Whom You Gonna Trust? A Longitudinal Study on TLS Notary Services - Archive ouverte HAL Access content directly
Conference Papers Year : 2016

Whom You Gonna Trust? A Longitudinal Study on TLS Notary Services

(1) , (2) , (1) , (1, 2) , (1, 2)
1
2
Georg Merzdovnik
  • Function : Author
  • PersonId : 1022682
Martin Schmiedecker
  • Function : Author
  • PersonId : 1022683

Abstract

TLS is currently the most widely-used protocol on the Internet to facilitate secure communications, in particular secure web browsing. TLS relies on X.509 certificates as a major building block to establish a secure communication channel. Certificate Authorities (CAs) are trusted third parties that validate the TLS certificates and establish trust relationships between communication entities. To counter prevalent attack vectors - like compromised CAs issuing fraudulent certificates and active man-in-the-middle (MitM) attacks - TLS notary services were proposed as a solution to verify the legitimacy of certificates using alternative communication channels.In this paper, we are the first to present a long-term study on the operation of TLS notary services. We evaluated the services using active performance measurements over a timespan of one year and discuss the effectiveness of TLS notary services in practice. Based on our findings, we propose the usage of multiple notary services in conjunction with a semi-trusted centralized proxy approach, so as to protect arbitrarily-sized networks on the network level without the need to install any software on the client machines. Lastly, we identify multiple issues that prevent the widespread use of TLS notary services in practice and propose steps to overcome them.
Fichier principal
Vignette du fichier
428203_1_En_23_Chapter.pdf (1.46 Mo) Télécharger le fichier
Origin : Files produced by the author(s)
Loading...

Dates and versions

hal-01633686 , version 1 (13-11-2017)

Licence

Attribution - CC BY 4.0

Identifiers

Cite

Georg Merzdovnik, Klaus Falb, Martin Schmiedecker, Artemios G. Voyiatzis, Edgar Weippl. Whom You Gonna Trust? A Longitudinal Study on TLS Notary Services. 30th IFIP Annual Conference on Data and Applications Security and Privacy (DBSec), Jul 2016, Trento, Italy. pp.331-346, ⟨10.1007/978-3-319-41483-6_23⟩. ⟨hal-01633686⟩
110 View
115 Download

Altmetric

Share

Gmail Facebook Twitter LinkedIn More