一种延迟承诺方案，用于增强基于公钥证书的协议

Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000) Pub Date : 2000-06-04 DOI:10.1109/ENABL.2000.883725

Wu Wen

{"title":"一种延迟承诺方案，用于增强基于公钥证书的协议","authors":"Wu Wen","doi":"10.1109/ENABL.2000.883725","DOIUrl":null,"url":null,"abstract":"Public key certificate based protocols depend on the freshness of the certificates for their security. It has been pointed out by various authors that current Public Key Infrastructure (PKI) does not provide effective freshness proof for certificates. An \"ex-employee\" who has access to the private key of a compromised server certificate can mount an attack on the SSL/TLS hand-shake protocol and eavesdrop the subsequent secret communication even if the server uses a fresh certificate. In this paper we propose an improved handshake protocol which requires minimum change to the current SSL/TLS handshake protocol, yet practically prevent the above \"ex-employee\" attack.","PeriodicalId":435283,"journal":{"name":"Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000)","volume":"195 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2000-06-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A delayed commitment scheme to enhance public key certificate based protocols\",\"authors\":\"Wu Wen\",\"doi\":\"10.1109/ENABL.2000.883725\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Public key certificate based protocols depend on the freshness of the certificates for their security. It has been pointed out by various authors that current Public Key Infrastructure (PKI) does not provide effective freshness proof for certificates. An \\\"ex-employee\\\" who has access to the private key of a compromised server certificate can mount an attack on the SSL/TLS hand-shake protocol and eavesdrop the subsequent secret communication even if the server uses a fresh certificate. In this paper we propose an improved handshake protocol which requires minimum change to the current SSL/TLS handshake protocol, yet practically prevent the above \\\"ex-employee\\\" attack.\",\"PeriodicalId\":435283,\"journal\":{\"name\":\"Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000)\",\"volume\":\"195 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2000-06-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ENABL.2000.883725\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ENABL.2000.883725","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

基于公钥证书的协议依赖于证书的新鲜度来保证其安全性。许多作者都指出，目前的公钥基础设施(PKI)并没有为证书提供有效的新鲜度证明。即使服务器使用新的证书，拥有受损服务器证书私钥的“前雇员”也可以对SSL/TLS握手协议发起攻击并窃听后续的秘密通信。在本文中，我们提出了一种改进的握手协议，该协议需要对当前SSL/TLS握手协议进行最小的更改，但实际上可以防止上述“前雇员”攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A delayed commitment scheme to enhance public key certificate based protocols

Public key certificate based protocols depend on the freshness of the certificates for their security. It has been pointed out by various authors that current Public Key Infrastructure (PKI) does not provide effective freshness proof for certificates. An "ex-employee" who has access to the private key of a compromised server certificate can mount an attack on the SSL/TLS hand-shake protocol and eavesdrop the subsequent secret communication even if the server uses a fresh certificate. In this paper we propose an improved handshake protocol which requires minimum change to the current SSL/TLS handshake protocol, yet practically prevent the above "ex-employee" attack.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000)

自引率

0.00%

发文量