论文信息 - Keyjacking: the surprising insecurity of client-side SSL

Keyjacking: the surprising insecurity of client-side SSL

In theory, PKI can provide a flexible and strong way to authenticate users in distributed information systems. In practice, much is being invested in realizing this vision via client-side SSL and various client keystores. However, whether this works depends on whether what the machines do with the private keys matches what the humans think they do: whether a server operator can conclude from an SSL request authenticated with a user's private key that the user was aware of and approved that request. Exploring this vision, we demonstrate via a series of experiments that this assumption does not hold with standard desktop tools, even if the browser user does all the right things. A fundamental rethinking of the trust, usage, and storage model might result in more effective tools for achieving the PKI vision.

Sean W. Smith | Meiyuan Zhao | John Marchesini

[1] Grace A. Lewis,et al. Beyond the Black Box: A Case Study in C to Java Conversion and Product Extensibility , 2001 .

[2] Jennifer Niederst. Web Design in a Nutshell , 2001 .

[3] Ross J. Anderson. Why cryptosystems fail , 1994, CACM.

[4] J. Doug Tygar,et al. Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[5] Sean W. Smith,et al. Web Spoofing Revisited: SSL and Beyond , 2002 .

[6] Ka-Ping Yee,et al. User Interaction Design for Secure Systems , 2002, ICICS.

[7] Lynn Andrea Stein,et al. The world wide web security faq , 2002 .

[8] Sean W. Smith,et al. Trusted paths for browsers , 2002, TSEC.

[9] Dan S. Wallach,et al. Web Spoofing: An Internet Con Game , 1997 .

[10] Kelly E. Murray,et al. Under the Hood , 1996, J. Object Oriented Program..

[11] OppligerRolf. Microsoft .NET Passport , 2003 .

[12] Nick Feamster,et al. Dos and don'ts of client authentication on the web , 2001 .

[13] E Flahavin,et al. 19th National Information Systems Security Conference , 1997 .

[14] R. Asokan,et al. Digital signatures and electronic documents: a cautionary tale , 2002, Communications and Multimedia Security.

[15] Benny Pinkas,et al. Securing passwords against dictionary attacks , 2002, CCS '02.

[16] Tomaž Klobučar,et al. Advanced Communications and Multimedia Security , 2002, IFIP — The International Federation for Information Processing.