Abstract
As Internet has been used widely, the enterprise is participated in the web service business as Internet advertisement, home shopping, home banking, and so on. Web security threats as the immoral, the cyber-crime which threaten the electronic commerce are increased in the reversed side of the convenience of WWW. Therefore, it is necessary to establish and apply the countermeasure in electronic commerce activities. It is very important to manage the key safely in order to provide the security web services which are the confidentiality, the authentication, the repudiation and so on. It needs the convenient key management system to provide the proper security service to electronic commerce activities. PKI-based key management system which a certificate is applied in is used widely for HTTPS. We can find the vulnerabilities of certificate application in a lot of web security products. This paper studies the vulnerability cases of the certificate application which we have found frequently in the real environment or at web security products. And this paper proposes the security requirements of the certificate when it uses in practical application. These security requirements which are proposed by this paper can be useful in the area of the validation of a certificate when the PKI based key management system is established. These security requirements can be used as a development guideline of a web security product developer in the area of the validation of a certificate. Also, they can be used as an evaluation criteria of a web security products in the area of the validation of a certificate when an evaluator assessments the web security products.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Housley, R., Ford, W., Polk, W., Solo, D.: Internet X.509 Public Key Infrastructure: Certificate and CRL Profile, RFC 3280 (April 2002)
Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005); ISBN 3-540-25910-4
Wilson, S.: The importance of PKI today. China Communications (2005)
Burkholdder, P.: SSL Man-in-the-Middle Attacks. The SANS Institute (February 2002)
Chomsiri, T.: HTTPS Hacking Protection. In: Proc. of Advanced Information Networking and Applications Workshops (AINAW), Mahasarakham, Thailand (May 2007)
Wagner, R.: Address Resolution Protocol Spoofing and Man-in-the-Middle Attacks, The SANS Institute (August 2001)
Cahill, V., Shand, B., Gray, E.: Using for Secure Collaboration in Uncertain Environments. Pervasive Computing 2(3), 52–61 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Choi, H.B., Kim, Y.D., Han, S.Y., Yoon, H.J. (2011). Security Requirements of Certificate Validation in Web Security. In: Kim, Th., et al. Grid and Distributed Computing. GDC 2011. Communications in Computer and Information Science, vol 261. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27180-9_49
Download citation
DOI: https://doi.org/10.1007/978-3-642-27180-9_49
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-27179-3
Online ISBN: 978-3-642-27180-9
eBook Packages: Computer ScienceComputer Science (R0)