Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

A Closer Look at Revocation and Key Compromise in Public Key Infrastructures

Published

Author(s)

David A. Cooper

Abstract

Over time, in order to improve functionality or efficiency, new features have been added to the basic framework of public key infrastructures (PKIs). While these new features are useful, as with any other security critical application, new features are useful, as with any other security critical application, new features can open the door for new types of attacks. In this paper, we will concentrate on those attacks against a PKI which allow an attacker to take advantage of a compromised private key. In particular, we will look at types of attacks that may allow an attacker, who has compromised someone else's private key, to either circumvent or exploit the mechanisms designed to deal with key compromise. The paper includes descriptions of several such attacks as well as suggestions to either prevent these attacks or to mitigate the damage that they can cause.
Proceedings Title
Proceedings of the 21st National Information Systems Security Conference
Conference Dates
October 5-8, 1998
Conference Title
National Information Systems Security Conference

Keywords

certification authority, key compromise, pki, public key infrastructure

Citation

Cooper, D. (1998), A Closer Look at Revocation and Key Compromise in Public Key Infrastructures, Proceedings of the 21st National Information Systems Security Conference (Accessed February 26, 2024)
Created October 1, 1998, Updated February 17, 2017