Abstract
Secure socket layer/transport layer security (TLS) is the de facto protocol for providing secure communications over the Internet. It relies on the web PKI model for authentication and secure key exchange. Despite its relatively successful past, the number of web PKI incidents observed have increased recently. These incidents revealed the risks of forged certificates issued by certificate authorities without the consent of the domain owners. Several solutions have been proposed to solve this problem but no solution has yet received widespread adoption due to complexity and deployability issues. In this study, the authors propose an effective solution for this problem that allows a TLS server to detect a certificate substitution attack against its domain across the Internet. The proposed solution is practical and allows a smooth and gradual transition. They also give a triangulation algorithm enabling the server to find out the origin of the attack. They conducted simulation experiments using real-world BGP data and showed that their proposal can be effective for detecting and locating attacks using relatively few vantage points over the Internet.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
