Volume 1 - 2009

Abstract

This paper describes a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure websites. By application of suggested scenario it is possible to create a rogue certificate, containing original electronic signature. This certificate allows to impersonate any website, including banking and e-commerce sites secured using the HTTPS protocol. Described technique takes advantage of a weakness in the cryptographic hash function, known as an MD5 collision.

Keywords: Дигитални сертификати, хеш колизија, PKI, сертификационо тело

Published on website: 1.1.1970

Attached files: da-li-su-elektronski-sertifikati-zaista-bezbedni.pdf

FaLang translation system by Faboba

Are Electronic Certificates Really Secur

Volumes

Volume 1 - 2009

Volume 2 - 2010

Volume 3 - 2011

Volume 4 - 2012

Volume 5 - 2013

Volume 6 - 2014

Volume 7 - 2015

Volume 8 - 2016

Volume 9 - 2017

Volume 10 - 2018

Volume 11 - 2019

Volume 12 - 2020

Volume 13 - 2021

Volume 14 - 2022

Volume 15 - 2023

Volume 16 - 2024

Authors

Search