poster

Off-Path Attacks Against PKI

Authors:

Tianxiang Dai,

Haya Shulman,

Michael WaidnerAuthors Info & Claims

CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

Pages 2213 - 2215

https://doi.org/10.1145/3243734.3278516

Published: 15 October 2018 Publication History

Get Access

Abstract

The security of Internet-based applications fundamentally relies on the trustworthiness of Certificate Authorities (CAs). We practically demonstrate for the first time that even a very weak attacker, namely, an off-path attacker, can effectively subvert the trustworthiness of popular commercially used CAs. We demonstrate an attack against one popular CA which uses Domain Validation (DV) for authenticating domain ownership. The attack exploits DNS Cache Poisoning and tricks the CA into issuing fraudulent certificates for domains the attacker does not legitimately own -- namely certificates binding the attacker's public key to a victim domain.

References

[1]

Markus Brandt, Tianxiang Dai, Amit Klein, Haya Shulman, and MichaelWaidner. 2018. Domain Validation++ For MitM-Resilient PKI. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security.

Digital Library

Google Scholar

[2]

Taejoong Chung, Roland van Rijswijk-Deij, Balakrishnan Chandrasekaran, David Choffnes, Dave Levin, Bruce M Maggs, Alan Mislove, and Christo Wilson. 2017. A longitudinal, end-to-end view of the DNSSEC ecosystem. In USENIX Security.

Digital Library

Google Scholar

[3]

Tianxiang Dai, Haya Shulman, and Michael Waidner. 2016. DNSSEC Misconfigurations in Popular Domains. In International Conference on Cryptology and Network Security. Springer, 651--660.

Google Scholar

[4]

Zakir Durumeric, EricWustrow, and J Alex Halderman. 2013. ZMap: Fast Internetwide Scanning and Its Security Applications. In USENIX Security Symposium, Vol. 8. 47--53.

Digital Library

Google Scholar

[5]

P. Eckersley and J. Burns. 2010. An observatory for the SSLiverse. DEFCON'18. (2010).

Google Scholar

[6]

Amir Herzberg and Haya Shulman. 2012. Security of Patched DNS. In Computer Security - ESORICS 2012 - 17th European Symposium on Research in Computer Security, Pisa, Italy, September 10--12, 2012. Proceedings. 271--288.

Google Scholar

[7]

Amir Herzberg and Haya Shulman. 2013. Fragmentation considered poisonous, or: One-domain-to-rule-them-all. org. In Communications and Network Security (CNS), 2013 IEEE Conference on. IEEE, 224--232.

Crossref

Google Scholar

[8]

Amir Herzberg and Haya Shulman. 2013. Socket Overloading for Fun and Cache Poisoning. In ACM Annual Computer Security Applications Conference (ACM ACSAC), New Orleans, Louisiana, U.S., Charles N. Payne Jr. (Ed.).

Digital Library

Google Scholar

[9]

Amir Herzberg and Haya Shulman. 2013. Vulnerable Delegation of DNS Resolution. In Computer Security - ESORICS 2013 - 18th European Symposium on Research in Computer Security, Egham, UK, September 9--13, 2013. Proceedings. 219--236.

Google Scholar

[10]

Dan Kaminsky. 2008. It's the End of the Cache As We Know It. In Black Hat conference. http://www.blackhat.com/presentations/bh-jp-08/bh-jp-08-Kaminsky/ BlackHat-Japan-08-Kaminsky-DNS08-BlackOps.pdf.

Google Scholar

[11]

Amit Klein, Haya Shulman, and Michael Waidner. 2017. Counting in the Dark: Caches Discovery and Enumeration in the Internet. In The 47th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

Google Scholar

[12]

Amit Klein, Haya Shulman, and Michael Waidner. 2017. Internet-Wide Study of DNS Cache Injections. In INFOCOM.

Google Scholar

[13]

Haya Shulman and Michael Waidner. 2014. Fragmentation Considered Leaking: Port Inference for DNS Poisoning. In Applied Cryptography and Network Security (ACNS), Lausanne, Switzerland. Springer.

Google Scholar

[14]

Haya Shulman and MichaelWaidner. 2017. One Key to Sign Them All Considered Vulnerable: Evaluation of DNSSEC in the Internet. In NSDI. 131--144.

Digital Library

Google Scholar

Cited By

View all

Ahn BKim TAhmad SMazumder SJohnson JMantooth HFarnell C(2024)An Overview of Cyber-Resilient Smart Inverters Based on Practical Attack ModelsIEEE Transactions on Power Electronics10.1109/TPEL.2023.334284239:4(4657-4673)Online publication date: Apr-2024
https://doi.org/10.1109/TPEL.2023.3342842
Ahn BJenkins AMassa JSilva LKim TChoi S(2024)Disruption of Commercial Solar Inverter System by TLS Proxy Man-in-the-Middle Attack2024 IEEE 7th International Conference on Industrial Cyber-Physical Systems (ICPS)10.1109/ICPS59941.2024.10639997(1-6)Online publication date: 12-May-2024
https://doi.org/10.1109/ICPS59941.2024.10639997
Junaid KJanjua MQadir J(2024)A compliance-based ranking of certificate authorities using probabilistic approachesInternational Journal of Information Security10.1007/s10207-024-00867-323:4(2881-2910)Online publication date: 29-May-2024
https://doi.org/10.1007/s10207-024-00867-3
Show More Cited By

Index Terms

Off-Path Attacks Against PKI
1. Security and privacy

Recommendations

Let's Downgrade Let's Encrypt
CCS '21: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security

Following the recent off-path attacks against PKI, Let's Encrypt deployed in 2020 domain validation from multiple vantage points to ensure security even against the stronger on-path MitM adversaries. The idea behind such distributed domain validation is ...
Domain Validation++ For MitM-Resilient PKI
CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

The security of Internet-based applications fundamentally relies on the trustworthiness of Certificate Authorities (CAs). We practically demonstrate for the first time that even a weak off-path attacker can effectively subvert the trustworthiness of ...
An End-to-End Measurement of Certificate Revocation in the Web's PKI
IMC '15: Proceedings of the 2015 Internet Measurement Conference

Critical to the security of any public key infrastructure (PKI) is the ability to revoke previously issued certificates. While the overall SSL ecosystem is well-studied, the frequency with which certificates are revoked and the circumstances under which ...

Comments

Information & Contributors

Information

Published In

CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

October 2018

2359 pages

ISBN:9781450356930

DOI:10.1145/3243734

General Chairs:
David Lie
University of Toronto
,
Mohammad Mannan
Concordia University
,
Program Chairs:
Michael Backes
CISPA Helmholtz Center i.G.
,
XiaoFeng Wang
Indiana University

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 October 2018

Check for updates

Author Tags

Qualifiers

Poster

Funding Sources

CROSSING
CRISP

Conference

CCS '18

Sponsor:

SIGSAC

CCS '18: 2018 ACM SIGSAC Conference on Computer and Communications Security

October 15 - 19, 2018

Toronto, Canada

Acceptance Rates

CCS '18 Paper Acceptance Rate 134 of 809 submissions, 17%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
327
Total Downloads

Downloads (Last 12 months)20
Downloads (Last 6 weeks)1

Reflects downloads up to 08 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Ahn BKim TAhmad SMazumder SJohnson JMantooth HFarnell C(2024)An Overview of Cyber-Resilient Smart Inverters Based on Practical Attack ModelsIEEE Transactions on Power Electronics10.1109/TPEL.2023.334284239:4(4657-4673)Online publication date: Apr-2024
https://doi.org/10.1109/TPEL.2023.3342842
Ahn BJenkins AMassa JSilva LKim TChoi S(2024)Disruption of Commercial Solar Inverter System by TLS Proxy Man-in-the-Middle Attack2024 IEEE 7th International Conference on Industrial Cyber-Physical Systems (ICPS)10.1109/ICPS59941.2024.10639997(1-6)Online publication date: 12-May-2024
https://doi.org/10.1109/ICPS59941.2024.10639997
Junaid KJanjua MQadir J(2024)A compliance-based ranking of certificate authorities using probabilistic approachesInternational Journal of Information Security10.1007/s10207-024-00867-323:4(2881-2910)Online publication date: 29-May-2024
https://doi.org/10.1007/s10207-024-00867-3
Yin LZhang HPeng JNing ZZhang ZZhang KZhang Y(2024)A Certificate Transparency-Based Certificate Monitoring Scheme for the Power GridNetwork Simulation and Evaluation10.1007/978-981-97-4519-7_18(256-270)Online publication date: 2-Aug-2024
https://doi.org/10.1007/978-981-97-4519-7_18
Patil VShyamasundar R(2022)Evolving Role of PKI in Facilitating Trust2022 IEEE International Conference on Public Key Infrastructure and its Applications (PKIA)10.1109/PKIA56009.2022.9952249(1-7)Online publication date: 9-Sep-2022
https://doi.org/10.1109/PKIA56009.2022.9952249
Brandt MShulman HWaidner MKim YKim JVigna GShi E(2021)Evaluating Resilience of Domains in PKIProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security10.1145/3460120.3485356(2444-2446)Online publication date: 12-Nov-2021
https://dl.acm.org/doi/10.1145/3460120.3485356
Zhang JTong WZhu LOu WLi X(2019)Evaluating DNS Vulnerability to Cache Injection2019 IEEE International Conference on Computation, Communication and Engineering (ICCCE)10.1109/ICCCE48422.2019.9010808(134-137)Online publication date: Nov-2019
https://doi.org/10.1109/ICCCE48422.2019.9010808

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Let's Downgrade Let's Encrypt

Domain Validation++ For MitM-Resilient PKI

An End-to-End Measurement of Certificate Revocation in the Web's PKI

Comments

Information

Published In

Sponsors

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Acceptance Rates

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations