How to Remove Document Management Hurdles with X-Docs?
Certificate authorities under attack :A
1. Seminar
On
“Certificate authorities under attack :A
Plea for Certificate Legitimation”
By
Mr. Saurabh Giratkar
Under the guidance of
Department Of Computer Science and
Engineering
2. Contents:
1. Introduction
2. Probability-theoretic Observation
3. Problem areas
4. Certificate Revocation and its respective approaches
5. Certificate Authorization and its respective
approaches
6. Conclusion
4. 2. Probability-theoretic Observation
• After some incidents of frauduently issuing SSL certificates, i
assume a list of n commonly trusted root CAs, i.e., CA1, CA2,
. . . , CAn. Each CAi is compromised with a probability 0 ≤ pi
≤ 1 within a given time interval.
Pr[CAi is compromised] = pi
1 − pi refers to the probability of CAi not being
compromised
Pr[CAi is not compromised] = 1 − pi,
7. 3.Problem areas
There are two problem areas as follows:
• Certificate Revocation
• Certificate Authorization
8. Problem areas in Certificate Revocation:
Few problematic areas.
1. Security
2. Black list approach.
9. Problem areas in Certificate Authorization:
• One problematic area.
• It possess questionable trust models.
10. Certificate Legitimation:
• Certificate Authorization and Certificate Revocation are
subsumed and then termed as Certificate Legitimation.
• Certificate Legitimation is a key to the security of the Internet
PKI.
11. 4.Certificate Revocation and its respective
approaches
Approaches of Certificate Revocation:
• It has some security problems in the field and to overcome
these problems there are two important approaches as follows,
1.Black list approach
2.White list approach
12. 1.Black list approach:
• It does not follows the legitimacy.
• It is risky approach for some incidents.
• It provides less security as compare to that of white list
approach.
• Black list approach is refers to as a default permit stance.
• Black list approach is more comfortable for travelling persons
but less secure for the country.
13. 2.White list approach:
• White list approach follows the legitimacy.
• White list approach is also risky for some incidents.
• It provides more security as compare to that of black list
approach.
• White list approach is refers to as a default-deny stance.
• Disadvantages of white list approach overweights its
advantages.
14. Countermeasure:
• These two approaches are completely vice-versa of each other.
• White list approach is used to legitimate certificates , while the
black list approach is used to revoked certificates.
• So, to solve the problem of Certificate Revocation , there is a
need to combine the approaches.
15. 5.Certificate Authorization and its respective
approaches:
Certificate Authorization:
• Certificate Authorization is use for a security purpose.
• Certificate Authorization is also use in the internet for the
authorization reason.
• X.509 certificate is use here for the authentication purpose.
• Public key pinning.
17. DANE:
• DANE stands for DNS-based Authentication.
• It is specified by the IETF.
• It is one of the most appropriate approach while dealing with
the problems in Certificate Authorization.
18. Sovereign Keys:
• It is similar to that of DANE.
• The EFF has launched an initiative called Sovereign Keys.
• Sovereign Keys plays an important role while dealing with
problems that occurs in Certificate Authorization.
19. 6.Conclusion:
In this seminar i have identified two problems in which
immediate action is required, namely Certificate Revocation and
Certificate Authorization, and i have introduced a notion of
“Certificate Legitimation” to subsumed them . We think that
certificate legitimation is going to be important in future, and that
approaches like white list , black list , DANE ,Sovereign Keys
are going to be very promising. These approaches do not solve all
the security problems , but they make the resulting system more
resilient against attacks.