###

计算机系统应用英文版:2018,27(10):232-239

View/Add Comment 过刊浏览高级检索 HTML

←前一篇 | 后一篇→

码上扫一扫！

下载全文

数字证书透明性CT机制安全威胁研究

张婕^1,2,3, 王伟^2,4, 马迪³, 毛伟^2,4

(1.中国科学院计算机网络信息中心, 北京 100190;2.中国科学院大学, 北京 100049;3.互联网域名系统北京市工程研究中心, 北京 100190;4.北龙中网(北京)科技有限责任公司, 北京 100190)

Overview on Security Issues of Certificate Transparency

ZHANG Jie^1,2,3, WANG Wei^2,4, MA Di³, MAO Wei^2,4

(1.Computer Network Information Center, Chinese Academy of Sciences, Beijing 100190, China;2.University of Chinese Academy of Sciences, Beijing 100049, China;3.ZDNS Co. Ltd., Beijing 100190, China;4.Knet Technologies Co. Ltd., Beijing 100190, China)

摘要

图/表

参考文献

相似文献

本文已被：浏览 1887次下载 2826次
Received:January 31, 2018 Revised:February 27, 2018

中文摘要: 公钥基础设施（Public Key Infrastructure，PKI）和SSL/TLS加密协议，是当今互联网进行安全通信的关键要素，但存在被攻击或恶意CA所导致的重大安全隐患.2013年，谷歌提出证书透明性（Certificate Transparency，CT）技术用于对CA签发的HTTPS证书进行公开审计.目前，大多CA都支持CT，在谷歌生态中，浏览器也广泛部署CT技术，但CT也引入了新的运行风险.本文从信任机制、安全威胁两个角度梳理了CT技术，归纳总结出基于CT的Web PKI信任模型和安全威胁模型，并提出安全保障机制及应用部署建议，最后对于CT技术的发展进行了总结和展望.

中文关键词: Web PKI 证书透明性安全威胁证书撤销信任机制

Abstract:Public Key Infrastructure (PKI) and SSL/TLS encryption are key elements of today's Internet for secure communications, but a major security risk is caused by an compromised or malicious CA. In 2013, Google proposed Certificate Transparency (CT) which aimed to safeguard the certificate issuance process by providing an open framework for monitoring and auditing HTTPS certificates. At present, in Google ecology, CT is being actively supported by most of CA, and developed in browsers. Meanwhile, a number of secure-related challenges remain. This article reviews the CT technology from the perspectives of trust mechanism and security threats, summarizes the CT-based Web-PKI trust model and security threat model, and puts forward the security assurance mechanism and application deployment recommendations. Finally, the development of CT technology is summarized and prospected.

keywords: Web Public Key Infrastructure (Web PKI) Certificate Transparency security threat revocation certificate trust mechanism

文章编号： 中图分类号： 文献标志码：

基金项目:

引用文本：
张婕,王伟,马迪,毛伟.数字证书透明性CT机制安全威胁研究.计算机系统应用,2018,27(10):232-239
ZHANG Jie,WANG Wei,MA Di,MAO Wei.Overview on Security Issues of Certificate Transparency.COMPUTER SYSTEMS APPLICATIONS,2018,27(10):232-239

Author Name	Affiliation	E-mail
ZHANG Jie	Computer Network Information Center, Chinese Academy of Sciences, Beijing 100190, China University of Chinese Academy of Sciences, Beijing 100049, China ZDNS Co. Ltd., Beijing 100190, China	zhangjie@cnic.cn
WANG Wei	University of Chinese Academy of Sciences, Beijing 100049, China Knet Technologies Co. Ltd., Beijing 100190, China
MA Di	ZDNS Co. Ltd., Beijing 100190, China
MAO Wei	University of Chinese Academy of Sciences, Beijing 100049, China Knet Technologies Co. Ltd., Beijing 100190, China

Author Name	Affiliation	E-mail
ZHANG Jie	Computer Network Information Center, Chinese Academy of Sciences, Beijing 100190, China University of Chinese Academy of Sciences, Beijing 100049, China ZDNS Co. Ltd., Beijing 100190, China	zhangjie@cnic.cn
WANG Wei	University of Chinese Academy of Sciences, Beijing 100049, China Knet Technologies Co. Ltd., Beijing 100190, China
MA Di	ZDNS Co. Ltd., Beijing 100190, China
MAO Wei	University of Chinese Academy of Sciences, Beijing 100049, China Knet Technologies Co. Ltd., Beijing 100190, China