Last modified: 10/19/04 11:14:29 AM
J. Marchesini, S.W. Smith, M.Zhao.
"Keyjacking: The Surprising Insecurity of Client-side SSL"
Computers and Security
In press; available online September 2004.
In theory, PKI can provide a flexible and strong way to authenticate
users in distributed information systems. In practice, much is being
invested in realizing this vision via client-side SSL and various
client keystores. However, whether this works depends on whether what
the machines do with the private keys matches what the humans think
they do: whether a server operator can conclude from an SSL request
authenticated with a user's private key that the user was aware of and
approved that request. Exploring this vision, we demonstrate via a
series of experiments that this assumption does not hold with standard
desktop tools, even if the browser user does all the right things. A
fundamental rethinking of the trust, usage, and storage model might
result in more effective tools for achieving the PKI vision.
A preliminary version appeared as