2009 IEEE Symposium on Computers and Communications 2009
DOI: 10.1109/iscc.2009.5202224
|View full text |Cite
|
Sign up to set email alerts
|

DoubleCheck: Multi-path verification against man-in-the-middle attacks

Abstract: Abstract-Self-signed certificates for SSL and self-generated hosts keys for SSH are popular zero-cost, simple alternatives to public key infrastructure (PKI). They provide security against man-in-the-middle attacks, as long as the the client connecting to those services knows the certificates or host keys a priori. A simple solution used in practice is to trust the certificate or the host key when the client connects to a server for the first time. This approach is susceptible to man-in-the-middle attacks, a f… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
42
0
1

Year Published

2010
2010
2020
2020

Publication Types

Select...
4
3
2

Relationship

0
9

Authors

Journals

citations
Cited by 51 publications
(43 citation statements)
references
References 5 publications
0
42
0
1
Order By: Relevance
“…Certificate pinning addresses the problem of untrustworthy CAs, by restricting in the client browser parameters concerning the set of CAs that are considered entitled to certify the key for a given domain [14], [15]. Crowd-sourcing techniques have been proposed in order to detect untrustworthy CAs, by enabling a browser to obtain warnings if the certificates it is offered are out of line with those that other people are being offered [16], [17], [18], [19]. In another direction, certificate transparency [20] is an approach which aims to prevent certificate authorities from issuing public key certificates for a domain without being visible to the owner of the domain.…”
Section: Background and Motivationmentioning
confidence: 99%
See 1 more Smart Citation
“…Certificate pinning addresses the problem of untrustworthy CAs, by restricting in the client browser parameters concerning the set of CAs that are considered entitled to certify the key for a given domain [14], [15]. Crowd-sourcing techniques have been proposed in order to detect untrustworthy CAs, by enabling a browser to obtain warnings if the certificates it is offered are out of line with those that other people are being offered [16], [17], [18], [19]. In another direction, certificate transparency [20] is an approach which aims to prevent certificate authorities from issuing public key certificates for a domain without being visible to the owner of the domain.…”
Section: Background and Motivationmentioning
confidence: 99%
“…Proposals in this vein include the SSL Observatory [31]; Certificate Patrol [32]; Perspectives [33]; DoubleCheck [34]; CertLock [35]; Covergence [36]; and TACK (2012) [37]. There are also approaches based on using DNS, such as DANE [38]; and CAge (2013) [39].…”
Section: Other Approaches To Handling Certificates Securelymentioning
confidence: 99%
“…These privacy concerns are embraced by DoubleCheck [39], which suggests that whenever a client connects to a SSL web server it should retrieve its certificate additionally via the Tor network for comparison. An extension of this design is DetecTor [40], which suggests to retrieve each certificate over multiple Tor circuits using different exit nodes for increased trust.…”
Section: Relying On Notaries and Peersmentioning
confidence: 99%
“…Multi-path probing [2,10,13] has been suggested as a way to reduce reliance on CAs; however, it necessitates the availability and access to trusted notaries. Browser extensions have also been proposed to pin previously seen certificates or CAs to domains [6,9,12].…”
Section: Related Workmentioning
confidence: 99%