Abstract
Clients trust servers over the Internet due to their trust in digital signatures of certification authorities (CAs) which comprise the Internet’s trust infrastructure. Based on the recent DigiNotar attack and other attacks on CAs, we formulate here a very strong attack denoted “Certificate in The Middle” (CiTM) and propose a mitigation for this attack. The solution is embedded in a handshake protocol and makes it more robust: It adds to the usual aspect of “CA vouching” a client side vouching for the server “continuity of service,” thus, allowing clients and server to detect past and future breaches of the trust infrastructure. We had simplicity, flexibility, and scalability in mind, solving the problem within the context of the protocol (with the underlying goal of embedding the solution in the TLS layer) with minor field changes, minimal cryptographic additions, no interaction with other protocol layers, and no added trusted parties.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Arthur, C.: Rogue web certificate could have been used to attack iran dissidents (August 2011), http://www.guardian.co.uk/technology/2011/aug/30/faked-web-certificate-iran-dissidents
Dacosta, I., Ahamad, M., Traynor, P.: Trust no one else: Detecting MITM attacks against SSL/TLS without third-parties. In: Foresti, et al. (eds.) [9], pp. 199–216
Dierks, T., Allen, C.: The TLS protocol version 1.0. RFC-2246 (1999)
Dietz, M., Czeskis, A., Balfanz, D., Wallach, D.S.: Origin-bound certificates: a fresh approach to strong client authentication for the web. In: USENIX Security, Berkeley, CA, USA (2012)
Eckersley, P., Burns, J.: An observatory for the SSLiverse (2010), https://www.eff.org/files/DefconSSLiverse.pdf
EFF: The Sovereign Keys project, https://www.eff.org/sovereign-keys
EFF: The EFF SSL observastory (2010), https://www.eff.org/observatory
Eronen, P., Tschofenig, H.: Pre-shared key ciphersuites for transport layer security (TLS). RFC-4279 (2005)
Foresti, S., Yung, M., Martinelli, F. (eds.): ESORICS 2012. LNCS, vol. 7459. Springer, Heidelberg (2012)
Google: New chromium security features (June 2011), http://blog.chromium.org/2011/06/new-chromium-security-features-june.html
Holz, R., Riedmaier, T., Kammenhuber, N., Carle, G.: X.509 forensics: Detecting and localising the SSL/TLS men-in-the-middle. In: Foresti, et al. (eds.) [9], pp. 217–234
Janson, P., Tsudik, G., Yung, M.: Scalability and flexibility in authentication services: The kryptoknight approach. In: Annual Joint Conference of the IEEE Computer and Communications Societies (1997)
Laurie, B., Langley, A.: Certificate authority transparency and auditability (2011), http://www.links.org/files/CertificateAuthorityTransparencyandAuditability.pdf
Marlinspike, M., Perrin, T.: Trust assertions for certificate keys. draft-perrin-tls-tack-00.txt (2012)
Marlinspike, M.: Convergence, http://convergence.io
Osterweil, E., Kaliski, B., Larson, M., McPherson, D.: Reducing the X.509 attack surface with DNSSEC’s DANE. In: SATIN: Securing and Trusting Internet Names (March 2012)
Taylor, D., Wu, T., Mavrogiannopoulos, N., Perrin, T.: Using the secure remote password (SRP) protocol for TLS authentication. RFC-5054 (2007)
Wendlandt, D., Andersen, D.G., Perrig, A.: Perspectives: improving SSH-style host authentication with multi-path probing. In: Isaacs, R., Zhou, Y. (eds.) USENIX Annual Technical Conference, pp. 321–334. USENIX Association (2008)
Wikipedia: DigiNotar — Wikipedia, the free encyclopedia (2012), http://en.wikipedia.org/wiki/DigiNotar
Zetter, K.: Hack obtains 9 bogus certificates for prominent websites; traced to Iran (2011), http://www.wired.com/threatlevel/2011/03/comodo-compromise/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Berkman, O., Pinkas, B., Yung, M. (2012). Firm Grip Handshakes: A Tool for Bidirectional Vouching. In: Pieprzyk, J., Sadeghi, AR., Manulis, M. (eds) Cryptology and Network Security. CANS 2012. Lecture Notes in Computer Science, vol 7712. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35404-5_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-35404-5_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35403-8
Online ISBN: 978-3-642-35404-5
eBook Packages: Computer ScienceComputer Science (R0)