Keyjacking: The Surprising Insecurity of Client-side SSL

Authors

John Marchesini, Dartmouth College
S W. Smith, Dartmouth College
Meiyuan Zhao, Dartmouth College

Document Type

Technical Report

Publication Date

2-13-2004

Technical Report Number

TR2004-489

Abstract

In theory, PKI can provide a flexible and strong way to authenticate users in distributed information systems. In practice, much is being invested in realizing this vision via client-side SSL and various client keystores. However, whether this works depends on whether what the machines do with the private keys matches what the humans think they do: whether a server operator can conclude from an SSL request authenticated with a user's private key that the user was aware of and approved that request. Exploring this vision, we demonstrate via a series of experiments that this assumption does not hold with standard desktop tools, even if the browser user does all the right things. A fundamental rethinking of the trust, usage, and storage model might result in more effective tools for achieving the PKI vision.

Comments

This TR supercedes TR2003-443. A preliminary version appeared in the proceedings of the 2nd Annual PKI Research Workshop in April of 2003.

Dartmouth Digital Commons Citation

Marchesini, John; Smith, S W.; and Zhao, Meiyuan, "Keyjacking: The Surprising Insecurity of Client-side SSL" (2004). Computer Science Technical Report TR2004-489. https://digitalcommons.dartmouth.edu/cs_tr/245