TU Darmstadt / ULB / TUbiblio

Ubiquitous support of multi path probing: Preventing man in the middle attacks on Internet communication

Braun, Johannes :
Ubiquitous support of multi path probing: Preventing man in the middle attacks on Internet communication.
IEEE Conference on Communications and Network Security (IEEE CNS 2014 Poster Session)
[ Konferenzveröffentlichung] , (2014)

Kurzbeschreibung (Abstract)

Digital certificates issued by certification authorities (CAs) which are part of the Web Public Key Infrastructure (Web PKI) are the indispensable basis for secure communication on the Internet. The certificates are used in TLS to authenticate web servers. However, as past incidents have shown, CA failures and the issuance of malicious certificates threatens the security of communication, as it allows for man in the middle attacks (MitM) and server impersonation. All known mitigations so far are only niche solutions having their own weaknesses and problems which prevented a wide deployment. Thus, additional methods must be natively supported by common web servers to mitigate the threats imposed by CA failures. We propose to integrate multi path probing of certificates as a fundamental mechanism into the web infrastructure. This enables the reconfirmation of certificates whenever their authenticity is in doubt. We describe how this can be realized with minor efforts and without infrastructural changes, while the overhead arising from these reconfirmations can be kept at a small rate.

Typ des Eintrags: Konferenzveröffentlichung ( nicht bekannt)
Erschienen: 2014
Autor(en): Braun, Johannes
Titel: Ubiquitous support of multi path probing: Preventing man in the middle attacks on Internet communication
Sprache: ["languages_typename_1" not defined]
Kurzbeschreibung (Abstract):

Digital certificates issued by certification authorities (CAs) which are part of the Web Public Key Infrastructure (Web PKI) are the indispensable basis for secure communication on the Internet. The certificates are used in TLS to authenticate web servers. However, as past incidents have shown, CA failures and the issuance of malicious certificates threatens the security of communication, as it allows for man in the middle attacks (MitM) and server impersonation. All known mitigations so far are only niche solutions having their own weaknesses and problems which prevented a wide deployment. Thus, additional methods must be natively supported by common web servers to mitigate the threats imposed by CA failures. We propose to integrate multi path probing of certificates as a fundamental mechanism into the web infrastructure. This enables the reconfirmation of certificates whenever their authenticity is in doubt. We describe how this can be realized with minor efforts and without infrastructural changes, while the overhead arising from these reconfirmations can be kept at a small rate.

Buchtitel: IEEE Conference on Communications and Network Security (IEEE CNS 2014 Poster Session)
Freie Schlagworte: Secure Data;Solutions;S6;Man in the middle attacks; multi path probing; Internet security; SSL; TLS; Web PKI
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik > Theoretische Informatik - Kryptographie und Computeralgebra
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1119: CROSSING – Kryptographiebasierte Sicherheitslösungen als Grundlage für Vertrauen in heutigen und zukünftigen IT-Systemen
20 Fachbereich Informatik > Theoretische Informatik - Kryptographie und Computeralgebra > Public-Key Infrastrukturen (PKI)
Profilbereiche > Cybersicherheit (CYSEC)
LOEWE > LOEWE-Zentren
DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche
20 Fachbereich Informatik
Profilbereiche
LOEWE
DFG-Sonderforschungsbereiche (inkl. Transregio)
Veranstaltungsort: San Francisco, USA
Hinterlegungsdatum: 04 Aug 2016 15:08
ID-Nummer: TUD-CS-2014-0907
Export:

Optionen (nur für Redakteure)

Eintrag anzeigen Eintrag anzeigen