SSL Trust Pitfalls Prof. Ravi Sandhu

2 © Ravi Sandhu 2006 SERVER-SIDE SSL (OR 1-WAY) HANDSHAKE WITH RSA Record Protocol Handshake Protocol

3 © Ravi Sandhu 2006 CLIENT-SIDE SSL (OR 2-WAY) HANDSHAKE WITH RSA Record Protocol Handshake Protocol

4 © Ravi Sandhu 2006 MULTIPLE ROOT CAs PLUS INTERMEDIATE CAs MODEL X Q A R ST CEGIKMO abcdefghijklmnop

5 © Ravi Sandhu 2006 MULTIPLE ROOT CAs PLUS INTERMEDIATE CAs MODEL Essentially the model on the web today Deployed in server-side SSL mode Client-side SSL mode yet to happen

6 © Ravi Sandhu 2006 SERVER-SIDE MASQUARADING Bob Web browser Web server Server-side SSL Ultratrust Security Services

7 © Ravi Sandhu 2006 SERVER-SIDE MASQUARADING Bob Web browser Web server Server-side SSL Ultratrust Security Services Mallorys Web server BIMM Corporation Server-side SSL

8 © Ravi Sandhu 2006 SERVER-SIDE MASQUARADING Bob Web browser Web server Server-side SSL Ultratrust Security Services Mallorys Web server Server-side SSL BIMM Corporation Ultratrust Security Services

9 © Ravi Sandhu 2006 REFERENCES "The problem with multiple roots in Web browsers-certificate masquerading" by Hayes, J.M. Proceedings Seventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, IEEE (WET ICE '98) June 1998 Page(s):