| Revista: | Computación y sistemas |
| Base de datos: | |
| Número de sistema: | 000560340 |
| ISSN: | 1405-5546 |
| Autors: | Rivera Zamarripa, Luis1 Rodríguez, Lil M2 León Chávez, Miguel Ángel3 Cruz Cortés, Nareli1 Rodríguez Henríquez, Francisco4 |
| Institucions: | 1Instituto Politécnico Nacional, Centro de Investigación en Computación, Ciudad de México. México 2Consejo Nacional de Ciencia y Tecnología, Instituto Nacional de Astrofísica Óptica y Electrónica, Tonantzintla, Puebla. México 3Benemérita Universidad Autónoma de Puebla, Puebla. México 4Instituto Politécnico Nacional, Centro de Investigación y de Estudios Avanzados, Ciudad de México. México |
| Any: | 2019 |
| Període: | Abr-Jun |
| Volum: | 23 |
| Número: | 2 |
| Paginació: | 477-490 |
| País: | México |
| Idioma: | Inglés |
| Tipo de documento: | Artículo |
| Resumen en inglés | In 2005 the Mexican National tributary system (SAT) started an ambitious public key infrastructure project with the aim of providing to each Mexican citizen a public/private key pair along with a digital certificate that was issued by SAT itself. As of March 2016, approximately a total of 17 million certificates have been issued. This e-government system permits Mexican citizens to exercise a series of digital on-line services such as: tax declaration, official receipt issuing/verification, contract signing, etc. In particular, all Mexican official invoices became digital by January 2016, effectively going paperless for this service. In this paper, we carefully analyze the Mexican PKI system showing that it has several weak points that can be attacked by malicious adversaries. We report experimental evidence showing that one can launch a simple dictionary attack on SAT's password-based authentication system. We also argue that due to the fact that the hash function SHA-1 has been recently completely broken, an attacker can produce the same signature for two different documents that will verify correctly when using any old FIEL certificate that has the RSA-1204/SHA-1 signature suite. |
| Disciplines | Ciencias de la computación |
| Paraules clau: | Análisis de sistemas |
| Keyword: | Information security, Mexican public key infrastructure system, Digital certificates, RSA, Systems analysis |
| Text complet: | Texto completo (Ver HTML) Texto completo (Ver PDF) |
