A Proposed Scheme for Remedy of Man-In-The-Middle Attack on Certificate Authority

A Proposed Scheme for Remedy of Man-In-The-Middle Attack on Certificate Authority

Sarvesh Tanwar (Mody University of Science and Technology, Lakshmangarh, India) and Anil Kumar (Mody University of Science and Technology, Lakshmangarh, India)
Copyright: © 2017 |Pages: 14
DOI: 10.4018/IJISP.2017070101
OnDemand PDF Download:
List Price: $37.50
10% Discount:-$3.75


PKI offers authentication via digital certificates, which are signed and provided by Certificate Authority (CA). A certificate can be signed by single CA or multiple CAs. A document signed by multiple CAs has less probability to be forged as compared to signed by a single CA. CA is a single point of failure, if CA issue forged certificate intentionally or maliciously the whole PKI system effected. Still PKI ensures a secure method for exchanging sensitive information over unsecured channels through the use of cryptographic public private key pair, issued by Certification Authority (CA) but even an honest CA can issue forged certificate. Now in India everything is digitalized to enable e-Governance. For that a unique identity, aadhar number issued by Unique Identification Authority of India (UIDAI) is most widely used. For avoiding fraudulent certificates, strong authentication and attacks on CAs, the authors proposed an algorithm that use multiple signature on certificate based on aadhar number offered by UIDAI for online entity authentication-verification before issuing the certificate. If any of the CA is compromised whether its database or key will not be able to issue certificate to any server as authentication fails and multiple signatures are required. Proposed concept is more secure than the existing in terms of authentication, security and time.
Article Preview

1. Introduction

The Public Key Infrastructure (PKI) is a technology which enables clients to maintain level of trust by providing security services. A public key infrastructure (PKI) is the combination of software, hardware, key generation, encryption technologies, certificate generation processes, and services that enable an organization to secure its communications and business transactions (Toorani, Mohsen & Beheshti, 2008; Jachtoma, 2006). PKI enables secure communications and business transactions by the exchange of digital certificates between authenticated users and trusted resources (Ijaz, 2012; Vatra, 2010). When deploying data on Internet the most important security services required are authentication, confidentiality, message integrity and non-repudiation. To meet these requirements there is a technology called Public Key Infrastructure. When Alice wants to use Bob’s public key, she uses certificates issued by a CA. The CA signs the certificate with its private key and Alice verifies the signature using the public key of the CA. PKI can meet these security services with its techniques and standards.

PKI is an enabler of trust that provides,

  • Strong user identification

  • Confidential communication

  • Data integrity

  • Evidence for non-repudiation

Certificate Authority is a trusted authority that issues certificates with its private key and verifies digital entity’s identity on the Internet.

Negi (Negi and Arvind, 2015) proposed digital signature algorithm which is based on factoring the product of two large prime numbers and discrete logarithms problem. The limitation of this scheme is that it do not allow to store digital signature certificates.

Wang, Bai & Hu, 2015 has proposed an approach of multiple signatures where process of certification is to be performed unless it is found that any of the CA is compromised. Hence authentication mechanism is not secure as we have proposed.

In paper Approach towards Digital Signature for e-Governance in India (Jain, 2015) eSign are stored on HSM, where smart card can be lost.

We proposed an approach that not only having strong authentication but also better than the Wang’s concept, explained in section 4 under security analysis.

Our main objective is to provide strong authentication and reduce the time waste in issuance of fraudulent certificates. It also analyzed some of the attacks on CAs and tries to resolve them.

Wang has only described the fraudulent certificates and did not explain the attacks that can be done on certificate authorities. Proposed algorithm considers attack on CAs and is more secure as compared to Wang’s concept because of the following features:

  • Strong Authentication: Proposed approach fetched the information from the database and Unique Identification Authority of India Server(UIDAI) verifies the information. Certification process only starts after verification of identities, if a fake identity is used for certificate request, that is detected in the initial phase..

  • Prevents DoS Attack: The proposed approach used timestamp to avoid Dos attack. if timestamp expires, Server can ignore that request.

  • Avoid MITM Attack: As we have used Trusted Server who avoid and prevents fraud done by mediators. IJISP.2017070101.m01 get certificates from the RCA, RCA verifies IJISP.2017070101.m02 whenever request come from IJISP.2017070101.m03

Complete Article List

Search this Journal:
Volume 17: 1 Issue (2023): Forthcoming, Available for Pre-Order
Volume 16: 4 Issues (2022): 2 Released, 2 Forthcoming
Volume 15: 4 Issues (2021)
Volume 14: 4 Issues (2020)
Volume 13: 4 Issues (2019)
Volume 12: 4 Issues (2018)
Volume 11: 4 Issues (2017)
Volume 10: 4 Issues (2016)
Volume 9: 4 Issues (2015)
Volume 8: 4 Issues (2014)
Volume 7: 4 Issues (2013)
Volume 6: 4 Issues (2012)
Volume 5: 4 Issues (2011)
Volume 4: 4 Issues (2010)
Volume 3: 4 Issues (2009)
Volume 2: 4 Issues (2008)
Volume 1: 4 Issues (2007)
View Complete Journal Contents Listing