Transcript
Page 1: Is Hierarchical Public-key Certification The Next Target For Hackers?

Is Hierarchical Public-key Certification The Next Target For

Hackers?

報告人:范亞亭2005/10/06

Page 2: Is Hierarchical Public-key Certification The Next Target For Hackers?

出處• Communications of The ACM August 200

4/Vol.47,No.8

• By Mike Burmester and Yvo G. Desmedt

Page 3: Is Hierarchical Public-key Certification The Next Target For Hackers?

大綱• Public-key Cryptosystems and Certificates

• How Secure is a Certifying Authority

• A Horizontal Approach

• Conclusion

Page 4: Is Hierarchical Public-key Certification The Next Target For Hackers?

Public-key Cryptosystems and Certificates

• X509

• Public-key certificates:data + signature

• Hierarchical infrastructure (RCA & CAs)

Page 5: Is Hierarchical Public-key Certification The Next Target For Hackers?

Digital signatures

Page 6: Is Hierarchical Public-key Certification The Next Target For Hackers?

How Secure is a Certifying Authority

• Attacks:insider & outsider

• Security:security tools & policies

• X509:each node is a single point of failure

• If a hacker succeeds in penetrating the RCA then the security of the system is completely broken.

Page 7: Is Hierarchical Public-key Certification The Next Target For Hackers?
Page 8: Is Hierarchical Public-key Certification The Next Target For Hackers?

A Horizontal Approach

• the same public key determined by taking a majority vote over the trust-paths

• There are 2k+1 node-disjoint trust-paths that connect any two nodes.

• Attacking such structures requires the penetration of more than k nodes.

Page 9: Is Hierarchical Public-key Certification The Next Target For Hackers?
Page 10: Is Hierarchical Public-key Certification The Next Target For Hackers?

Combining hierarchical and horizontal infrastructures

RCA1

RCA2

RCA3

Page 11: Is Hierarchical Public-key Certification The Next Target For Hackers?

Conclusion

• Hierarchical structures:efficiency,less expensive,vulnerable

• 2k + 1 certificates are needed for a robust approach

• Combining hierarchical and horizontal infrastructures may not be too excessive and the degree of security obtained is higher.


Top Related