Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Chapter
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Chapter
}
TY - CHAP
T1 - Off-Path Attacks Against PKI
AU - Dai, Tianxiang
AU - Shulman, Haya
AU - Waidner, Michael
PY - 2018/10/15
Y1 - 2018/10/15
N2 - The security of Internet-based applications fundamentally relies on the trustworthiness of Certificate Authorities (CAs). We practically demonstrate for the first time that even a very weak attacker, namely, an off-path attacker, can effectively subvert the trustworthiness of popular commercially used CAs. We demonstrate an attack against one popular CA which uses Domain Validation (DV) for authenticating domain ownership. The attack exploits DNS Cache Poisoning and tricks the CA into issuing fraudulent certificates for domains the attacker does not legitimately own -- namely certificates binding the attacker's public key to a victim domain.
AB - The security of Internet-based applications fundamentally relies on the trustworthiness of Certificate Authorities (CAs). We practically demonstrate for the first time that even a very weak attacker, namely, an off-path attacker, can effectively subvert the trustworthiness of popular commercially used CAs. We demonstrate an attack against one popular CA which uses Domain Validation (DV) for authenticating domain ownership. The attack exploits DNS Cache Poisoning and tricks the CA into issuing fraudulent certificates for domains the attacker does not legitimately own -- namely certificates binding the attacker's public key to a victim domain.
U2 - 10.1145/3243734.3278516
DO - 10.1145/3243734.3278516
M3 - Chapter
SP - 2213
EP - 2215
BT - CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security
PB - ACM
CY - New York
ER -