Double check: Multi-path verification against man-in-the-middle attacks

Proceedings - IEEE Symposium on Computers and Communications

Volumn , Issue , 2009, Pages 557-563

  Alicherry, Mansoor ^a   Keromytis, Angelos D ^a  

^a Columbia University ^*  (United States)

Author keywords

Certificates; Man in the middle attack; Tor; Trust

Indexed keywords

ALTERNATE PATH; APRIORI; CERTIFICATES; EXPERIMENTAL EVALUATION; FIREFOX; LOW OVERHEAD; MAN IN THE MIDDLE ATTACKS; MAN-IN-THE-MIDDLE ATTACK; MULTI-PATH; PRIVACY CONCERNS; PUBLIC-KEY INFRASTRUCTURE; REMOTE HOST; SCALABLE SOLUTION; SELF-SIGNED CERTIFICATE; TOR; TRUST;

DATA TRANSFER; PUBLIC KEY CRYPTOGRAPHY;

INTERNET PROTOCOLS;

EID: 70449482420     PISSN: 15301346     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ISCC.2009.5202224     Document Type: Conference Paper

References (20)

1. DNSSEC: DNS Security Extensions Securing the Domain Name System. http://www.dnssec.net/.
2. OpenSSH. http://www.openssh.org/.
3. OpenSSL. http://www.openssl.org/.
4. Tor Network Status. http://torstatus.blutmagie.de.
5. Tor project. http://www.torproject.org.
6. US-CERT Vulnerability Note. Multiple DNS implementations vulnerable to cache poisoning. http://www.kb.cert.org/vuls/id/800113.
7. VeriSign Certification Practice Statement. http://www.verisign.com/ repository/CPS/.
8. VeriSign SSL Certificates. http://www.verisign.com/ssl/index.html.
9. XPCOM. http://www.mozilla.org/projects/xpcom/.
10. J. Callas, L. Donnerhacke, H. Finney, D. Shaw, and R. Thayer. OpenPGP Message Format. RFC 4880, Nov 2007.
11. S. Capkun, L. Buttyn, and 1. pierre Hubaux. Self-organized public-key management for mobile ad hoc networks. IEEE Transactions on Mobile Computing, 2:52-64, 2003.
12. S. Chokhani and W. Ford. Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework. RFC 2527, March 1999.
13. D. Kaminsky. Black Ops 2008 -Tts The End OfThe Cache As We Know It. Blackhat 2008 briefings. http://www.doxpara.com/DMK-B02K8.ppt.
14. D. Koblas and M. R. Koblas. SOCKS. USENIX Security Symposium, 1992.
15. L. Poole and V. S. Pai. ConfiDNS: leveraging scale and history to improve DNS security. USENIX Workshop on Real, Large Distributed Systems, 2006.
16. S. E. Schechter, R. Dhamija, A. Ozment, and I. Fischer. Emperors new security indicators: An evaluation ofwebsite authentication and the effect of role playing on usability studies. 2007.
17. J. Schlyter and W. Griffin. Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints. RFC 4255, Jan 2006.
18. 1. Sobey, R. Biddle, P. van Oorschot, and A. Patrick. Exploring user reactions to browser cues for extended validation certificates. European Symposium on Research in Computer Security, October 2008.
19. J. G. Steiner, B. C. Neuman, and J. I. Schiller. Kerberos: An Authentication Service for Open Network Systems. Winter 1988 Usenix Conference, February 1988.
20. D. Wendlandt, D. Andersen, and A. Perrigo Perspectives: Improving SSH-style Host Authentication with Multi-path Network Probing. USENIX Annual Technical Conference, 2008.