research-article

Domain Validation++ For MitM-Resilient PKI

Authors:

Michael WaidnerAuthors Info & Claims

CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

Pages 2060 - 2076

https://doi.org/10.1145/3243734.3243790

Published: 15 October 2018 Publication History

Abstract

The security of Internet-based applications fundamentally relies on the trustworthiness of Certificate Authorities (CAs). We practically demonstrate for the first time that even a weak off-path attacker can effectively subvert the trustworthiness of popular commercially used CAs. Our attack targets CAs which use Domain Validation (DV) for authenticating domain ownership; collectively these CAs control 99% of the certificates market. The attack utilises DNS Cache poisoning and tricks the CA into issuing fraudulent certificates for domains the attacker does not legitimately own -- namely certificates binding the attacker's public key to a victim domain. We discuss short and long term defences, but argue that they fall short of securing DV. To mitigate the threats we propose Domain Validation++ (DV++). DV++ replaces the need in cryptography through assumptions in distributed systems. While retaining the benefits of DV (automation, efficiency and low costs) DV++ is secure even against Man-in-the-Middle (MitM) attackers. Deployment of DV++ is simple and does not require changing the existing infrastructure nor systems of the CAs. We demonstrate security of DV++ under realistic assumptions and provide open source access to DV++ implementation.

References

[1]

Martin Abadi, Andrew Birrell, Ilya Mironov, Ted Wobber, and Yinglian Xie. 2013. Global Authentication in an Untrustworthy World. HotOS .

Digital Library

[2]

Nadhem J Al Fardan and Kenneth G Paterson. 2013. Lucky thirteen: Breaking the TLS and DTLS record protocols. In Security and Privacy (SP), 2013 IEEE Symposium on. IEEE, 526--540.

Digital Library

[3]

Bernhard Amann, Matthias Vallentin, Seth Hall, and Robin Sommer. 2012. Extracting certificates from live traffic: A near real-time SSL notary service. Technical Report TR-12-014 (2012).

[4]

Daniel Anderson. 2012. Splinternet Behind the Great Firewall of China. Queue, Vol. 10, 11 (2012), 40.

Digital Library

[5]

Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J Alex Halderman, Viktor Dukhovni, et almbox. 2016. DROWN: Breaking TLS Using SSLv2. In USENIX Security Symposium. 689--706.

Digital Library

[6]

Hitesh Ballani, Paul Francis, and Xinyang Zhang. 2007. A Study of Prefix Hijacking and Interception in the Internet. (2007), bibinfonumpages265--276 pages.

Digital Library

[7]

E. Barker and A. Roginsky. 2011. Transitions: Recommendation for transitioning the use of cryptographic algorithms and key lengths. NIST Special Publication. (2011).

Digital Library

[8]

David Basin, Cas Cremers, Tiffany Hyuni-jin, Adrian Perrig, Ralf Sasse, and Pawel Szalachowski. 2016. Design, Analysis, and Implementation of ARPKI: an Attack-Resilient Public-Key Infrastructure. IEEE Transactions on Dependable and Secure Computing (2016).

[9]

Henry Birge-Lee, Yixin Sun, Annie Edmundson, Jennifer Rexford, and Prateek Mittal. 2017. Using BGP to acquire bogus TLS certificates. HotPETS'17 (2017).

[10]

CAIDA. {n. d.}. Anonymized Internet Traces Dataset. ({n. d.}).

[11]

Vincent Cheval, Mark Ryan, and Jiangshan Yu. 2014. DTKI: a new formalized PKI with no trusted parties. arXiv preprint arXiv:1408.1023 (2014).

[12]

Taejoong Chung, Roland van Rijswijk-Deij, Balakrishnan Chandrasekaran, David Choffnes, Dave Levin, Bruce M Maggs, Alan Mislove, and Christo Wilson. 2017. A longitudinal, end-to-end view of the DNSSEC ecosystem. In USENIX Security .

Digital Library

[13]

Tianxiang Dai, Haya Shulman, and Michael Waidner. 2016. DNSSEC Misconfigurations in Popular Domains. In International Conference on Cryptology and Network Security. Springer, 651--660.

[14]

Deploy260. 2014. Email Hijacking. https://www.internetsociety.org/blog/2014/09/email-hijacking-new-research-shows-why-we-need-dnssec-now/. (2014).

[15]

Danny Dolev, Cynthia Dwork, Orli Waarts, and Moti Yung. 1993. Perfectly Secure Message Transmission. J. ACM, Vol. 40, 1 (Jan. 1993), 17--47.

Digital Library

[16]

Zakir Durumeric, Eric Wustrow, and J Alex Halderman. 2013. ZMap: Fast Internet-wide Scanning and Its Security Applications. In USENIX Security Symposium, Vol. 8. 47--53.

Digital Library

[17]

Peter Eckersley. 2011. Sovereign keys: A proposal to make https and email more secure. Electronic Frontier Foundation, Vol. 18 (2011).

[18]

P. Eckersley and J. Burns. 2010. An observatory for the SSLiverse. DEFCON'18. (2010).

[19]

Hongyu Gao, Vinod Yegneswaran, Yan Chen, Phillip Porras, Shalini Ghosh, Jian Jiang, and Haixin Duan. 2013. An empirical reexamination of global DNS behavior. Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM. ACM, 267--278.

Digital Library

[20]

Yossi Gilad and Amir Herzberg. 2013. Fragmentation Considered Vulnerable. ACM Transactions on Information and System Security (TISSEC), Vol. 15, 4 (April 2013), 16:1--16:31. A preliminary version appeared in WOOT 2011.

Digital Library

[21]

Phillipa Gill, Michael Schapira, and Sharon Goldberg. 2011. Let the market drive deployment: a strategy for transitioning to BGP security. In SIGCOMM, Srinivasan Keshav, Jörg Liebeherr, John W. Byers, and Jeffrey C. Mogul (Eds.). ACM, 14--25.

Digital Library

[22]

Phillipa Gill, Michael Schapira, and Sharon Goldberg. 2012. Modeling on quicksand: Dealing with the scarcity of ground truth in interdomain routing data. ACM SIGCOMM Computer Communication Review, Vol. 42, 1 (2012), 40--46.

Digital Library

[23]

Matthias Gohring, Haya Shulman, and Michael Waidner. 2018. Path MTU Discovery Considered Harmful. In 38th IEEE International Conference on Distributed Computing Systems, ICDCS 2018, Vienna, Austria, July 2--6, 2018. 866--874.

[24]

Shuai Hao, Yubao Zhang, Haining Wang, and Angelos Stavrou. 2018. End-Users Get Maneuvered: Empirical Analysis of Redirection Hijacking in Content Delivery Networks. In 27th USENIX Security Symposium (USENIX Security 18). USENIX Association.

Digital Library

[25]

Nadia Heninger, Zakir Durumeric, Eric Wustrow, and J Alex Halderman. 2012. Mining your Ps and Qs: Detection of widespread weak keys in network devices. In Presented as part of the 21st USENIX Security Symposium (USENIX Security 12). 205--220.

Digital Library

[26]

Amir Herzberg and Haya Shulman. 2012. Security of Patched DNS. In Computer Security - ESORICS 2012 - 17th European Symposium on Research in Computer Security, Pisa, Italy, September 10--12, 2012. Proceedings. 271--288.

[27]

Amir Herzberg and Haya Shulman. 2013. Fragmentation considered poisonous, or: One-domain-to-rule-them-all. org. In Communications and Network Security (CNS), 2013 IEEE Conference on. IEEE, 224--232.

[28]

Amir Herzberg and Haya Shulman. 2013. Socket Overloading for Fun and Cache Poisoning. ACM Annual Computer Security Applications Conference (ACM ACSAC), New Orleans, Louisiana, U.S., Charles N. Payne Jr. (Ed.).

Digital Library

[29]

Amir Herzberg and Haya Shulman. 2013. Vulnerable Delegation of DNS Resolution. In Computer Security - ESORICS 2013 - 18th European Symposium on Research in Computer Security, Egham, UK, September 9--13, 2013. Proceedings. 219--236.

[30]

Ralph Holz, Lothar Braun, Nils Kammenhuber, and Georg Carle. 2011. The SSL landscape: a thorough analysis of the x. 509 PKI using active and passive measurements. In Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference. ACM, 427--444.

Digital Library

[31]

Margaret Hu. 2015. Taxonomy of the Snowden Disclosures. Wash & Lee L. Rev., Vol. 72 (2015), 1679--1989.

[32]

Dan Kaminsky. 2008. It's the End of the Cache As We Know It. In Black Hat conference. http://www.blackhat.com/presentations/bh-jp-08/bh-jp-08-Kaminsky/BlackHat-Japan-08-Kaminsky-DNS08-BlackOps.pdf.

[33]

Kernel.org. 2011. Linux Kernel Documentation. http://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt. (2011).

[34]

Tiffany Hyun-Jin Kim, Lin-Shung Huang, Adrian Perring, Collin Jackson, and Virgil Gligor. 2013. Accountable key infrastructure (AKI): a proposal for a public-key validation infrastructure. In Proceedings of the 22nd international conference on World Wide Web. ACM, 679--690.

Digital Library

[35]

Amit Klein, Haya Shulman, and Michael Waidner. 2017. Counting in the Dark: Caches Discovery and Enumeration in the Internet. In The 47th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) .

[36]

Amit Klein, Haya Shulman, and Michael Waidner. 2017. Internet-Wide Study of DNS Cache Injections. In INFOCOM .

[37]

Jeffrey Knockel and Jedidiah R Crandall. 2014. Counting Packets Sent Between Arbitrary Internet Hosts. In FOCI .

[38]

Ben Laurie, Adam Langley, and Emilia Kasper. 2013. Certificate transparency. Technical Report.

[39]

Kyle Schomp, Tom Callahan, Michael Rabinovich, and Mark Allman. 2013. On measuring the client-side DNS infrastructure. Proceedings of the 2013 conference on Internet measurement conference. ACM, 77--90.

Digital Library

[40]

Sharon Goldberg. 2018. The myetherwallet.com hijack and why it's risky to hold cryptocurrency in a webapp. https://medium.com/@goldbe/the-myetherwallet-com-hijack-and-why-its-risky-to-hold-cryptocurrency-in-a-webapp-261131fad278. (2018).

[41]

Haya Shulman and Michael Waidner. 2014. Fragmentation Considered Leaking: Port Inference for DNS Poisoning. In Applied Cryptography and Network Security (ACNS), Lausanne, Switzerland. Springer.

[42]

Haya Shulman and Michael Waidner. 2015. Towards Security of Internet Naming Infrastructure. In European Symposium on Research in Computer Security. Springer, 3--22.

Digital Library

[43]

Haya Shulman and Michael Waidner. 2017. One Key to Sign Them All Considered Vulnerable: Evaluation of DNSSEC in the Internet. In NSDI. 131--144.

Digital Library

[44]

Sooel Son and Vitaly Shmatikov. 2010. The hitchhiker's guide to DNS cache poisoning. Security and Privacy in Communication Networks. Springer, 466--483.

[45]

Pawel Szalachowski, Stephanos Matsumoto, and Adrian Perrig. 2014. PoliCert: Secure and flexible TLS certificate management. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 406--417.

Digital Library

[46]

Dan Wendlandt, David G Andersen, and Adrian Perrig. 2008. Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing. In USENIX Annual Technical Conference, Vol. 8. 321--334.

Digital Library

[47]

Hao Yang, Eric Osterweil, Dan Massey, Songwu Lu, and Lixia Zhang. 2011. Deploying cryptography in Internet-scale systems: A case study on DNSSEC. Dependable and Secure Computing, IEEE Transactions on, Vol. 8, 5 (2011), 656--669.

Digital Library

Cited By

Frieß JSchulmann HWaidner M(2024)Crowdsourced Distributed Domain ValidationProceedings of the 23rd ACM Workshop on Hot Topics in Networks10.1145/3696348.3696869(318-325)Online publication date: 18-Nov-2024
https://dl.acm.org/doi/10.1145/3696348.3696869
Heftrig EShulman HWaidner MCalandrino JTroncoso C(2023)Downgrading DNSSECProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620653(7429-7444)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620653
Hilton ADeccio CDavis JCalandrino JTroncoso C(2023)Fourteen years in the lifeProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620415(3171-3186)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620415
Show More Cited By

Index Terms

Domain Validation++ For MitM-Resilient PKI
1. Security and privacy

Recommendations

Let's Downgrade Let's Encrypt
CCS '21: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security

Following the recent off-path attacks against PKI, Let's Encrypt deployed in 2020 domain validation from multiple vantage points to ensure security even against the stronger on-path MitM adversaries. The idea behind such distributed domain validation is ...
From IP to transport and beyond: cross-layer attacks against applications
SIGCOMM '21: Proceedings of the 2021 ACM SIGCOMM 2021 Conference

We perform the first analysis of methodologies for launching DNS cache poisoning: manipulation at the IP layer, hijack of the inter-domain routing and probing open ports via side channels. We evaluate these methodologies against DNS resolvers in the ...
Off-Path Attacks Against PKI
CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

The security of Internet-based applications fundamentally relies on the trustworthiness of Certificate Authorities (CAs). We practically demonstrate for the first time that even a very weak attacker, namely, an off-path attacker, can effectively subvert ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

October 2018

2359 pages

ISBN:9781450356930

DOI:10.1145/3243734

General Chairs:
David Lie
University of Toronto
,
Mohammad Mannan
Concordia University
,
Program Chairs:
Michael Backes
CISPA Helmholtz Center i.G.
,
XiaoFeng Wang
Indiana University

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 October 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

CRISP
CROSSING

Conference

CCS '18

Sponsor:

SIGSAC

CCS '18: 2018 ACM SIGSAC Conference on Computer and Communications Security

October 15 - 19, 2018

Toronto, Canada

Acceptance Rates

CCS '18 Paper Acceptance Rate 134 of 809 submissions, 17%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

37
Total Citations
View Citations
1,014
Total Downloads

Downloads (Last 12 months)81
Downloads (Last 6 weeks)3

Reflects downloads up to 25 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Frieß JSchulmann HWaidner M(2024)Crowdsourced Distributed Domain ValidationProceedings of the 23rd ACM Workshop on Hot Topics in Networks10.1145/3696348.3696869(318-325)Online publication date: 18-Nov-2024
https://dl.acm.org/doi/10.1145/3696348.3696869
Heftrig EShulman HWaidner MCalandrino JTroncoso C(2023)Downgrading DNSSECProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620653(7429-7444)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620653
Hilton ADeccio CDavis JCalandrino JTroncoso C(2023)Fourteen years in the lifeProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620415(3171-3186)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620415
Friess JSchulmann HWaidner M(2023)Revocation Speedrun: How the WebPKI Copes with Fraudulent CertificatesProceedings of the ACM on Networking10.1145/36291481:CoNEXT3(1-20)Online publication date: 28-Nov-2023
https://dl.acm.org/doi/10.1145/3629148
Feng XLi QSun KYang YXu K(2023)Man-in-the-Middle Attacks without Rogue AP: When WPAs Meet ICMP Redirects2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179441(3162-3177)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179441
Khan SLuo FZhang ZUllah FAmin FQadri SHeyat MRuby RWang LUllah SLi MLeung VWu K(2023)A Survey on X.509 Public-Key Infrastructure, Certificate Revocation, and Their Modern Implementation on Blockchain and Ledger TechnologiesIEEE Communications Surveys & Tutorials10.1109/COMST.2023.332364025:4(2529-2568)Online publication date: Dec-2024
https://doi.org/10.1109/COMST.2023.3323640
Heftrig EShulman HWaidner MYin HStavrou ACremers CShi E(2022)PosterProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security10.1145/3548606.3563517(3363-3365)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3548606.3563517
Kosek MDoan THuber SBajpai V(2022)Measuring DNS over TCP in the era of increasing DNS response sizesACM SIGCOMM Computer Communication Review10.1145/3544912.354491852:2(44-55)Online publication date: 20-Jun-2022
https://dl.acm.org/doi/10.1145/3544912.3544918
Kosek MDoan TGranderath MBajpai V(2022)One to Rule Them All? A First Look at DNS over QUICPassive and Active Measurement10.1007/978-3-030-98785-5_24(537-551)Online publication date: 22-Mar-2022
https://doi.org/10.1007/978-3-030-98785-5_24
Dai TShulman H(2021)SMap: Internet-wide Scanning for SpoofingProceedings of the 37th Annual Computer Security Applications Conference10.1145/3485832.3485917(1039-1050)Online publication date: 6-Dec-2021
https://dl.acm.org/doi/10.1145/3485832.3485917
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten