 eng
中图分类
关键词

相似文献

外文文献
中文文献
专利

1. Formal Definitions and Complexity Results for Trust Relations and Trust Domains fit for TTPs, the Web of Trust, PKIs, and ID-Based Cryptography [J] . Simon Kramer, Rajeev Gore, Eiji Okamoto SIGACT News . 2010,第1期

机译：信任关系和信任域的形式化定义和复杂性结果适用于TTP，信任网，PKI和基于ID的密码学
2. Server notaries: a complementary approach to the web PKI trust model [J] . Emre Yüce, Ali Aydn Selçuk Information Security, IET . 2018,第5期

机译：服务器公证人：Web PKI信任模型的补充方法
3. CA trust management for the Web PKI [J] . Johannes Braun, Florian Volk, Jiska Classen, Journal of computer security . 2014,第6期

机译：Web PKI的CA信任管理
4. The Potential of an Individualized Set of Trusted CAs: Defending against CA Failures in the Web PKI [C] . Braun Johannes, Rynkowski Gregor ASE/IEEE International Conference on Social Computing . 2013

机译：个性化的可信CAS集的潜力：防止Web PKI中的CA故障
5. A theoretical model and definition of human trust in World Wide Web (WWW) commerce systems, and an empirical evaluation of the factors affecting trust in web banking systems [D] . Kini, Anil Dayanand. 1999

机译：万维网（WWW）商业系统中人类信任的理论模型和定义，以及对影响网络银行系统中信任的因素的经验评估
6. Seeding Collaborations to Advance Kinase Science with the GSK Published Kinase Inhibitor Set (PKIS) [O] . David H. Drewry, Timothy M. Willson, William J. Zuercher -1

机译：与GSK发布的激酶抑制剂套装（PKIS）开展种子合作以促进激酶科学
7. ACC/AHA guidelines for the evaluation and management of chronic heart failure in the adult: executive summary A report of the american college of cardiology/american heart association task force on practice guidelines (committee to revise the 1995 guidelines for the evaluation and management of heart failure) developed in collaboration with the international society for heart and lung transplantation endorsed by the heart failure society of america51The document was approved by the American College of Cardiology Board of Trustees in November 2001 and the American Heart Association Science Advisory and Coordinating Committee in September 2001.52When citing this document, the American College of Cardiology and the American Heart Association would appreciate the following citation format: Hunt SA, Baker DW, Chin MH, Cinquegrani MP, Feldman AM, Francis GS, Ganiats TG, Goldstein S, Gregoratos G, Jessup ML, Noble RJ, Packer M, Silver MA, Stevenson LW. ACC/AHA guidelines for the evaluation and management of chronic heart failure in the adult: executive summary: a report of the American College of Cardiology/American Heart Association Task Force on Practice Guidelines (Committee to Revise the 1995 Guidelines for the Evaluation and Management of Heart Failure). J Am Coll Cardiol 2001;38:2101–13.53The American College of Cardiology and the American Heart Association make every effort to avoid any actual or potential conflicts of interest that may arise as a result of an outside relationship or a personal, professional, or business interest of a member of the writing panel. Specifically, all members of the writing group are required to provide disclosure statements of all such relationships that might be perceived as real or potential conflicts of interest. These statements are reviewed by the parent task force, reported orally to all members of the writing panel at the first meeting, and updated as changes occur.54This document, as well as the corresponding full-text guidelines, is available on the World Wide Web sites of the American College of Cardiology (www.acc.org) and the American Heart Association (www.americanheart.org). Single reprints of the executive summary are available for $5.00 each by calling 800-253-4636 (US only) or writing the American College of Cardiology, Educational Services, 9111 Old Georgetown Road, Bethesda, MD 20814-1699. To purchase additional reprints up to 999 copies, call 800-611-6083 (US only) or fax 413-665-2671; 1000 or more copies, call 214-706-1466, fax 214-691-6342, or e-mail pubauth@heart.org (specify version: Executive Summary—71-0125; Full Text—71-1026).55© 2001 American College of Cardiology and American Heart Association, Inc. [O] . Hunt Sharon A, Baker David W, Chin Marshall H, 2001

机译：ACC / AHA成人慢性心力衰竭评估和管理指南：执行摘要美国心脏病学会/美国心脏协会实践指南工作组的报告（委员会修订1995年心脏评估和管理指南与美国心力衰竭学会认可的国际心脏和肺移植协会合作51）该文件于2001年11月获得美国心脏病学会理事会的批准，并于2001年9月获得美国心脏协会科学咨询和协调委员会的批准.52引用本文件时，美国心脏病学会和美国心脏协会将赞赏以下引用格式：Hunt SA，Baker DW，Chin MH，Cinquegrani MP，Feldman AM，Francis GS，Ganiats TG，Goldstein S，Gregoratos G，Jessup ML，Noble RJ，Packer M，Silver MA，Stevenson LW。 ACC / AHA成人慢性心力衰竭评估和管理指南：摘要：美国心脏病学会/美国心脏协会实践指南工作组的报告（修订1995年《美国心脏病学会评估和管理指南》的委员会心脏衰竭）。 J Am Coll Cardiol 2001; 38：2101–13.53美国心脏病学会和美国心脏协会竭尽全力避免由于外部关系或个人，专业或其他原因而引起的任何实际或潜在的利益冲突。写作小组成员的商业利益。具体而言，要求写作小组的所有成员提供所有可能被视为实际或潜在利益冲突的关系的披露声明。这些声明由上级工作组审查，在第一次会议上口头报告给写作小组的所有成员，并在发生变化时进行更新。54本文档以及相应的全文指南可在万维网上找到。美国心脏病学院（www.acc.org）和美国心脏协会（www.americanheart.org）的网站。致电800-253-4636（仅适用于美国）或写信给美国心脏病，教育服务学院，地址为9111 Old Georgetown Road，Bethesda，MD 20814-1699，可以执行摘要的单个重印本，每张5.00美元。要购买最多999份的其他重印本，请致电800-611-6083（仅限美国）或传真413-665-2671； 1000或更多副本，请致电214-706-1466，传真214-691-6342或电子邮件pubauth@heart.org（指定版本：执行摘要-71-0125；全文-71-1026）。55©2001美国心脏病学会和美国心脏协会有限公司

The Potential of an Individualized Set of Trusted CAs: Defending against CA Failures in the Web PKI

摘要

著录项

相似文献

相关主题

期刊订阅