Skip to Main content Skip to Navigation
Conference papers

Whom You Gonna Trust? A Longitudinal Study on TLS Notary Services

Abstract : TLS is currently the most widely-used protocol on the Internet to facilitate secure communications, in particular secure web browsing. TLS relies on X.509 certificates as a major building block to establish a secure communication channel. Certificate Authorities (CAs) are trusted third parties that validate the TLS certificates and establish trust relationships between communication entities. To counter prevalent attack vectors - like compromised CAs issuing fraudulent certificates and active man-in-the-middle (MitM) attacks - TLS notary services were proposed as a solution to verify the legitimacy of certificates using alternative communication channels.In this paper, we are the first to present a long-term study on the operation of TLS notary services. We evaluated the services using active performance measurements over a timespan of one year and discuss the effectiveness of TLS notary services in practice. Based on our findings, we propose the usage of multiple notary services in conjunction with a semi-trusted centralized proxy approach, so as to protect arbitrarily-sized networks on the network level without the need to install any software on the client machines. Lastly, we identify multiple issues that prevent the widespread use of TLS notary services in practice and propose steps to overcome them.
Document type :
Conference papers
Complete list of metadata

Cited literature [29 references]  Display  Hide  Download

https://hal.inria.fr/hal-01633686
Contributor : Hal Ifip <>
Submitted on : Monday, November 13, 2017 - 11:46:47 AM
Last modification on : Monday, November 13, 2017 - 11:48:22 AM
Long-term archiving on: : Wednesday, February 14, 2018 - 1:30:22 PM

File

428203_1_En_23_Chapter.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Georg Merzdovnik, Klaus Falb, Martin Schmiedecker, Artemios Voyiatzis, Edgar Weippl. Whom You Gonna Trust? A Longitudinal Study on TLS Notary Services. 30th IFIP Annual Conference on Data and Applications Security and Privacy (DBSec), Jul 2016, Trento, Italy. pp.331-346, ⟨10.1007/978-3-319-41483-6_23⟩. ⟨hal-01633686⟩

Share

Metrics

Record views

172

Files downloads

239