Master Thesis TLS Security: Concept for Manipulation Protection of a Certificate Store

Student: Simon Weger

Supervisor: Peter Schartner

Transport Layer Security (TLS) uses a Public Key Infrastructure (PKI) to verify the authenticity of the communication partner. This infrastructure is based on a hierarchical construct of certification authorities, which certify the authenticity of the other user by means of certificates. An important component in the verification of certificates is the local certificate stores on the users’ systems. Through targeted manipulation of the certificate store, attackers can actively intervene in the authentication process and use these manipulations in various ways for further attacks. This thesis deals with the development of a concept for monitoring a non-manipulation-protected certificate store. Digital signatures are created from the contents of the memory (see figure), so that the memory contents prevailing at later points in time can be verified again and again. Modifications of the certificate store content are displayed to the users and they are offered various reaction options.