Whom You Gonna Trust? A Longitudinal Study on TLS Notary Services

Abstract : TLS is currently the most widely-used protocol on the Internet to facilitate secure communications, in particular secure web browsing. TLS relies on X.509 certificates as a major building block to establish a secure communication channel. Certificate Authorities (CAs) are trusted third parties that validate the TLS certificates and establish trust relationships between communication entities. To counter prevalent attack vectors - like compromised CAs issuing fraudulent certificates and active man-in-the-middle (MitM) attacks - TLS notary services were proposed as a solution to verify the legitimacy of certificates using alternative communication channels.In this paper, we are the first to present a long-term study on the operation of TLS notary services. We evaluated the services using active performance measurements over a timespan of one year and discuss the effectiveness of TLS notary services in practice. Based on our findings, we propose the usage of multiple notary services in conjunction with a semi-trusted centralized proxy approach, so as to protect arbitrarily-sized networks on the network level without the need to install any software on the client machines. Lastly, we identify multiple issues that prevent the widespread use of TLS notary services in practice and propose steps to overcome them.
Type de document :
Communication dans un congrès
Silvio Ranise; Vipin Swarup. 30th IFIP Annual Conference on Data and Applications Security and Privacy (DBSec), Jul 2016, Trento, Italy. Springer International Publishing, Lecture Notes in Computer Science, LNCS-9766, pp.331-346, 2016, Data and Applications Security and Privacy XXX. 〈10.1007/978-3-319-41483-6_23〉
Liste complète des métadonnées

Littérature citée [34 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01633686
Contributeur : Hal Ifip <>
Soumis le : lundi 13 novembre 2017 - 11:46:47
Dernière modification le : lundi 13 novembre 2017 - 11:48:22
Document(s) archivé(s) le : mercredi 14 février 2018 - 13:30:22

Fichier

 Accès restreint
Fichier visible le : 2019-01-01

Connectez-vous pour demander l'accès au fichier

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Georg Merzdovnik, Klaus Falb, Martin Schmiedecker, Artemios Voyiatzis, Edgar Weippl. Whom You Gonna Trust? A Longitudinal Study on TLS Notary Services. Silvio Ranise; Vipin Swarup. 30th IFIP Annual Conference on Data and Applications Security and Privacy (DBSec), Jul 2016, Trento, Italy. Springer International Publishing, Lecture Notes in Computer Science, LNCS-9766, pp.331-346, 2016, Data and Applications Security and Privacy XXX. 〈10.1007/978-3-319-41483-6_23〉. 〈hal-01633686〉

Partager

Métriques

Consultations de la notice

35