{"title":"一项关于网上证书伪造威胁的研究","authors":"Sung Wook Lee, Jae Ik Lee, Dong‐Guk Han","doi":"10.1109/CCST.2013.6922060","DOIUrl":null,"url":null,"abstract":"Many online certificate-issuing services are being made available, and the use of those services has increased due to their convenience and diversification. However, development of new hacking techniques has introduced new threats to online certificate issuing services. In this study, we show that the data transmitted from an online certificate issuing server to output devices (such as a PC or printer) can be accessed by a hacker and modified into a false certificate and that the falsified document or certificates can be printed. In addition, we show that hackers can bypass forgery prevention software. Our findings show that the data located in the memory of an Internet browser that conducts the issuing of certificates can be accessed and manipulated, and that the forged certificate can be printed. We also determined that a forged certificate can be printed using the data located in the spool file.","PeriodicalId":243791,"journal":{"name":"2013 47th International Carnahan Conference on Security Technology (ICCST)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A study of the threat of forgery of certificates issued online\",\"authors\":\"Sung Wook Lee, Jae Ik Lee, Dong‐Guk Han\",\"doi\":\"10.1109/CCST.2013.6922060\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Many online certificate-issuing services are being made available, and the use of those services has increased due to their convenience and diversification. However, development of new hacking techniques has introduced new threats to online certificate issuing services. In this study, we show that the data transmitted from an online certificate issuing server to output devices (such as a PC or printer) can be accessed by a hacker and modified into a false certificate and that the falsified document or certificates can be printed. In addition, we show that hackers can bypass forgery prevention software. Our findings show that the data located in the memory of an Internet browser that conducts the issuing of certificates can be accessed and manipulated, and that the forged certificate can be printed. We also determined that a forged certificate can be printed using the data located in the spool file.\",\"PeriodicalId\":243791,\"journal\":{\"name\":\"2013 47th International Carnahan Conference on Security Technology (ICCST)\",\"volume\":\"19 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 47th International Carnahan Conference on Security Technology (ICCST)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CCST.2013.6922060\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 47th International Carnahan Conference on Security Technology (ICCST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCST.2013.6922060","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A study of the threat of forgery of certificates issued online
Many online certificate-issuing services are being made available, and the use of those services has increased due to their convenience and diversification. However, development of new hacking techniques has introduced new threats to online certificate issuing services. In this study, we show that the data transmitted from an online certificate issuing server to output devices (such as a PC or printer) can be accessed by a hacker and modified into a false certificate and that the falsified document or certificates can be printed. In addition, we show that hackers can bypass forgery prevention software. Our findings show that the data located in the memory of an Internet browser that conducts the issuing of certificates can be accessed and manipulated, and that the forged certificate can be printed. We also determined that a forged certificate can be printed using the data located in the spool file.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
