Is Hierarchical Public-key Certification The Next Target For
Hackers?
報告人:范亞亭2005/10/06
出處• Communications of The ACM August 200
4/Vol.47,No.8
• By Mike Burmester and Yvo G. Desmedt
大綱• Public-key Cryptosystems and Certificates
• How Secure is a Certifying Authority
• A Horizontal Approach
• Conclusion
Public-key Cryptosystems and Certificates
• X509
• Public-key certificates:data + signature
• Hierarchical infrastructure (RCA & CAs)
Digital signatures
How Secure is a Certifying Authority
• Attacks:insider & outsider
• Security:security tools & policies
• X509:each node is a single point of failure
• If a hacker succeeds in penetrating the RCA then the security of the system is completely broken.
A Horizontal Approach
• the same public key determined by taking a majority vote over the trust-paths
• There are 2k+1 node-disjoint trust-paths that connect any two nodes.
• Attacking such structures requires the penetration of more than k nodes.
Combining hierarchical and horizontal infrastructures
RCA1
RCA2
RCA3
Conclusion
• Hierarchical structures:efficiency,less expensive,vulnerable
• 2k + 1 certificates are needed for a robust approach
• Combining hierarchical and horizontal infrastructures may not be too excessive and the degree of security obtained is higher.