Title :
Be Careful Who You Trust: Issues with the Public Key Infrastructure
Author :
Black, Paul ; Layton, Robert
Author_Institution :
Internet Commerce Security Lab., Federation Univ., Mt Helen, VIC, Australia
Abstract :
The modern digital internet economy and billions of dollars of trade are made possible by the internet security which is provided by operating system and web browser developers. This paper provides a survey of how this security is implemented through the use of digital certificates and the Public Key Infrastructure. Documented cases of the abuse of these digital certificates are given. It is shown that these problems arise from a combination of commercial pressures and a failure of the designers of internet security to consider the fundamental security principal of least privilege. Measures which are used to mitigate these problems are noted and new PKI architectural components which are designed to correct existing problems are examined.
Keywords :
Internet; public key cryptography; Internet security; PKI architectural components; Web browser developers; digital Internet economy; digital certificates; operating system developers; public key infrastructure; Browsers; Encryption; Internet; Operating systems; Public key; X.509; digitial certificate; least privilege; web browser;
Conference_Titel :
Cybercrime and Trustworthy Computing Conference (CTC), 2014 Fifth
Print_ISBN :
978-1-4799-8824-2
