View Item 
        •   Utrecht University Student Theses Repository Home
        • UU Theses Repository
        • Theses
        • View Item
        •   Utrecht University Student Theses Repository Home
        • UU Theses Repository
        • Theses
        • View Item
        JavaScript is disabled for your browser. Some features of this site may not work without it.

        Browse

        All of UU Student Theses RepositoryBy Issue DateAuthorsTitlesSubjectsThis CollectionBy Issue DateAuthorsTitlesSubjects

        Improving PKI: Solution analysis in case of CA compromisation

        Thumbnail
        View/Open
        Master Thesis - Improving PKI - Samira Zaker Soltani.pdf (1.193Mb)
        Publication date
        2013
        Author
        Zaker Soltani, S.
        Metadata
        Show full item record
        Summary
        Creating a secure connection on the Internet is made possible through the usage of certificates, binding an entity to its public key. These certificates can be issued by any of the Certificate Authorities (CA), where each CA has the same privileges. During the last year, we have seen many CA compromises, resulting into the issuance of fraudulent certificates. Fraudulent certificates can be used, in combination with the man-in-the-middle attack, to eavesdrop the communications of Internet users. This research focuses on solutions that can remove or limit the impact of a CA compromisation and provides a description and analysis of each solution. The solutions have been chosen through interviews and literature. Among the discussed solutions are Public Key Pinning, Sovereign Keys, Certificate Transparency, Perspectives & Convergence, DANE, and MCS. In order to identify each solution's advantages and disadvantages, we have created a metric of aspects. The aspects have been categorized into security, usability, and costs. The focus of this research has been on security, since that is the aspect in Public Key Infrastructure we are trying to solve. The results indicate that Certificate Transparency and DANE are the most promising solutions for limiting the risks of a compromised CA. Further research will be needed to complete each solution, since both solutions are not yet ready for deployment.
        URI
        https://studenttheses.uu.nl/handle/20.500.12932/12583
        Collections
        • Theses
        Utrecht university logo