Security Issues with Certificate Authorities
| Title | Security Issues with Certificate Authorities |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Berkowsky, J. A., Hayajneh, T. |
| Conference Name | 2017 IEEE 8th Annual Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON) |
| Date Published | oct |
| ISBN Number | 978-1-5386-1104-3 |
| Keywords | Browsers, Browsers Security, digital signatures, Google, Human Behavior, human factors, Information security, Metrics, pubcrawl, Public key, Resiliency, Scalability, Servers, Standards organizations, Ubiquitous Computing Security, World Wide Web |
| Abstract | The current state of the internet relies heavily on SSL/TLS and the certificate authority model. This model has systematic problems, both in its design as well as its implementation. There are problems with certificate revocation, certificate authority governance, breaches, poor security practices, single points of failure and with root stores. This paper begins with a general introduction to SSL/TLS and a description of the role of certificates, certificate authorities and root stores in the current model. This paper will then explore problems with the current model and describe work being done to help mitigate these problems. |
| URL | http://ieeexplore.ieee.org/document/8249081/ |
| DOI | 10.1109/UEMCON.2017.8249081 |
| Citation Key | berkowsky_security_2017 |