POSTER: Trust No One Else: Detecting MITM Attacks Against SSL/TLS Without Third-Parties

The Secure Sockets Layer (SSL) protocol and its successor , Transport Layer Security (TLS), have become the de facto means of providing strong cryptographic protection for network traffic. Their near universal integration with web browsers arguably makes them the most visible pieces of security infrastructure for average users. While vulnera-bilities are occasionally found in specific implementations, SSL/TLS are widely viewed as robust means of providing confidentiality, integrity and server authentication. However, these guarantees are built on tenuous assumptions about the ability to authenticate the server-side of a transaction by using digital certificates signed by a trusted third-party certification authority (CA). The security community has long been critical of the Public Key Infrastructure for X.509 (PKIX) and its CA-based trust model [5], [9], [1]. Much of the concern has focused on the role of the CAs and their ability and motivation to not only correctly verify and attest the coupling between an identity and a public key, but also to protect their own resources. Browsers and operating systems determine what CAs users should trust by default (i.e., trust anchors). However, this model has resulted in hundreds of CAs, all equally trusted and from more than 50 different countries [19], [3]. Due to this excessive trust, CAs can forge certificates for any domain that will be accepted as valid by most browsers. Thus, adversaries can obtain forged certificates by coercing or compromising any CA and use them to execute man-in-the-middle (MITM) attacks against SSL/TLS connections. The number of reported attacks against CAs increased considerably last year In some cases, adversaries were able to forge certificates for important web domains Even worse, it has been estimated that a forged certificate was used to intercept close to 300,000 Gmail sessions in Iran [14]. Furthermore, there is evidence that governments and private organizations are using forged certificates as part of their surveillance and censorship efforts [20], [7], [21], [15]. The frequency of these incidents is likely to increase in the future, as more and more web applications rely on SSL/TLS to protect all their communications. Unfortunately, sufficient mechanisms for detecting and preventing this problem are currently lacking. Multiple solutions have been proposed to deal with the threat imposed by forged certificates and MITM attacks. The most popular approach is the use of additional third-parties to extend or replace the rigid CA trust model (e.g., network notaries [22], [16], public audit logs [4], [13] and secure …