Advertisement

Trust No One Else: Detecting MITM Attacks against SSL/TLS without Third-Parties

  • Italo Dacosta
  • Mustaque Ahamad
  • Patrick Traynor
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7459)

Abstract

The security guarantees provided by SSL/TLS depend on the correct authentication of servers through certificates signed by a trusted authority. However, as recent incidents have demonstrated, trust in these authorities is not well placed. Increasingly, certificate authorities (by coercion or compromise) have been creating forged certificates for a range of adversaries, allowing seemingly secure communications to be intercepted via man-in-the-middle (MITM) attacks. A variety of solutions have been proposed, but their complexity and deployment costs have hindered their adoption. In this paper, we propose Direct Validation of Certificates (DVCert), a novel protocol that, instead of relying on third-parties for certificate validation, allows domains to directly and securely vouch for their certificates using previously established user authentication credentials. By relying on a robust cryptographic construction, this relatively simple means of enhancing server identity validation is not only efficient and comparatively easy to deploy, but it also solves other limitations of third-party solutions. Our extensive experimental analysis in both desktop and mobile platforms shows that DVCert transactions require little computation time on the server (e.g., less than 1 ms) and are unlikely to degrade server performance or user experience. In short, we provide a robust and practical mechanism to enhance server authentication and protect web applications from MITM attacks against SSL/TLS.

Keywords

Shared Secret Server Authentication Secure Socket Layer Transport Layer Security Identity Provider 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Certificate Patrol (2010), http://patrol.psyced.org/
  2. 2.
    Adams, C., Farrell, S.: RFC 2510 - Internet X.509 Public Key Infrastructure Certificate Management Protocols (1999), https://tools.ietf.org/html/rfc2510
  3. 3.
    Alicherry, M., Keromytis, A.D.: DoubleCheck: Multi-path Verification Against Man-in-the-Middle Attacks. In: Proceedings of the IEEE Symposium on Computers and Communications (2009)Google Scholar
  4. 4.
    Altman, J., Williams, N., Zhu, L.: RFC 5929 - Channel Bindings for TLS (2010), http://tools.ietf.org/html/rfc5929
  5. 5.
  6. 6.
    Blanchet, B.: ProVerif: Cryptographic Protocol Verifier in the Formal Model, http://www.proverif.ens.fr/
  7. 7.
    BlueKrypt: Cryptographic Key Length Recommendation (2012), http://www.keylength.com/
  8. 8.
    Boyko, V., MacKenzie, P.D., Patel, S.: Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  9. 9.
    Brusilovsky, A., Faynberg, I., Zeltsan, Z., Patel, S.: RFC 5683 - Password-Authenticated Key (PAK) Diffie-Hellman Exchange (2010), http://tools.ietf.org/html/rfc5683
  10. 10.
    Dierks, T., Rescorla, E.: RFC 5246 - The Transport Layer Security (TLS) Protocol Version 1.2 (2008), http://tools.ietf.org/html/rfc5246
  11. 11.
    Eckersley, P., Burns, J.: The (Decentralized) SSL Observatory. In: USENIX Security Symposium (2011) (Invited Talk)Google Scholar
  12. 12.
    Electronic Frontier Foundation (EFF): The Sovereign Keys Project (2011), https://www.eff.org/sovereign-keys
  13. 13.
    Ellison, C., Schneier, B.: Ten Risks of PKI: What You’re Not Being Told About Public Key Infrastructure. Computer Security Journal 16(1), 1–7 (2000)Google Scholar
  14. 14.
    Engert, K.: MECAI (2011), http://kuix.de/mecai/
  15. 15.
    Engler, J., Karlof, C., Shi, E., Song, D.: Is It Too Late for PAKE? In: Proceedings of the IEEE Web 2.0 Security and Privacy Workshop (2009)Google Scholar
  16. 16.
    Evans, C., Palmer, C.: Certificate Pinning Extension for HSTS (2011), http://www.ietf.org/mail-archive/web/websec/current/pdfnSTRd9kYcY.pdf
  17. 17.
    Freier, A., Karlton, P., Kocher, P.: RFC 6101 - The Secure Sockets Layer (SSL) Protocol Version 3.0 (2011), https://tools.ietf.org/html/rfc6101
  18. 18.
    Goodin, D.: Web Authentication Authority Suffers Security Breach (2011), http://www.theregister.co.uk/2011/06/21/startssl_security_breach/
  19. 19.
    Gutman, P.: PKI: It’s Not Dead, Just Resting. Computer 35(8), 41–49 (2002)CrossRefGoogle Scholar
  20. 20.
    Hoffman, P., Schlyter, J.: IETF Internet-Draft: Using Secure DNS to Associate Certificates with Domain Names For TLS (draft-ietf-dane-protocol-06) (2011), http://tools.ietf.org/html/draft-ietf-dane-protocol-06
  21. 21.
    International Telecommunication Union: ITU-T Recommendation X.1035: Password-Authenticated Key Exchange (PAK) Protocol (2007), http://www.itu.int/rec/T-REC-X.1035/en
  22. 22.
    Keizer, G.: Hackers May Have Stolen Over 200 SSL Certificates (2011), https://www.computerworld.com/s/article/9219663/Hackers_may_have_stolen_over_200_SSL_certificates
  23. 23.
  24. 24.
    Langley, A.: Revocation Doesn’t Work (2011), http://www.imperialviolet.org/2011/03/18/revocation.html
  25. 25.
    Laurie, B., Langley, A.: Certificate Authority Transparency and Auditability (2011), http://www.links.org/files/CertificateAuthorityTransparencyandAuditability.pdf
  26. 26.
    Leyden, J.: Inside ’Operation Black Tulip’: DigiNotar Hack Analysed (2011), http://www.theregister.co.uk/2011/09/06/diginotar_audit_damning_fail/
  27. 27.
    Leyden, J.: Trustwave Admits Crafting SSL Snooping Certificate (2012), http://www.theregister.co.uk/2012/02/09/tustwave_disavows_mitm_digital_cert/
  28. 28.
    MacKenzie, P.: The PAK suite: Protocols for Password-Authenticated Key Exchange. In: IEEE P1363.2: Password-Based Public-Key Cryptography (2002)Google Scholar
  29. 29.
    MacKenzie, P.D., Patel, S.: Hard Bits of the Discrete Log with Applications to Password Authentication. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 209–226. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  30. 30.
    Marlinspike, M.: Convergence (2011), http://convergence.io/
  31. 31.
    Oiwa, Y., Takagi, H., Watanabe, H., Suzuki, H.: PAKE-based Mutual HTTP Authentication for Preventing Phishing Attacks (Poster). In: Proceedings of the International Conference on World Wide Web, WWW (2009)Google Scholar
  32. 32.
    Oppliger, R., Hauser, R., Basin, D.: SSL/TLS Session-Aware User Authentication. Computer 41(3), 59–65 (2008)CrossRefGoogle Scholar
  33. 33.
    Parno, B., Kuo, C., Perrig, A.: Phoolproof Phishing Prevention. In: Di Crescenzo, G., Rubin, A. (eds.) FC 2006. LNCS, vol. 4107, pp. 1–19. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  34. 34.
    Richmond, R.: An Attack Sheds Light on Internet Security Holes (2011), http://www.nytimes.com/2011/04/07/technology/07hack.html
  35. 35.
    Singel, R.: Law Enforcement Appliance Subverts SSL (2010), http://www.wired.com/threatlevel/2010/03/packet-forensics/
  36. 36.
    Soghoian, C., Stamm, S.: Certified Lies: Detecting and Defeating Government Interception Attacks against SSL (Short Paper). In: Danezis, G. (ed.) FC 2011. LNCS, vol. 7035, pp. 250–259. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  37. 37.
    Taylor, D., Wu, T., Mavrogiannopoulos, N., Perrin, T.: RFC 5054 - Using the Secure Remote Password (SRP) Protocol for TLS Authentication (2007), http://tools.ietf.org/html/rfc5054
  38. 38.
    Wendlandt, D., Andersen, D.G., Perrig, A.: Perspectives: Improving SSH-style Host Authentication with Multi-path Probing. In: Proceedings of the USENIX Annual Technical Conference, ATC (2008)Google Scholar
  39. 39.
    Williams, N.: RFC 5056 - On the Use of Channel Bindings to Secure Channels (2007), http://tools.ietf.org/html/rfc5056
  40. 40.
    Wu, T.: The Secure Remote Password Protocol. In: Proceedings of the Network and Distributed System Security Symposium (1998)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Italo Dacosta
    • 1
  • Mustaque Ahamad
    • 1
  • Patrick Traynor
    • 1
  1. 1.Converging Infrastructure Security (CISEC) Laboratory, Georgia Tech Information Security Center (GTISC)Georgia Institute of TechnologyUSA

Personalised recommendations