CROSSING Research Seminar: Off-Path Attacks Against PKI

30.01.2020 13:00-14:00

Speaker: Tianxiang Dai, CROSSING, TU Darmstadt | Location: Mornewegstraße 32 (S4|14), Room 5.3.01, Darmstadt

Organizer: CROSSING


Abstract

The security of Internet-based applications fundamentally relies on the trustworthiness of Certificate Authorities (CAs). We practically demonstrate for the first time that even a weak off-path attacker can effectively subvert the trustworthiness of popular commercially used CAs. Our attack targets CAs which use Domain Validation (DV) for authenticating domain ownership; collectively these CAs control 99% of the certificates market. The attack utilises DNS Cache poisoning and tricks the CA into issuing fraudulent certificates for domains the attacker does not legitimately own, namely certificates binding the attacker’s public key to a victim domain.

References:

[1] Brandt, Markus, Tianxiang Dai, Amit Klein, Haya Shulman, and Michael Waidner. „Domain validation++ for mitm-resilient pki.“ In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 2060-2076. 2018.

[2] Dai, Tianxiang, Haya Shulman, and Michael Waidner. „Off-Path Attacks Against PKI.“ In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 2213-2215. 2018.


Registration

We will have lunch (pizza) together after the research seminar talk. Please register here: https://doodle.com/poll/bugcpssvnwvrsdwy