Autonomous collision attack on OCSP services
نویسنده
چکیده
The paper describes two important design flaws in Online Certificate Status Protocol (OCSP), a protocol widely used in PKI environments for managing digital certificates’ credibility in real time. The flaws significantly reduce the security capabilities of the protocol, and can be exploited by a malicious third party to generate forged signed certificate statuses and, in the worst scenario, forged certificates. Description of the flaws, along with expected exploitation routes, consequences for consuming application layer protocols, and proposed countermeasures, is given.
منابع مشابه
A distributed ocsp framework for ad-hoc networks
Many solutions for establishing trust in mobile ad hoc networks (MANETs) involve public key cryptography. Most of these solutions, including proposals for routing protocols, suggest the deployment of public key certificates. An efficient mechanism for certificate revocation and validation is essential in every system that uses certificates. Consequently, such a scheme is required for MANETs, to...
متن کاملA Navigation System for Autonomous Robot Operating in Unknown and Dynamic Environment: Escaping Algorithm
In this study, the problem of navigation in dynamic and unknown environment is investigated and a navigation method based on force field approach is suggested. It is assumed that the robot performs navigation in...
متن کاملOxfordshire community stroke project classification poorly differentiates small cortical and subcortical infarcts.
BACKGROUND AND PURPOSE The Oxfordshire Community Stroke Project (OCSP) is a common clinical stroke classification tool. We evaluated the accuracy of OCSP classification with a prospective magnetic resonance imaging (MRI) study. METHODS Stroke/transient ischemic attack patients presenting within 48 hours of onset were included in the study (n=130). Following computed tomography scan, OCSP clas...
متن کاملThe MIT - Cornell Collision and Why It Happened
Mid-way through the 2007 DARPA Urban Challenge, MIT’s autonomous Land Rover LR3 ‘Talos’ and Team Cornell’s autonomous Chevrolet Tahoe ‘Skynet’ collided in a low-speed accident, one of the first well-documented collisions between two full-size autonomous vehicles. This collaborative study between MIT and Cornell examines the root causes of the collision, which are identified in both teams’ syste...
متن کاملDemo Abstract: On preventing GTS-based Denial of Service in IEEE 802.15.4
The IEEE 802.15.4 standard features some optional services, including the Guaranteed Time Slot (GTS) mechanism. It provides network devices with collision-free access to the medium to assure Quality of Service. GTS suffers from a severe security vulnerability: an adversary can easily perform a Denial of Service attack by selectively jamming collision-free communications. We present Secure GTS, ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- CoRR
دوره abs/1609.03047 شماره
صفحات -
تاریخ انتشار 2016