The database for authentication SSL-certificates

Posted: November 6, 2012 in IT Security News
Tags: ,

icsi

ICSI Certificate Notary

Security researchers from the University of Berkeley, announced the creation of non-profit community ICSI Certificate Notary, which will support a single database with information on the validity of SSL-certificates.

Create a service certificate validation is an attempt to address the key architectural issues the certification process – with one of the hundreds of compromised certificates, collapsing the entire chain of trust (the attacker can generate a certificate dlyalyubogo site, which will be accepted as valid the entire system). ICSI Certificate Notary can detect these fraudulent certificates are in the early stages of their appearance.

On the basis of a year of automated inspection, sweeping statistics about 7.6 billion SSL-connections from 220,000 users, collected data on about 500 thousand certificates used by web-sites in the network. Data accumulated using several independent partner systems operating in different parts of the world. Information is updated in a continuous cycle that allows you to quickly track down the facts compromised certificates. Thus, using the ICSI Certificate Notary any user can verify that the certificate used to create the SSL-connection to a given site, this site is issued, and the customer is not embedded by attackers to intercept traffic organization.

Access to the service is organized into DNSBL. Checking the reputation of the certificate by submitting a request to the DNS-form “hesh.notary.icsi.berkeley.edu” where hash – SHA1-hash of the certificate validity is to be tested. In response will be returned to TXT-record with information about the validity of the certificate, and the time of the first and the last check (for example, “version = 1 first_seen = 15387 last_seen = 15646 times_seen = 260 validated = 1”). Certificate validation is organized with the activation of a project supported by the Mozilla repository for the root certificate.

Related inks:

http://notary.icsi.berkeley.edu/

http://blog.bro-ids.org/2012/11/using-icsi-certificate-notary.html

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s