Firm grip handshakes: A tool for bidirectional vouching

Omer Berkman, Benny Pinkas, Moti Yung

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


Clients trust servers over the Internet due to their trust in digital signatures of certification authorities (CAs) which comprise the Internet's trust infrastructure. Based on the recent DigiNotar attack and other attacks on CAs, we formulate here a very strong attack denoted "Certificate in The Middle" (CiTM) and propose a mitigation for this attack. The solution is embedded in a handshake protocol and makes it more robust: It adds to the usual aspect of "CA vouching" a client side vouching for the server "continuity of service," thus, allowing clients and server to detect past and future breaches of the trust infrastructure. We had simplicity, flexibility, and scalability in mind, solving the problem within the context of the protocol (with the underlying goal of embedding the solution in the TLS layer) with minor field changes, minimal cryptographic additions, no interaction with other protocol layers, and no added trusted parties.

Original languageEnglish
Title of host publicationCryptology and Network Security - 11th International Conference, CANS 2012, Proceedings
Number of pages16
StatePublished - 2012
Event11th International Conference on Cryptology and Network Security, CANS 2012 - Darmstadt, Germany
Duration: 12 Dec 201214 Dec 2012

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7712 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference11th International Conference on Cryptology and Network Security, CANS 2012

Bibliographical note

Place of conference:Darmstadt, Germany


FundersFunder number
Seventh Framework Programme208173


    Dive into the research topics of 'Firm grip handshakes: A tool for bidirectional vouching'. Together they form a unique fingerprint.

    Cite this