Autonomous collision attack on OCSP services
Ken Ivanov
TL;DR
This paper identifies critical security flaws in OCSP that enable attackers to forge certificate statuses and certificates, compromising PKI trust, and discusses potential countermeasures.
Contribution
It reveals two major design flaws in OCSP, detailing how they can be exploited and proposing countermeasures to enhance protocol security.
Findings
Flaws allow forging of signed certificate statuses
Attackers can generate forged certificates
Security of OCSP is significantly weakened
Abstract
The paper describes two important design flaws in Online Certificate Status Protocol (OCSP), a protocol widely used in PKI environments for managing digital certificates' credibility in real time. The flaws significantly reduce the security capabilities of the protocol, and can be exploited by a malicious third party to generate forged signed certificate statuses and, in the worst scenario, forged certificates. Description of the flaws, along with expected exploitation routes, consequences for consuming application layer protocols, and proposed countermeasures, is given.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsCryptographic Implementations and Security · Advanced Malware Detection Techniques · Security and Verification in Computing