Domain Validation++ for MitM-resilient PKI

Markus Brandt; Tianxiang Dai; Haya Shulman; Amit Klein; Michael Waidner

doi:10.1145/3243734.3243790

Domain Validation++ for MitM-resilient PKI

Markus Brandt
, Tianxiang Dai
, Haya Shulman
, Amit Klein
, Michael Waidner

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

63 Scopus citations

Abstract

The security of Internet-based applications fundamentally relies on the trustworthiness of Certificate Authorities (CAs). We practically demonstrate for the first time that even a weak off-path attacker can effectively subvert the trustworthiness of popular commercially used CAs. Our attack targets CAs which use Domain Validation (DV) for authenticating domain ownership; collectively these CAs control 99% of the certificates market. The attack utilises DNS Cache poisoning and tricks the CA into issuing fraudulent certificates for domains the attacker does not legitimately own – namely certificates binding the attacker’s public key to a victim domain. We discuss short and long term defences, but argue that they fall short of securing DV. To mitigate the threats we propose Domain Validation++ (DV++). DV++ replaces the need in cryptography through assumptions in distributed systems. While retaining the benefits of DV (automation, efficiency and low costs) DV++ is secure even against Man-in-the-Middle (MitM) attackers. Deployment of DV++ is simple and does not require changing the existing infrastructure nor systems of the CAs. We demonstrate security of DV++ under realistic assumptions and provide open source access to DV++ implementation.

Original language	English
Title of host publication	CCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security
Publisher	Association for Computing Machinery
Pages	2060-2076
Number of pages	17
ISBN (Electronic)	9781450356930
DOIs	https://doi.org/10.1145/3243734.3243790
State	Published - 15 Oct 2018
Externally published	Yes
Event	25th ACM Conference on Computer and Communications Security, CCS 2018 - Toronto, Canada Duration: 15 Oct 2018 → …

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)	1543-7221

Conference

Conference	25th ACM Conference on Computer and Communications Security, CCS 2018
Country/Territory	Canada
City	Toronto
Period	15/10/18 → …

Bibliographical note

Publisher Copyright:
© 2018 Association for Computing Machinery.

Keywords

CA attacks
Certificates
DNS cache poisoning
PKI security

Access to Document

10.1145/3243734.3243790

Cite this

Brandt, M., Dai, T., Shulman, H., Klein, A., & Waidner, M. (2018). Domain Validation++ for MitM-resilient PKI. In CCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (pp. 2060-2076). (Proceedings of the ACM Conference on Computer and Communications Security). Association for Computing Machinery. https://doi.org/10.1145/3243734.3243790

@inproceedings{86b0dcb2814540f79bc8136b091831c0,

title = "Domain Validation++ for MitM-resilient PKI",

abstract = "The security of Internet-based applications fundamentally relies on the trustworthiness of Certificate Authorities (CAs). We practically demonstrate for the first time that even a weak off-path attacker can effectively subvert the trustworthiness of popular commercially used CAs. Our attack targets CAs which use Domain Validation (DV) for authenticating domain ownership; collectively these CAs control 99\% of the certificates market. The attack utilises DNS Cache poisoning and tricks the CA into issuing fraudulent certificates for domains the attacker does not legitimately own – namely certificates binding the attacker{\textquoteright}s public key to a victim domain. We discuss short and long term defences, but argue that they fall short of securing DV. To mitigate the threats we propose Domain Validation++ (DV++). DV++ replaces the need in cryptography through assumptions in distributed systems. While retaining the benefits of DV (automation, efficiency and low costs) DV++ is secure even against Man-in-the-Middle (MitM) attackers. Deployment of DV++ is simple and does not require changing the existing infrastructure nor systems of the CAs. We demonstrate security of DV++ under realistic assumptions and provide open source access to DV++ implementation.",

keywords = "CA attacks, Certificates, DNS cache poisoning, PKI security",

author = "Markus Brandt and Tianxiang Dai and Haya Shulman and Amit Klein and Michael Waidner",

note = "Publisher Copyright: {\textcopyright} 2018 Association for Computing Machinery.; 25th ACM Conference on Computer and Communications Security, CCS 2018 ; Conference date: 15-10-2018",

year = "2018",

month = oct,

day = "15",

doi = "10.1145/3243734.3243790",

language = "אנגלית",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery",

pages = "2060--2076",

booktitle = "CCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security",

}

Brandt, M, Dai, T, Shulman, H, Klein, A & Waidner, M 2018, Domain Validation++ for MitM-resilient PKI. in CCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. Proceedings of the ACM Conference on Computer and Communications Security, Association for Computing Machinery, pp. 2060-2076, 25th ACM Conference on Computer and Communications Security, CCS 2018, Toronto, Canada, 15/10/18. https://doi.org/10.1145/3243734.3243790

Domain Validation++ for MitM-resilient PKI. / Brandt, Markus; Dai, Tianxiang; Shulman, Haya et al.
CCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 2018. p. 2060-2076 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Domain Validation++ for MitM-resilient PKI

AU - Brandt, Markus

AU - Dai, Tianxiang

AU - Shulman, Haya

AU - Klein, Amit

AU - Waidner, Michael

PY - 2018/10/15

Y1 - 2018/10/15

N2 - The security of Internet-based applications fundamentally relies on the trustworthiness of Certificate Authorities (CAs). We practically demonstrate for the first time that even a weak off-path attacker can effectively subvert the trustworthiness of popular commercially used CAs. Our attack targets CAs which use Domain Validation (DV) for authenticating domain ownership; collectively these CAs control 99% of the certificates market. The attack utilises DNS Cache poisoning and tricks the CA into issuing fraudulent certificates for domains the attacker does not legitimately own – namely certificates binding the attacker’s public key to a victim domain. We discuss short and long term defences, but argue that they fall short of securing DV. To mitigate the threats we propose Domain Validation++ (DV++). DV++ replaces the need in cryptography through assumptions in distributed systems. While retaining the benefits of DV (automation, efficiency and low costs) DV++ is secure even against Man-in-the-Middle (MitM) attackers. Deployment of DV++ is simple and does not require changing the existing infrastructure nor systems of the CAs. We demonstrate security of DV++ under realistic assumptions and provide open source access to DV++ implementation.

AB - The security of Internet-based applications fundamentally relies on the trustworthiness of Certificate Authorities (CAs). We practically demonstrate for the first time that even a weak off-path attacker can effectively subvert the trustworthiness of popular commercially used CAs. Our attack targets CAs which use Domain Validation (DV) for authenticating domain ownership; collectively these CAs control 99% of the certificates market. The attack utilises DNS Cache poisoning and tricks the CA into issuing fraudulent certificates for domains the attacker does not legitimately own – namely certificates binding the attacker’s public key to a victim domain. We discuss short and long term defences, but argue that they fall short of securing DV. To mitigate the threats we propose Domain Validation++ (DV++). DV++ replaces the need in cryptography through assumptions in distributed systems. While retaining the benefits of DV (automation, efficiency and low costs) DV++ is secure even against Man-in-the-Middle (MitM) attackers. Deployment of DV++ is simple and does not require changing the existing infrastructure nor systems of the CAs. We demonstrate security of DV++ under realistic assumptions and provide open source access to DV++ implementation.

KW - CA attacks

KW - Certificates

KW - DNS cache poisoning

KW - PKI security

UR - https://www.scopus.com/pages/publications/85056838141

U2 - 10.1145/3243734.3243790

DO - 10.1145/3243734.3243790

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:85056838141

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 2060

EP - 2076

BT - CCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery

T2 - 25th ACM Conference on Computer and Communications Security, CCS 2018

Y2 - 15 October 2018

ER -

Domain Validation++ for MitM-resilient PKI

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this