Litcius/Paper detail

Rusted Anchors: A National Client-Side View of Hidden Root CAs in the Web PKI Ecosystem

Yiming Zhang, Baojun Liu, Chaoyi Lu, Zhou Li, Haixin Duan, Jiachen Li, Zaifeng Zhang

202117 citationsDOI

Abstract

HTTPS secures communications in the web and heavily relies on the Web PKI for authentication. In the Web PKI, Certificate Authorities (CAs) are organizations that provide trust and issue digital certificates. Web clients rely on public root stores maintained by operating systems or browsers, with hundreds of audited CAs as trust anchors. However, as reported by security incidents, hidden root CAs beyond the public root programs have been imported into local root stores, which allows adversaries to gain trust from web clients.

Topics & Concepts

Public key infrastructureRoot (linguistics)CertificatePublic key certificateComputer scienceCertificate authorityWorld Wide WebAuthentication (law)Computer securityPublic-key cryptographyInternet privacyEncryptionAlgorithmLinguisticsPhilosophyNetwork Security and Intrusion DetectionSoftware System Performance and ReliabilityInternet Traffic Analysis and Secure E-voting