IEEE Technology and Society Magazine - Fall 2014 - 11

But there still remains a problem. Adelman's student
a "random" AES/DES session key K and transLoren Kohnfelder noted in 1978 [4] that all public-key
mits the enciphered version of K using the PKS
cryptosystems are vulnerable to spoofing attacks; to
employing the seller's public key. This session
spoof is to "cause a deception or hoax." The buyer thinks
key K will only be used during this buyer-seller
the Internet has connected his/her computer to the websession.
site of xxxairline.com, but alas, the buyer's usually trusty
3) The seller may determine K by deciphering the
machine has been spoofed. Konhfelder observed that the
key-transmission ciphertext using the seller's priseller had to be authenticated to the buyer and proposed
vate key.
a solution. He suggested users "... must place his enciphering algorithm (his public key) in the public file."
Both parties now have the same key K and the deal
These entries in the public file would establish the relacan be struck. What could go wrong? Plenty!
tionship between the identity of the seller
■  I
  n 2005, X. Wang, Y. Yin and H.
xxxairline.com and the seller's public key.
Once a
Konfelder referred to this proof of idenYu proved that the hashing funcsecure socket
tity as a (public-key) "certificate." While
tions MD5 [5] and SHA-1 [6] used to
connection
the seller might require the buyer to also
make the certificates were defective.
have a certificate in both SSL and TSL, the
If they were used to hash, SSL/TLS
was
seller generally does not. Having received
might be circumvented implementing
established,
the authorization and credit card details
a rogue Certificate Authority [7] to
e-Commerce
from the buyer, the seller contacts the buysteal a buyer's secret information.
■  P
  erhaps, the RNG selected key is not
could be
er's credit card issuer through a payment
gateway, analogous to the familiar cardrandomly selected.
carried out
■  P
  erhaps, the seller's or CA's private
swiping devices in a supermarket, and the
securely and
transaction is either accepted or declined.
key is not so private.
business could
The International Telecommunication
flourish.
Union (ITU) Recommendation X.509
These three exposures have serious
specifies how the certificate accomand potentially harmful effects on privacy
plishes authentication. X.509 supposes the existence
and security. While the Wang-Lin-Yu glitch might be
of trusted Certification Authorities (CA) which would
fixed by changing the hashing method, the last two
issue valid certificates. Examples of certificate issuissues could be surreptitiously influenced by the NSA.
ers include digicert.com, verisign.com and geotrust.
TLS/SSL uses different keys to secure an Internet
com. What does a certificate contain and how is it
transaction. for example:
constructed?
■  In Step 1, the public key of the CA is used to
To "hash" is to chop into small pieces. The website
recipesource.com lists well over 100 recipes for the
authenticate the certificate of the seller.
■  In Step 2, a session key is randomly generated by
American quintessential dish corned-beef hash. My
favorite is the famous Swiss maximum artery-clogger
the buyer to be used to securely exchange inforBerner Rösti combining grated potatoes, onion, garmation during the TLS-session.
■  In Step 2, the public key of the seller is used by
lic, and bacon. The X.509 certificate lists descriptors
of the seller, including the seller's identity and public
the buyer to securely deliver the session key to
key. These descriptors are first hashed together and
the seller.
■  In Step 3, the seller uses its secret key to obtain
then enciphered using the CA's private key to derive
the signature on the certificate. The CA's public key is
the session key selected by the buyer.
made available to all browsers and can be used to check
the signature and thus verify the public key of the purThe exposure of these keys would have different
ported seller.
harmful effects:
To summarize, there are several steps in the SSL/
■  If a CA's private key were revealed, it would allow
TSL authentication process:
the fabrication of bogus certificates compromis1) The buyer verifies the identity of the seller by
ing all sellers which used this CA to obtain a
using the seller's certificate to first authenticate
certificate.
■  Even though the session key is chosen afresh
the seller as the party to whom the web browser
has connected to the buyer and next for the buyer
during each session, a single compromise would
to learn the seller's public key.
reveal the credit card information of the buyer.
■ 
2) Once the seller has been authenticated, the buyer
If a seller's private key were revealed, it would
uses a random number generator (RNG) to select
compromise all TLS transactions with this server.
IEEE TECHNOLOGY AND SOCIETY MAGAZINE

|

fALL 2014

|

11
http://www.xxxairline.com http://www.xxxairline.com http://www.digicert.com http://www.verisign.com http://www.recipesource.com
Table of Contents for the Digital Edition of IEEE Technology and Society Magazine - Fall 2014
