Server Location Verification and Server Location Pinning: Augmenting TLS Authentication
نویسندگان
چکیده
We introduce the first known mechanism providing realtime server location verification. Its uses include enhancing server authentication (e.g., augmenting TLS) by enabling browsers to automatically interpret server location information. We describe the design of this new measurement-based technique, Server Location Verification (SLV), and evaluate it using PlanetLab. We explain how SLV is compatible with the increasing trends of geographically distributed content dissemination over the Internet, without causing any new interoperability conflicts. Additionally, we introduce the notion of (verifiable) server location pinning within TLS (conceptually similar to certificate pinning) to support SLV, and evaluate their combined impact using a server-authentication evaluation framework. The results affirm the addition of new security benefits to the existing SSL/TLS-based authentication mechanisms. We implement SLV through a location verification service, the simplest version of which requires no serverside changes. We also implement a simple browser extension that interacts seamlessly with the verification infrastructure to obtain realtime server location-verification results.
منابع مشابه
CertShim: Securing SSL Certificate Verification through Dynamic Linking
Recent discoveries of widespread vulnerabilities in the SSL/TLS protocol stack, particular with regard to the verification of server certificates, has left the security of the Internet’s communications in doubt. Newly proposed SSL trust enhancements address many of these vulnerabilities, but are slow to be deployed and do not solve the problem of securing existing software. In this work, we pro...
متن کاملAdvanced Client/Server Authentication in TLS
Many business transactions on the Internet occur between strangers, that is, between entities with no prior relationship and no common security domain. Traditional security approaches based on identity or capabilities do not solve the problem of establishing trust between strangers. New approaches to trust establishment are required that are secure, scalable, and portable. One new approach to m...
متن کاملMobile Client’s Access Mechanism for Location based Service using Cell-ID
Today’s location-sensitive service relies on user’s mobile device to determine its location and send the location to the application. A location-based service is a service that determines the location of a mobile device and uses this to provide functionalities and information specific to that location. With the growth of the importance and of the audience of location-based services, questions o...
متن کاملReview of Authentication in Roaming Service
In mobile communications, roaming means a device going from its home location to different location where it will connect to a foreign network for services. Secure authentication in roaming services is being designed to allow legal users to get access to wireless network services when they are away from their home location. Recently, to protect the location privacy of the user s there have been...
متن کاملOn the Effective Prevention of TLS Man-in-the-Middle Attacks in Web Applications
In this paper we consider TLS Man-In-The-Middle (MITM) attacks in the context of web applications, where the attacker is able to successfully impersonate the legitimate server to the user, with the goal of impersonating the user to the server and thus compromising the user’s online account and data. We describe in detail why the recently proposed client authentication protocols based on TLS Cha...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره abs/1608.03939 شماره
صفحات -
تاریخ انتشار 2016