The security of Internet-based services is a topic of increasing interest and concern, especially as the number and sophistication of cyber-attacks increases. Various types of security protocols and mechanisms are used to protect data for network-based interactions, including, for example, protocols that rely on public-key certificates (such as X.509 digital certificates). Public-key certificates are used in implementations of various popular security protocols such as TLS (Transport Layer Security), TLS's predecessor SSL (Secure Sockets Layer), SSH (Secure Shell), SFTP (Secure File Transfer Protocol) and the like. Third party entities called certificate authorities (CAs) are typically responsible for issuing the digital certificates, certifying the ownership of a public key by the named subject indicated in a given certificate that contains the public key. Users of the protocols that utilize the public-key infrastructure rely upon the correctness of the information contained in the digital certificates, and thus rely on the trustworthiness of the CAs themselves.
A number of different techniques have been used to attempt to compromise security mechanisms that rely on public-key certificates. For example, some attackers may be able to compute private keys from public keys if the quality of the random numbers used to generate the public-private key pair is insufficiently high, or if duplicate or default keys are issued by CAs. Other potential weaknesses of the public-key infrastructure include impersonation, compromise or manipulation of root certificate authority information, as well as ill-formed fields in the digital certificates. As a result of attacks aimed at such weaknesses, malicious entities may be able to pass off a fraudulent public-key certificate as a legitimate certificate, thereby leading to such problems as disclosure of sensitive data, unauthorized financial transactions, identity theft, and the like.
As more and more financial and business transactions are conducted online, the numbers of users potentially susceptible to attacks targeting the vulnerabilities of such security mechanisms also rises. Typically, users may not have access to the expertise, or the extensive computational resources, that may be required to gauge the relative strengths and weaknesses of the various security mechanisms that they have to use. Users of the security mechanisms may thus find it difficult to estimate the extent to which the mechanisms are truly secure.
While embodiments are described herein by way of example for several embodiments and illustrative drawings, those skilled in the art will recognize that embodiments are not limited to the embodiments or drawings described. It should be understood, that the drawings and detailed description thereto are not intended to limit embodiments to the particular form disclosed, but on the contrary, the intention is to cover all modifications, equivalents and alternatives falling within the spirit and scope as defined by the appended claims. The headings used herein are for organizational purposes only and are not meant to be used to limit the scope of the description or the claims. As used throughout this application, the word “may” is used in a permissive sense (i.e., meaning having the potential to), rather than the mandatory sense (i.e., meaning must). Similarly, the words “include,” “including,” and “includes” mean including, but not limited to.