Sciweavers

DIMVA
2008

VeriKey: A Dynamic Certificate Verification System for Public Key Exchanges

14 years 1 months ago
VeriKey: A Dynamic Certificate Verification System for Public Key Exchanges
Abstract. This paper presents a novel framework to substantiate selfsigned certificates in the absence of a trusted certificate authority. In particular, we aim to address the problem of web-based SSL man-in-themiddle attacks. This problem originates from the fact that public keys are distributed through insecure channels prior to encryption. Therefore, a man-in-the-middle attacker may substitute an arbitrary public key during the exchange process and compromise communication between a client and server. Typically, web clients (browsers) recognize this potential security breach and display warning prompts, but often to no avail as users simply accept the certificate since they lack the understanding of Public Key Infrastructures (PKIs) and the meaning of these warnings. In order to enhance the security of public key exchanges, we have devised an automated system to leverage one or more vantage points of a certificate from hosts that have distinct pathways to a remote server. That is, w...
Brett Stone-Gross, David Sigal, Rob Cohn, John Mor
Added 29 Oct 2010
Updated 29 Oct 2010
Type Conference
Year 2008
Where DIMVA
Authors Brett Stone-Gross, David Sigal, Rob Cohn, John Morse, Kevin C. Almeroth, Christopher Kruegel
Comments (0)