COCA: A secure distributed online certification authority
ACM Transactions on Computer Systems (TOCS)
A secure address resolution protocol
Computer Networks: The International Journal of Computer and Telecommunications Networking
The Secure DHCP System with User Authentication
LCN '02 Proceedings of the 27th Annual IEEE Conference on Local Computer Networks
Towards an accurate AS-level traceroute tool
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
S-ARP: a Secure Address Resolution Protocol
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Hardening Web browsers against man-in-the-middle and eavesdropping attacks
WWW '05 Proceedings of the 14th international conference on World Wide Web
TARP: Ticket-based Address Resolution Protocol
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
AINAW '07 Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops - Volume 01
Scriptroute: a public internet measurement facility
USITS'03 Proceedings of the 4th conference on USENIX Symposium on Internet Technologies and Systems - Volume 4
ConfiDNS: leveraging scale and history to improve DNS security
WORLDS'06 Proceedings of the 3rd conference on USENIX Workshop on Real, Large Distributed Systems - Volume 3
Using Trust for Secure Collaboration in Uncertain Environments
IEEE Pervasive Computing
Exploiting proxy-based federated identity management in wireless roaming access
TrustBus'11 Proceedings of the 8th international conference on Trust, privacy and security in digital business
| Hi-index | 0.00 |
This paper presents a novel framework to substantiate self-signed certificates in the absence of a trusted certificate authority. In particular, we aim to address the problem of web-based SSL man-in-the-middle attacks. This problem originates from the fact that public keys are distributed through insecure channels prior to encryption. Therefore, a man-in-the-middle attacker may substitute an arbitrary public key during the exchange process and compromise communication between a client and server. Typically, web clients (browsers) recognize this potential security breach and display warning prompts, but often to no avail as users simply accept the certificate since they lack the understanding of Public Key Infrastructures (PKIs) and the meaning of these warnings. In order to enhance the security of public key exchanges, we have devised an automated system to leverage one or more vantage points of a certificate from hosts that have distinct pathways to a remote server. That is, we have a set of distributed servers simultaneously retrieve the server's public key. By comparing the keys received by peers, we can identify any deviations and verify that an attacker has not compromised the link between a client and server. This is attributable to the fact that an attacker would have to compromise all paths between these vantage points and the server. Therefore, our technique greatly reduces the likelihood of a successful attack, and removes the necessity for human interaction.