- Home
- Search Results
- Page 1 of 1
Search for: All records
-
Total Resources4
- Resource Type
-
03000010000
- More
- Availability
-
40
- Author / Contributor
- Filter by Author / Creator
-
-
Mittal, Prateek (4)
-
Rexford, Jennifer (2)
-
Wang, Liang (2)
-
Acar, Gunes (1)
-
Avraham, Zohar (1)
-
Birge-Lee, Henry (1)
-
Burgess, Ben (1)
-
Croitoru, Eliezer (1)
-
Feamster, Nick (1)
-
Felten, Edward W. (1)
-
Haskal, Yarden (1)
-
Huang, Danny Yuxing (1)
-
Kang, Lachlan (1)
-
Lee, Henry (1)
-
Levi, Dvir (1)
-
Mathur, Arunesh (1)
-
McCarney, Daniel (1)
-
Meltser, Yosef (1)
-
Mohajeri Moghaddam, Hooman (1)
-
Narayanan, Arvind (1)
-
- Filter by Editor
-
-
null (1)
-
& Spizer, S. M. (0)
-
& . Spizer, S. (0)
-
& Ahn, J. (0)
-
& Bateiha, S. (0)
-
& Bosch, N. (0)
-
& Brennan K. (0)
-
& Brennan, K. (0)
-
& Chen, B. (0)
-
& Chen, Bodong (0)
-
& Drown, S. (0)
-
& Ferretti, F. (0)
-
& Higgins, A. (0)
-
& J. Peters (0)
-
& Kali, Y. (0)
-
& Ruiz-Arias, P.M. (0)
-
& S. Spitzer (0)
-
& Sahin. I. (0)
-
& Spitzer, S. (0)
-
& Spitzer, S.M. (0)
-
-
Have feedback or suggestions for a way to improve these results?
!
Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher.
Some full text articles may not yet be available without a charge during the embargo (administrative interval).
What is a DOI Number?
Some links on this page may take you to non-federal websites. Their policies may differ from this site.
-
null (Ed.)An attacker can obtain a valid TLS certificate for a domain by hijacking communication between a certificate authority (CA) and a victim domain. Performing domain validation from multiple vantage points can defend against these attacks. We explore the design space of multi-vantage-point domain validation to achieve (1) security via sufficiently diverse vantage points, (2) performance by ensuring low latency and overhead in certificate issuance, (3) manageability by complying with CA/Browser forum requirements, and requiring minimal changes to CA operations, and (4) a low benign failure rate for legitimate requests. Our opensource implementation was deployed by the Let's Encrypt CA in February 2020, and has since secured the issuance of more than half a billion certificates during the first year of its deployment. Using real-world operational data from Let's Encrypt, we show that our approach has negligible latency and communication overhead, and a benign failure rate comparable to conventional designs with one vantage point. Finally, we evaluate the security improvements using a combination of ethically conducted real-world BGP hijacks, Internet-scale traceroute experiments, and a novel BGP simulation framework. We show that multi-vantage-point domain validation can thwart the vast majority of BGP attacks. Our work motivates the deployment of multi-vantage-point domain validation across the CA ecosystem to strengthen TLS certificate issuance and user privacy.more » « less
-
Shusterman, Anatoly ; Avraham, Zohar ; Croitoru, Eliezer ; Haskal, Yarden ; Kang, Lachlan ; Levi, Dvir ; Meltser, Yosef ; Mittal, Prateek ; Oren, Yossi ; Yarom, Yuval ( , IEEE Transactions on Dependable and Secure Computing)
-
Mohajeri Moghaddam, Hooman ; Acar, Gunes ; Burgess, Ben ; Mathur, Arunesh ; Huang, Danny Yuxing ; Feamster, Nick ; Felten, Edward W. ; Mittal, Prateek ; Narayanan, Arvind ( , 2019 ACM Conference on Computer and Communications Security CCS)
-
Birge-Lee, Henry ; Wang, Liang ; Rexford, Jennifer ; Mittal, Prateek ( , 2019 ACM SIGSAC Conference on Computer and Communications Security CCS.)