Trust No One Else: Detecting MITM Attacks against SSL/TLS without Third-Parties

  • Italo Dacosta
  • Mustaque Ahamad
  • Patrick Traynor
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7459)

Abstract

The security guarantees provided by SSL/TLS depend on the correct authentication of servers through certificates signed by a trusted authority. However, as recent incidents have demonstrated, trust in these authorities is not well placed. Increasingly, certificate authorities (by coercion or compromise) have been creating forged certificates for a range of adversaries, allowing seemingly secure communications to be intercepted via man-in-the-middle (MITM) attacks. A variety of solutions have been proposed, but their complexity and deployment costs have hindered their adoption. In this paper, we propose Direct Validation of Certificates (DVCert), a novel protocol that, instead of relying on third-parties for certificate validation, allows domains to directly and securely vouch for their certificates using previously established user authentication credentials. By relying on a robust cryptographic construction, this relatively simple means of enhancing server identity validation is not only efficient and comparatively easy to deploy, but it also solves other limitations of third-party solutions. Our extensive experimental analysis in both desktop and mobile platforms shows that DVCert transactions require little computation time on the server (e.g., less than 1 ms) and are unlikely to degrade server performance or user experience. In short, we provide a robust and practical mechanism to enhance server authentication and protect web applications from MITM attacks against SSL/TLS.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Certificate Patrol (2010), http://patrol.psyced.org/
  2. 2.
    Adams, C., Farrell, S.: RFC 2510 - Internet X.509 Public Key Infrastructure Certificate Management Protocols (1999), https://tools.ietf.org/html/rfc2510
  3. 3.
    Alicherry, M., Keromytis, A.D.: DoubleCheck: Multi-path Verification Against Man-in-the-Middle Attacks. In: Proceedings of the IEEE Symposium on Computers and Communications (2009)Google Scholar
  4. 4.
    Altman, J., Williams, N., Zhu, L.: RFC 5929 - Channel Bindings for TLS (2010), http://tools.ietf.org/html/rfc5929
  5. 5.
  6. 6.
    Blanchet, B.: ProVerif: Cryptographic Protocol Verifier in the Formal Model, http://www.proverif.ens.fr/
  7. 7.
    BlueKrypt: Cryptographic Key Length Recommendation (2012), http://www.keylength.com/
  8. 8.
    Boyko, V., MacKenzie, P.D., Patel, S.: Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  9. 9.
    Brusilovsky, A., Faynberg, I., Zeltsan, Z., Patel, S.: RFC 5683 - Password-Authenticated Key (PAK) Diffie-Hellman Exchange (2010), http://tools.ietf.org/html/rfc5683
  10. 10.
    Dierks, T., Rescorla, E.: RFC 5246 - The Transport Layer Security (TLS) Protocol Version 1.2 (2008), http://tools.ietf.org/html/rfc5246
  11. 11.
    Eckersley, P., Burns, J.: The (Decentralized) SSL Observatory. In: USENIX Security Symposium (2011) (Invited Talk)Google Scholar
  12. 12.
    Electronic Frontier Foundation (EFF): The Sovereign Keys Project (2011), https://www.eff.org/sovereign-keys
  13. 13.
    Ellison, C., Schneier, B.: Ten Risks of PKI: What You’re Not Being Told About Public Key Infrastructure. Computer Security Journal 16(1), 1–7 (2000)Google Scholar
  14. 14.
    Engert, K.: MECAI (2011), http://kuix.de/mecai/
  15. 15.
    Engler, J., Karlof, C., Shi, E., Song, D.: Is It Too Late for PAKE? In: Proceedings of the IEEE Web 2.0 Security and Privacy Workshop (2009)Google Scholar
  16. 16.
    Evans, C., Palmer, C.: Certificate Pinning Extension for HSTS (2011), http://www.ietf.org/mail-archive/web/websec/current/pdfnSTRd9kYcY.pdf
  17. 17.
    Freier, A., Karlton, P., Kocher, P.: RFC 6101 - The Secure Sockets Layer (SSL) Protocol Version 3.0 (2011), https://tools.ietf.org/html/rfc6101
  18. 18.
    Goodin, D.: Web Authentication Authority Suffers Security Breach (2011), http://www.theregister.co.uk/2011/06/21/startssl_security_breach/
  19. 19.
    Gutman, P.: PKI: It’s Not Dead, Just Resting. Computer 35(8), 41–49 (2002)CrossRefGoogle Scholar
  20. 20.
    Hoffman, P., Schlyter, J.: IETF Internet-Draft: Using Secure DNS to Associate Certificates with Domain Names For TLS (draft-ietf-dane-protocol-06) (2011), http://tools.ietf.org/html/draft-ietf-dane-protocol-06
  21. 21.
    International Telecommunication Union: ITU-T Recommendation X.1035: Password-Authenticated Key Exchange (PAK) Protocol (2007), http://www.itu.int/rec/T-REC-X.1035/en
  22. 22.
    Keizer, G.: Hackers May Have Stolen Over 200 SSL Certificates (2011), https://www.computerworld.com/s/article/9219663/Hackers_may_have_stolen_over_200_SSL_certificates
  23. 23.
  24. 24.
    Langley, A.: Revocation Doesn’t Work (2011), http://www.imperialviolet.org/2011/03/18/revocation.html
  25. 25.
    Laurie, B., Langley, A.: Certificate Authority Transparency and Auditability (2011), http://www.links.org/files/CertificateAuthorityTransparencyandAuditability.pdf
  26. 26.
    Leyden, J.: Inside ’Operation Black Tulip’: DigiNotar Hack Analysed (2011), http://www.theregister.co.uk/2011/09/06/diginotar_audit_damning_fail/
  27. 27.
    Leyden, J.: Trustwave Admits Crafting SSL Snooping Certificate (2012), http://www.theregister.co.uk/2012/02/09/tustwave_disavows_mitm_digital_cert/
  28. 28.
    MacKenzie, P.: The PAK suite: Protocols for Password-Authenticated Key Exchange. In: IEEE P1363.2: Password-Based Public-Key Cryptography (2002)Google Scholar
  29. 29.
    MacKenzie, P.D., Patel, S.: Hard Bits of the Discrete Log with Applications to Password Authentication. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 209–226. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  30. 30.
    Marlinspike, M.: Convergence (2011), http://convergence.io/
  31. 31.
    Oiwa, Y., Takagi, H., Watanabe, H., Suzuki, H.: PAKE-based Mutual HTTP Authentication for Preventing Phishing Attacks (Poster). In: Proceedings of the International Conference on World Wide Web, WWW (2009)Google Scholar
  32. 32.
    Oppliger, R., Hauser, R., Basin, D.: SSL/TLS Session-Aware User Authentication. Computer 41(3), 59–65 (2008)CrossRefGoogle Scholar
  33. 33.
    Parno, B., Kuo, C., Perrig, A.: Phoolproof Phishing Prevention. In: Di Crescenzo, G., Rubin, A. (eds.) FC 2006. LNCS, vol. 4107, pp. 1–19. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  34. 34.
    Richmond, R.: An Attack Sheds Light on Internet Security Holes (2011), http://www.nytimes.com/2011/04/07/technology/07hack.html
  35. 35.
    Singel, R.: Law Enforcement Appliance Subverts SSL (2010), http://www.wired.com/threatlevel/2010/03/packet-forensics/
  36. 36.
    Soghoian, C., Stamm, S.: Certified Lies: Detecting and Defeating Government Interception Attacks against SSL (Short Paper). In: Danezis, G. (ed.) FC 2011. LNCS, vol. 7035, pp. 250–259. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  37. 37.
    Taylor, D., Wu, T., Mavrogiannopoulos, N., Perrin, T.: RFC 5054 - Using the Secure Remote Password (SRP) Protocol for TLS Authentication (2007), http://tools.ietf.org/html/rfc5054
  38. 38.
    Wendlandt, D., Andersen, D.G., Perrig, A.: Perspectives: Improving SSH-style Host Authentication with Multi-path Probing. In: Proceedings of the USENIX Annual Technical Conference, ATC (2008)Google Scholar
  39. 39.
    Williams, N.: RFC 5056 - On the Use of Channel Bindings to Secure Channels (2007), http://tools.ietf.org/html/rfc5056
  40. 40.
    Wu, T.: The Secure Remote Password Protocol. In: Proceedings of the Network and Distributed System Security Symposium (1998)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Italo Dacosta
    • 1
  • Mustaque Ahamad
    • 1
  • Patrick Traynor
    • 1
  1. 1.Converging Infrastructure Security (CISEC) Laboratory, Georgia Tech Information Security Center (GTISC)Georgia Institute of TechnologyUSA

Personalised recommendations