TU Darmstadt / ULB / TUbiblio

Ubiquitous support of multi path probing: Preventing man in the middle attacks on Internet communication

Braun, Johannes (2014):
Ubiquitous support of multi path probing: Preventing man in the middle attacks on Internet communication.
In: IEEE Conference on Communications and Network Security (IEEE CNS 2014 Poster Session), San Francisco, USA, [Conference or Workshop Item]

Abstract

Digital certificates issued by certification authorities (CAs) which are part of the Web Public Key Infrastructure (Web PKI) are the indispensable basis for secure communication on the Internet. The certificates are used in TLS to authenticate web servers. However, as past incidents have shown, CA failures and the issuance of malicious certificates threatens the security of communication, as it allows for man in the middle attacks (MitM) and server impersonation. All known mitigations so far are only niche solutions having their own weaknesses and problems which prevented a wide deployment. Thus, additional methods must be natively supported by common web servers to mitigate the threats imposed by CA failures. We propose to integrate multi path probing of certificates as a fundamental mechanism into the web infrastructure. This enables the reconfirmation of certificates whenever their authenticity is in doubt. We describe how this can be realized with minor efforts and without infrastructural changes, while the overhead arising from these reconfirmations can be kept at a small rate.

Item Type: Conference or Workshop Item
Erschienen: 2014
Creators: Braun, Johannes
Title: Ubiquitous support of multi path probing: Preventing man in the middle attacks on Internet communication
Language: ["languages_typename_1" not defined]
Abstract:

Digital certificates issued by certification authorities (CAs) which are part of the Web Public Key Infrastructure (Web PKI) are the indispensable basis for secure communication on the Internet. The certificates are used in TLS to authenticate web servers. However, as past incidents have shown, CA failures and the issuance of malicious certificates threatens the security of communication, as it allows for man in the middle attacks (MitM) and server impersonation. All known mitigations so far are only niche solutions having their own weaknesses and problems which prevented a wide deployment. Thus, additional methods must be natively supported by common web servers to mitigate the threats imposed by CA failures. We propose to integrate multi path probing of certificates as a fundamental mechanism into the web infrastructure. This enables the reconfirmation of certificates whenever their authenticity is in doubt. We describe how this can be realized with minor efforts and without infrastructural changes, while the overhead arising from these reconfirmations can be kept at a small rate.

Title of Book: IEEE Conference on Communications and Network Security (IEEE CNS 2014 Poster Session)
Uncontrolled Keywords: Secure Data;Solutions;S6;Man in the middle attacks; multi path probing; Internet security; SSL; TLS; Web PKI
Divisions: 20 Department of Computer Science > Theoretical Computer Science - Cryptography and Computer Algebra
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres > CRC 1119: CROSSING – Cryptography-Based Security Solutions: Enabling Trust in New and Next Generation Computing Environments
20 Department of Computer Science > Theoretical Computer Science - Cryptography and Computer Algebra > Public-Key Infrastrukturen (PKI)
Profile Areas > Cybersecurity (CYSEC)
LOEWE > LOEWE-Zentren
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres
20 Department of Computer Science
Profile Areas
LOEWE
DFG-Collaborative Research Centres (incl. Transregio)
Event Location: San Francisco, USA
Date Deposited: 04 Aug 2016 15:08
Identification Number: TUD-CS-2014-0907
Export:

Optionen (nur für Redakteure)

View Item View Item