Security requirements of certificate validation in web security

Abstract

As Internet has been used widely, the enterprise is participated in the web service business as Internet advertisement, home shopping, home banking, and so on. Web security threats as the immoral, the cyber-crime which threaten the electronic commerce are increased in the reversed side of the convenience of WWW. Therefore, it is necessary to establish and apply the countermeasure in electronic commerce activities. It is very important to manage the key safely in order to provide the security web services which are the confidentiality, the authentication, the repudiation and so on. It needs the convenient key management system to provide the proper security service to electronic commerce activities. PKI-based key management system which a certificate is applied in is used widely for HTTPS. We can find the vulnerabilities of certificate application in a lot of web security products. This paper studies the vulnerability cases of the certificate application which we have found frequently in the real environment or at web security products. And this paper proposes the security requirements of the certificate when it uses in practical application. These security requirements which are proposed by this paper can be useful in the area of the validation of a certificate when the PKI based key management system is established. These security requirements can be used as a development guideline of a web security product developer in the area of the validation of a certificate. Also, they can be used as an evaluation criteria of a web security products in the area of the validation of a certificate when an evaluator assessments the web security products. © 2011 Springer-Verlag.