Paper 2016/126

Server Notaries: A Complementary Approach to the Web PKI Trust Model

Emre Yüce and Ali Aydın Selçuk

Abstract

SSL/TLS is the de facto protocol for providing secure communication over the Internet. It relies on the Web PKI model for authentication and secure key exchange. Despite its relatively successful past, the number of Web PKI incidents observed have increased recently. These incidents revealed the risks of forged certificates issued by certificate authorities without the consent of the domain owners. Several solutions have been proposed to solve this problem, but no solution has yet received widespread adaption due to complexity and deployability issues. In this paper, we propose a practical mechanism that enables servers to get their certificate views across the Internet, making detection of a certificate substitution attack possible. The origin of the certificate substitution attack can also be located by this mechanism. We have conducted simulation experiments and evaluated our proposal using publicly available, real-world BGP data. We have obtained promising results on the AS-level Internet topology.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Preprint. MINOR revision.
Keywords
Web PKISSLTLSman-in-the-middle attacknotary
Contact author(s)
emreyuce2003 @ gmail com
History
2016-02-14: received
Short URL
https://ia.cr/2016/126
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/126,
      author = {Emre Yüce and Ali Aydın Selçuk},
      title = {Server Notaries: A Complementary Approach to the Web PKI Trust Model},
      howpublished = {Cryptology ePrint Archive, Paper 2016/126},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/126}},
      url = {https://eprint.iacr.org/2016/126}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.