Domain Validation++ for MitM-resilient PKI

Markus Brandt; Tianxiang Dai; Haya Shulman; Amit Klein; Michael Waidner

doi:10.1145/3243734.3243790

Domain Validation++ for MitM-resilient PKI

Markus Brandt
, Tianxiang Dai
, Haya Shulman
, Amit Klein
, Michael Waidner

Technische Universität Darmstadt

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

64 Scopus citations

Abstract

The security of Internet-based applications fundamentally relies on the trustworthiness of Certificate Authorities (CAs). We practically demonstrate for the first time that even a weak off-path attacker can effectively subvert the trustworthiness of popular commercially used CAs. Our attack targets CAs which use Domain Validation (DV) for authenticating domain ownership; collectively these CAs control 99% of the certificates market. The attack utilises DNS Cache poisoning and tricks the CA into issuing fraudulent certificates for domains the attacker does not legitimately own – namely certificates binding the attacker’s public key to a victim domain. We discuss short and long term defences, but argue that they fall short of securing DV. To mitigate the threats we propose Domain Validation++ (DV++). DV++ replaces the need in cryptography through assumptions in distributed systems. While retaining the benefits of DV (automation, efficiency and low costs) DV++ is secure even against Man-in-the-Middle (MitM) attackers. Deployment of DV++ is simple and does not require changing the existing infrastructure nor systems of the CAs. We demonstrate security of DV++ under realistic assumptions and provide open source access to DV++ implementation.

Original language	English
Title of host publication	CCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security
Publisher	Association for Computing Machinery
Pages	2060-2076
Number of pages	17
ISBN (Electronic)	9781450356930
DOIs	https://doi.org/10.1145/3243734.3243790
State	Published - 15 Oct 2018
Externally published	Yes
Event	25th ACM Conference on Computer and Communications Security, CCS 2018 - Toronto, Canada Duration: 15 Oct 2018 → …

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)	1543-7221

Conference

Conference	25th ACM Conference on Computer and Communications Security, CCS 2018
Country/Territory	Canada
City	Toronto
Period	15/10/18 → …

Bibliographical note

Publisher Copyright:
© 2018 Association for Computing Machinery.

Funding

The research reported in this paper was supported in part by the German Federal Ministry of Education and Research (BMBF), by the Hessian Ministry of Science and the Arts within CRISP (www.crisp-da.de/) and co-funded by the DFG as part of project S3 within the CRC 1119 CROSSING.

Funders
Hessian Ministry of Science and the Arts
Deutsche Forschungsgemeinschaft
Bundesministerium für Bildung und Forschung

Keywords

CA attacks
Certificates
DNS cache poisoning
PKI security

Access to Document

10.1145/3243734.3243790

Cite this

Brandt, M., Dai, T., Shulman, H., Klein, A., & Waidner, M. (2018). Domain Validation++ for MitM-resilient PKI. In CCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (pp. 2060-2076). (Proceedings of the ACM Conference on Computer and Communications Security). Association for Computing Machinery. https://doi.org/10.1145/3243734.3243790

@inproceedings{eb36cbb98b8b4b738d77df63713af707,

title = "Domain Validation++ for MitM-resilient PKI",

abstract = "The security of Internet-based applications fundamentally relies on the trustworthiness of Certificate Authorities (CAs). We practically demonstrate for the first time that even a weak off-path attacker can effectively subvert the trustworthiness of popular commercially used CAs. Our attack targets CAs which use Domain Validation (DV) for authenticating domain ownership; collectively these CAs control 99\% of the certificates market. The attack utilises DNS Cache poisoning and tricks the CA into issuing fraudulent certificates for domains the attacker does not legitimately own – namely certificates binding the attacker{\textquoteright}s public key to a victim domain. We discuss short and long term defences, but argue that they fall short of securing DV. To mitigate the threats we propose Domain Validation++ (DV++). DV++ replaces the need in cryptography through assumptions in distributed systems. While retaining the benefits of DV (automation, efficiency and low costs) DV++ is secure even against Man-in-the-Middle (MitM) attackers. Deployment of DV++ is simple and does not require changing the existing infrastructure nor systems of the CAs. We demonstrate security of DV++ under realistic assumptions and provide open source access to DV++ implementation.",

keywords = "CA attacks, Certificates, DNS cache poisoning, PKI security",

author = "Markus Brandt and Tianxiang Dai and Haya Shulman and Amit Klein and Michael Waidner",

note = "Publisher Copyright: {\textcopyright} 2018 Association for Computing Machinery.; 25th ACM Conference on Computer and Communications Security, CCS 2018 ; Conference date: 15-10-2018",

year = "2018",

month = oct,

day = "15",

doi = "10.1145/3243734.3243790",

language = "אנגלית",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery",

pages = "2060--2076",

booktitle = "CCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security",

}

Brandt, M, Dai, T, Shulman, H, Klein, A & Waidner, M 2018, Domain Validation++ for MitM-resilient PKI. in CCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. Proceedings of the ACM Conference on Computer and Communications Security, Association for Computing Machinery, pp. 2060-2076, 25th ACM Conference on Computer and Communications Security, CCS 2018, Toronto, Canada, 15/10/18. https://doi.org/10.1145/3243734.3243790

Domain Validation++ for MitM-resilient PKI. / Brandt, Markus; Dai, Tianxiang; Shulman, Haya et al.
CCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 2018. p. 2060-2076 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Domain Validation++ for MitM-resilient PKI

AU - Brandt, Markus

AU - Dai, Tianxiang

AU - Shulman, Haya

AU - Klein, Amit

AU - Waidner, Michael

PY - 2018/10/15

Y1 - 2018/10/15

N2 - The security of Internet-based applications fundamentally relies on the trustworthiness of Certificate Authorities (CAs). We practically demonstrate for the first time that even a weak off-path attacker can effectively subvert the trustworthiness of popular commercially used CAs. Our attack targets CAs which use Domain Validation (DV) for authenticating domain ownership; collectively these CAs control 99% of the certificates market. The attack utilises DNS Cache poisoning and tricks the CA into issuing fraudulent certificates for domains the attacker does not legitimately own – namely certificates binding the attacker’s public key to a victim domain. We discuss short and long term defences, but argue that they fall short of securing DV. To mitigate the threats we propose Domain Validation++ (DV++). DV++ replaces the need in cryptography through assumptions in distributed systems. While retaining the benefits of DV (automation, efficiency and low costs) DV++ is secure even against Man-in-the-Middle (MitM) attackers. Deployment of DV++ is simple and does not require changing the existing infrastructure nor systems of the CAs. We demonstrate security of DV++ under realistic assumptions and provide open source access to DV++ implementation.

AB - The security of Internet-based applications fundamentally relies on the trustworthiness of Certificate Authorities (CAs). We practically demonstrate for the first time that even a weak off-path attacker can effectively subvert the trustworthiness of popular commercially used CAs. Our attack targets CAs which use Domain Validation (DV) for authenticating domain ownership; collectively these CAs control 99% of the certificates market. The attack utilises DNS Cache poisoning and tricks the CA into issuing fraudulent certificates for domains the attacker does not legitimately own – namely certificates binding the attacker’s public key to a victim domain. We discuss short and long term defences, but argue that they fall short of securing DV. To mitigate the threats we propose Domain Validation++ (DV++). DV++ replaces the need in cryptography through assumptions in distributed systems. While retaining the benefits of DV (automation, efficiency and low costs) DV++ is secure even against Man-in-the-Middle (MitM) attackers. Deployment of DV++ is simple and does not require changing the existing infrastructure nor systems of the CAs. We demonstrate security of DV++ under realistic assumptions and provide open source access to DV++ implementation.

KW - CA attacks

KW - Certificates

KW - DNS cache poisoning

KW - PKI security

UR - https://www.scopus.com/pages/publications/85056838141

U2 - 10.1145/3243734.3243790

DO - 10.1145/3243734.3243790

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:85056838141

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 2060

EP - 2076

BT - CCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery

T2 - 25th ACM Conference on Computer and Communications Security, CCS 2018

Y2 - 15 October 2018

ER -

Domain Validation++ for MitM-resilient PKI

Abstract

Publication series

Conference

Bibliographical note

Funding

Keywords

Access to Document

Other files and links

Fingerprint

Cite this