Restricting Access with Certificate Attributes in Multiple Root Environments-A Recipe for Certificate Masquerading

New Orleans, Lousiana December 10-December 14

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/ACSAC.2001.991555

17th Annual Computer Security Applica ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by J. Hayes

	ASCII Text	x
	J. Hayes, "Restricting Access with Certificate Attributes in Multiple Root Environments-A Recipe for Certificate Masquerading," Computer Security Applications Conference, Annual, pp. 0386, 17th Annual Computer Security Applications Conference (ACSAC'01), 2001.

	BibTex	x
	@article{ 10.1109/ACSAC.2001.991555, author = {J. Hayes}, title = {Restricting Access with Certificate Attributes in Multiple Root Environments-A Recipe for Certificate Masquerading}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2001}, isbn = {0-7695-1405-7}, pages = {0386}, doi = {http://doi.ieeecomputersociety.org/10.1109/ACSAC.2001.991555}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - Restricting Access with Certificate Attributes in Multiple Root Environments-A Recipe for Certificate Masquerading SN - 0-7695-1405-7 SP EP A1 - J. Hayes, PY - 2001 VL - 0 JA - Computer Security Applications Conference, Annual ER -

J. Hayes, National Security Agency

The issue of certificate masquerading against the SSL protocol is pointed out in [4]. In [4], various forms of server certificate masquerading are identified. It should also be noted that the attack described is a man-in-the-middle (MITM) attack that requires direct manipulation of the SSL protocol. This paper is a mirror of [4] and involves client certificate masquerading. The motivation for this paper comes from the fact that this anomaly has shown up in commercial products. It is potentially more damaging than [4] since a MITM attack is not involved and the only requirement is that the application trust a given root certificate authority (CA). The problem arises when applications use multiple roots that do not cross-certify. The problem is further exasperated since the applications themselves do not have the ability to apply external name constraints and policies. Unfortunately, the problem is a fairly well known problem within the public key infrastructure (PKI) community, but continues to persist in practice despite this knowledge.

Citation:

J. Hayes, "Restricting Access with Certificate Attributes in Multiple Root Environments-A Recipe for Certificate Masquerading," acsac, pp.0386, 17th Annual Computer Security Applications Conference (ACSAC'01), 2001

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.