• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>European Symposium on Research in Computer Security >Challenging the Trustworthiness of PGP: Is the Web-of-Trust Tear-Proof?
【24h】

Challenging the Trustworthiness of PGP: Is the Web-of-Trust Tear-Proof?

机译:挑战PGP的可信度:是信任网络的防毒面目吗?

获取原文
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

The OpenPGP protocol provides a long time adopted and widespread tool for secure and authenticated asynchronous communications, as well as supplies data integrity and authenticity validation for software distribution. In this work, we analyze the Web-of-Trust on which the OpenPGP public key authentication mechanism is based, and evaluate a threat model where its functionality can be jeopardized. Since the threat model is based on the viability of compromising an OpenPGP keypair, we performed an analysis of the state of health of the global OpenPGP key repository. Despite the detected amount of weak key-pairs is rather low, our results show how, under reasonable assumptions, approximately 70% of the Web-of-Trust strong set is potentially affected by the described threat. Finally, we propose viable mitigation strategies to cope with the highlighted threat.
机译:OpenPGP协议提供了很长时间采用和广泛的工具,用于安全和经过身份验证的异步通信,以及为软件分发提供数据完整性和真实性验证。 在这项工作中,我们分析了OpenPGP公钥认证机制所基于的信任网站,并评估其功能可以受到损害的威胁模型。 由于威胁模型基于损害OpenPGP Keypair的可行性,因此我们对全局OpenPGP密钥存储库的健康状况进行了分析。 尽管检测到的弱密钥对相当较低,但我们的结果表明如何在合理的假设下,大约70%的信任网络强大集具可能受到所描述的威胁的影响。 最后,我们提出了应对突出显示的威胁的可行缓解策略。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号