Braun, Johannes (2014)
Ubiquitous support of multi path probing: Preventing man in the middle attacks on Internet communication.
San Francisco, USA
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Digital certificates issued by certification authorities (CAs) which are part of the Web Public Key Infrastructure (Web PKI) are the indispensable basis for secure communication on the Internet. The certificates are used in TLS to authenticate web servers. However, as past incidents have shown, CA failures and the issuance of malicious certificates threatens the security of communication, as it allows for man in the middle attacks (MitM) and server impersonation. All known mitigations so far are only niche solutions having their own weaknesses and problems which prevented a wide deployment. Thus, additional methods must be natively supported by common web servers to mitigate the threats imposed by CA failures. We propose to integrate multi path probing of certificates as a fundamental mechanism into the web infrastructure. This enables the reconfirmation of certificates whenever their authenticity is in doubt. We describe how this can be realized with minor efforts and without infrastructural changes, while the overhead arising from these reconfirmations can be kept at a small rate.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2014 |
| Autor(en): | Braun, Johannes |
| Art des Eintrags: | Bibliographie |
| Titel: | Ubiquitous support of multi path probing: Preventing man in the middle attacks on Internet communication |
| Sprache: | Englisch |
| Publikationsjahr: | Oktober 2014 |
| Buchtitel: | IEEE Conference on Communications and Network Security (IEEE CNS 2014 Poster Session) |
| Veranstaltungsort: | San Francisco, USA |
| Kurzbeschreibung (Abstract): | Digital certificates issued by certification authorities (CAs) which are part of the Web Public Key Infrastructure (Web PKI) are the indispensable basis for secure communication on the Internet. The certificates are used in TLS to authenticate web servers. However, as past incidents have shown, CA failures and the issuance of malicious certificates threatens the security of communication, as it allows for man in the middle attacks (MitM) and server impersonation. All known mitigations so far are only niche solutions having their own weaknesses and problems which prevented a wide deployment. Thus, additional methods must be natively supported by common web servers to mitigate the threats imposed by CA failures. We propose to integrate multi path probing of certificates as a fundamental mechanism into the web infrastructure. This enables the reconfirmation of certificates whenever their authenticity is in doubt. We describe how this can be realized with minor efforts and without infrastructural changes, while the overhead arising from these reconfirmations can be kept at a small rate. |
| Freie Schlagworte: | Secure Data;Solutions;S6;Man in the middle attacks; multi path probing; Internet security; SSL; TLS; Web PKI |
| ID-Nummer: | TUD-CS-2014-0907 |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Theoretische Informatik - Kryptographie und Computeralgebra 20 Fachbereich Informatik > Theoretische Informatik - Kryptographie und Computeralgebra > Public-Key Infrastrukturen (PKI) DFG-Sonderforschungsbereiche (inkl. Transregio) DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche Profilbereiche Profilbereiche > Cybersicherheit (CYSEC) LOEWE LOEWE > LOEWE-Zentren LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1119: CROSSING – Kryptographiebasierte Sicherheitslösungen als Grundlage für Vertrauen in heutigen und zukünftigen IT-Systemen |
| Hinterlegungsdatum: | 04 Aug 2016 15:08 |
| Letzte Änderung: | 11 Dez 2019 12:52 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum