SSL Trust Pitfalls Prof. Ravi Sandhu
2 © Ravi Sandhu 2006 SERVER-SIDE SSL (OR 1-WAY) HANDSHAKE WITH RSA Record Protocol Handshake Protocol
3 © Ravi Sandhu 2006 CLIENT-SIDE SSL (OR 2-WAY) HANDSHAKE WITH RSA Record Protocol Handshake Protocol
4 © Ravi Sandhu 2006 MULTIPLE ROOT CAs PLUS INTERMEDIATE CAs MODEL X Q A R ST CEGIKMO abcdefghijklmnop
5 © Ravi Sandhu 2006 MULTIPLE ROOT CAs PLUS INTERMEDIATE CAs MODEL Essentially the model on the web today Deployed in server-side SSL mode Client-side SSL mode yet to happen
6 © Ravi Sandhu 2006 SERVER-SIDE MASQUARADING Bob Web browser Web server Server-side SSL Ultratrust Security Services
7 © Ravi Sandhu 2006 SERVER-SIDE MASQUARADING Bob Web browser Web server Server-side SSL Ultratrust Security Services Mallorys Web server BIMM Corporation Server-side SSL
8 © Ravi Sandhu 2006 SERVER-SIDE MASQUARADING Bob Web browser Web server Server-side SSL Ultratrust Security Services Mallorys Web server Server-side SSL BIMM Corporation Ultratrust Security Services
9 © Ravi Sandhu 2006 REFERENCES "The problem with multiple roots in Web browsers-certificate masquerading" by Hayes, J.M. Proceedings Seventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, IEEE (WET ICE '98) June 1998 Page(s):