TU Darmstadt / ULB / TUbiblio

Ubiquitous support of multi path probing: Preventing man in the middle attacks on Internet communication

Braun, Johannes (2014)
Ubiquitous support of multi path probing: Preventing man in the middle attacks on Internet communication.
San Francisco, USA
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

Digital certificates issued by certification authorities (CAs) which are part of the Web Public Key Infrastructure (Web PKI) are the indispensable basis for secure communication on the Internet. The certificates are used in TLS to authenticate web servers. However, as past incidents have shown, CA failures and the issuance of malicious certificates threatens the security of communication, as it allows for man in the middle attacks (MitM) and server impersonation. All known mitigations so far are only niche solutions having their own weaknesses and problems which prevented a wide deployment. Thus, additional methods must be natively supported by common web servers to mitigate the threats imposed by CA failures. We propose to integrate multi path probing of certificates as a fundamental mechanism into the web infrastructure. This enables the reconfirmation of certificates whenever their authenticity is in doubt. We describe how this can be realized with minor efforts and without infrastructural changes, while the overhead arising from these reconfirmations can be kept at a small rate.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2014
Autor(en): Braun, Johannes
Art des Eintrags: Bibliographie
Titel: Ubiquitous support of multi path probing: Preventing man in the middle attacks on Internet communication
Sprache: Englisch
Publikationsjahr: Oktober 2014
Buchtitel: IEEE Conference on Communications and Network Security (IEEE CNS 2014 Poster Session)
Veranstaltungsort: San Francisco, USA
Kurzbeschreibung (Abstract):

Digital certificates issued by certification authorities (CAs) which are part of the Web Public Key Infrastructure (Web PKI) are the indispensable basis for secure communication on the Internet. The certificates are used in TLS to authenticate web servers. However, as past incidents have shown, CA failures and the issuance of malicious certificates threatens the security of communication, as it allows for man in the middle attacks (MitM) and server impersonation. All known mitigations so far are only niche solutions having their own weaknesses and problems which prevented a wide deployment. Thus, additional methods must be natively supported by common web servers to mitigate the threats imposed by CA failures. We propose to integrate multi path probing of certificates as a fundamental mechanism into the web infrastructure. This enables the reconfirmation of certificates whenever their authenticity is in doubt. We describe how this can be realized with minor efforts and without infrastructural changes, while the overhead arising from these reconfirmations can be kept at a small rate.

Freie Schlagworte: Secure Data;Solutions;S6;Man in the middle attacks; multi path probing; Internet security; SSL; TLS; Web PKI
ID-Nummer: TUD-CS-2014-0907
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Theoretische Informatik - Kryptographie und Computeralgebra
20 Fachbereich Informatik > Theoretische Informatik - Kryptographie und Computeralgebra > Public-Key Infrastrukturen (PKI)
DFG-Sonderforschungsbereiche (inkl. Transregio)
DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche
Profilbereiche
Profilbereiche > Cybersicherheit (CYSEC)
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1119: CROSSING – Kryptographiebasierte Sicherheitslösungen als Grundlage für Vertrauen in heutigen und zukünftigen IT-Systemen
Hinterlegungsdatum: 04 Aug 2016 15:08
Letzte Änderung: 11 Dez 2019 12:52
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen