Leveraging DNS for timely SSL Certificate Revocation
نویسندگان
چکیده
Trust in SSL-based communication on the Internet is provided by Certificate Authorities in the form of signed certificates. When an organization uses an SSL certificate, it protects users’ sensitive information by encrypting all traffic between its servers and the users’ web browser. Sadly, current web browsers’ approaches to check the revocation status of a certificate, suffer from certain performance issues and privacy implications. To address these issues, we propose DCSP: a new low-latency approach that by leveraging the existing infrastructure of DNS, provides performant and accurate certificate revocation information. Our initial performance results show that DCSP has the potential to perform an order of magnitude faster than the current state-of-the-art alternatives.
منابع مشابه
CertShim: Securing SSL Certificate Verification through Dynamic Linking
Recent discoveries of widespread vulnerabilities in the SSL/TLS protocol stack, particular with regard to the verification of server certificates, has left the security of the Internet’s communications in doubt. Newly proposed SSL trust enhancements address many of these vulnerabilities, but are slow to be deployed and do not solve the problem of securing existing software. In this work, we pro...
متن کاملUsing CRL Push Delivery for Efficient Certificate Revocation Information Distribution in Grids
Checking revocation information is necessary to prevent from using digital certificates whose contents become invalid. In current system either periodical retrieval of Certificate Revocation Lists (CRLs) or the Online Certificate Status Protocol (OCSP) are the most common mechanisms to access revocation information issued by the certification authorities. As both these approaches pose problems ...
متن کاملA Review of Man-in-the-Middle Attacks
This paper presents a survey of man-in-the-middle (MIM) attacks in communication networks and methods of protection against them. In real time communication, the attack can in many situations be discovered by the use of timing information. The most common attacks occur due to Address Resolution Protocol (ARP) cache poisoning, DNS spoofing, session hijacking, and SSL hijacking. Introduction Man-...
متن کاملImproving QOS in Cluster Based Certificate Revocation for Mobile Ad Hoc Network
Certificate revocation is an important security component in mobile ad hoc networks (MANET). Securing network from various kinds of Attacks (MANET) plays an important role. Certificate revocation mechanisms play an important role in securing a network. The main challenge of certificate revocation is to revoke certificates of malicious nodes promptly and accurately. In this paper we use Cluster ...
متن کاملTOC Approach to Recertification in Public Key Infrastructure
TOC provides a systematic methodology to verbalize intuition and formulate effective solutions for difficult problems. Efficient and timely distribution of certificate revocation information is one of the biggest challenges faced by PKI implementers. In this paper, we demonstrate the use of TOC Thinking Process tools to develop an intuitive and effective solution for the hard problem of managin...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2016