Keyjacking: Risks of the Current Client-side Infrastructure

Dartmouth Technical Report TR2003-443

	John C. Marchesini
	Sean W. Smith
	Meiyuan Zhao

Date: February 2003

URL (compressed postscript): <http://www.cs.dartmouth.edu/reports/TR2003-443.ps.Z> (64KB)

URL (PDF): <http://www.cs.dartmouth.edu/reports/TR2003-443.pdf> (108KB)

Abstract:
 In theory, PKI can provide a flexible and strong way to
 authenticate users in distributed information systems. In practice,
 much is being invested in realizing this vision via client-side SSL
 and browser-based keystores. Exploring this vision, we demonstrate
 that browsers will use personal certificates to authenticate requests
 that the person neither knew of nor approved (and which password-based
 systems would have defeated), and we demonstrate the easy permeability
 of these keystores (including new attacks on medium and high-security
 IE/XP keys). We suggest some countermeasures, but also suggest that a
 fundamental rethinking of the trust, usage, and storage model might
 result in a more effective PKI.