A Forward-Secure Digital Signature Scheme
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
A blueprint for introducing disruptive technology into the Internet
ACM SIGCOMM Computer Communication Review
Experience with an evolving overlay network testbed
ACM SIGCOMM Computer Communication Review
Democratizing content publication with coral
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
Tor: the second-generation onion router
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
ConfiDNS: leveraging scale and history to improve DNS security
WORLDS'06 Proceedings of the 3rd conference on USENIX Workshop on Real, Large Distributed Systems - Volume 3
The Emperor's New Security Indicators
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
You've been warned: an empirical study of the effectiveness of web browser phishing warnings
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Proceedings of the 5th international conference on Emerging networking experiments and technologies
DepenDNS: Dependable Mechanism against DNS Cache Poisoning
CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
Prophecy: using history for high-throughput fault tolerance
NSDI'10 Proceedings of the 7th USENIX conference on Networked systems design and implementation
Crying wolf: an empirical study of SSL warning effectiveness
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Collaborative, privacy-preserving data aggregation at scale
PETS'10 Proceedings of the 10th international conference on Privacy enhancing technologies
A centralized monitoring infrastructure for improving DNS security
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Integrity of the web content: the case of online advertising
CollSec'10 Proceedings of the 2010 international conference on Collaborative methods for security and privacy
C3: an experimental, extensible, reconfigurable platform for HTML-based applications
WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
ACT: audio conference tool over named data networking
Proceedings of the ACM SIGCOMM workshop on Information-centric networking
AmazonIA: when elasticity snaps back
Proceedings of the 18th ACM conference on Computer and communications security
Communications of the ACM
A new approach to securing audio conference tools
AINTEC '11 Proceedings of the 7th Asian Internet Engineering Conference
SignatureCheck: a protocol to detect man-in-the-middle attack in SSL
Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research
Towards a theory of trust in networks of humans and computers
SP'11 Proceedings of the 19th international conference on Security Protocols
Certified lies: detecting and defeating government interception attacks against SSL (short paper)
FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
Proceedings of the 2012 workshop on New security paradigms
Sweetening android lemon markets: measuring and combating malware in application marketplaces
Proceedings of the third ACM conference on Data and application security and privacy
Secure inspection of web transactions
International Journal of Internet Technology and Secured Transactions
Here's my cert, so trust me, maybe?: understanding TLS errors on the web
Proceedings of the 22nd international conference on World Wide Web
Accountable key infrastructure (AKI): a proposal for a public-key validation infrastructure
Proceedings of the 22nd international conference on World Wide Web
Global authentication in an untrustworthy world
HotOS'13 Proceedings of the 14th USENIX conference on Hot Topics in Operating Systems
Rethinking SSL development in an appified world
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Protecting sensitive web content from client-side vulnerabilities with CRYPTONS
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Secure smartphone-based registration and key deployment for vehicle-to-cloud communications
Proceedings of the 2013 ACM workshop on Security, privacy & dependability for cyber vehicles
No attack necessary: the surprising dynamics of SSL trust relationships
Proceedings of the 29th Annual Computer Security Applications Conference
Validating web content with senser
Proceedings of the 29th Annual Computer Security Applications Conference
Alice in warningland: a large-scale field study of browser security warning effectiveness
SEC'13 Proceedings of the 22nd USENIX conference on Security
Building web applications on top of encrypted data using Mylar
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
Hi-index | 0.02 |
The popularity of "Trust-on-first-use" (Tofu) authentication, used by SSH and HTTPS with self-signed certificates, demonstrates significant demand for host authentication that is low-cost and simple to deploy. While Tofu-based applications are a clear improvement over completely insecure protocols, they can leave users vulnerable to even simple network attacks. Our system, PERSPECTIVES, thwarts many of these attacks by using a collection of "notary" hosts that observes a server's public key via multiple network vantage points (detecting localized attacks) and keeps a record of the server's key over time (recognizing short-lived attacks). Clients can download these records on-demand and compare them against an unauthenticated key, detecting many common attacks. PERSPECTIVES explores a promising part of the host authentication design space: Trust-on-first-use applications gain significant attack robustness without sacrificing their ease-of-use. We also analyze the security provided by PERSPECTIVES and describe our experience building and deploying a publicly available implementation.