- Home
- Search Results
- Page 1 of 1
Search for: All records
-
Total Resources3
- Resource Type
-
03000000000
- More
- Availability
-
30
- Author / Contributor
- Filter by Author / Creator
-
-
Lee, Henry (2)
-
Mittal, Prateek (2)
-
Rexford, Jennifer (2)
-
Wang, Liang (2)
-
Aditya, Ramaswamy (1)
-
Arzani, Behnaz (1)
-
Bianchini, Ricardo (1)
-
Birge-Lee, Henry (1)
-
Frujeri, Felipe Vieira (1)
-
Gao, Jiaqi (1)
-
Liu, Vincent (1)
-
MacDavid, Robert (1)
-
Maltz, David (1)
-
McCarney, Daniel (1)
-
Shoemaker, Roland (1)
-
Wang, Xiaohang (1)
-
Yaseen, Nofel (1)
-
Yu, Minlan (1)
-
#Tyler Phillips, Kenneth E. (0)
-
#Willis, Ciara (0)
-
- Filter by Editor
-
-
null (2)
-
& Spizer, S. M. (0)
-
& . Spizer, S. (0)
-
& Ahn, J. (0)
-
& Bateiha, S. (0)
-
& Bosch, N. (0)
-
& Brennan K. (0)
-
& Brennan, K. (0)
-
& Chen, B. (0)
-
& Chen, Bodong (0)
-
& Drown, S. (0)
-
& Ferretti, F. (0)
-
& Higgins, A. (0)
-
& J. Peters (0)
-
& Kali, Y. (0)
-
& Ruiz-Arias, P.M. (0)
-
& S. Spitzer (0)
-
& Sahin. I. (0)
-
& Spitzer, S. (0)
-
& Spitzer, S.M. (0)
-
-
Have feedback or suggestions for a way to improve these results?
!
Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher.
Some full text articles may not yet be available without a charge during the embargo (administrative interval).
What is a DOI Number?
Some links on this page may take you to non-federal websites. Their policies may differ from this site.
-
null (Ed.)An attacker can obtain a valid TLS certificate for a domain by hijacking communication between a certificate authority (CA) and a victim domain. Performing domain validation from multiple vantage points can defend against these attacks. We explore the design space of multi-vantage-point domain validation to achieve (1) security via sufficiently diverse vantage points, (2) performance by ensuring low latency and overhead in certificate issuance, (3) manageability by complying with CA/Browser forum requirements, and requiring minimal changes to CA operations, and (4) a low benign failure rate for legitimate requests. Our opensource implementation was deployed by the Let's Encrypt CA in February 2020, and has since secured the issuance of more than half a billion certificates during the first year of its deployment. Using real-world operational data from Let's Encrypt, we show that our approach has negligible latency and communication overhead, and a benign failure rate comparable to conventional designs with one vantage point. Finally, we evaluate the security improvements using a combination of ethically conducted real-world BGP hijacks, Internet-scale traceroute experiments, and a novel BGP simulation framework. We show that multi-vantage-point domain validation can thwart the vast majority of BGP attacks. Our work motivates the deployment of multi-vantage-point domain validation across the CA ecosystem to strengthen TLS certificate issuance and user privacy.more » « less
-
Birge-Lee, Henry ; Wang, Liang ; Rexford, Jennifer ; Mittal, Prateek ( , 2019 ACM SIGSAC Conference on Computer and Communications Security CCS.)
-
Gao, Jiaqi ; Yaseen, Nofel ; MacDavid, Robert ; Frujeri, Felipe Vieira ; Liu, Vincent ; Bianchini, Ricardo ; Aditya, Ramaswamy ; Wang, Xiaohang ; Lee, Henry ; Maltz, David ; et al ( , Proceedings of the Annual conference of the ACM Special Interest Group on Data Communication on the applications, technologies, architectures, and protocols for computer communication)null (Ed.)