Direct Validation of SSL/TLS Certificates (DVCert)

Detecting MITM Attacks Against SSL/TLS Without Third-Parties

  • Description
  • DVCert Firefox Extension
  • DVCert Server Code
  • ProVerif Evaluation
  • Contact Us

Abstract

The security guarantees provided by SSL/TLS depend on the correct authentication of servers through certificates signed by a trusted authority. However, as recent incidents have demonstrated, trust in these authorities is not well placed. Increasingly, certificate authorities (by coercion or compromise) have been creating forged certificates for a range of adversaries, allowing seemingly secure communications to be intercepted via man-in-the-middle (MITM) attacks. A variety of solutions have been proposed, but their complexity and deployment costs have hindered their adoption. In this paper, we propose Direct Validation of Certificates (DVCert), a novel protocol that, instead of relying on third-parties for certificate validation, allows domains to directly and securely vouch for their certificates using previously established user authentication credentials. By relying on a robust cryptographic construction, this relatively simple means of enhancing server identity validation is not only efficient and comparatively easy to deploy, but it also solves other limitations of third-party solutions. Our extensive experimental analysis in both desktop and mobile platforms shows that DVCert transactions require little computation time on the server (e.g., less than 1 ms) and are unlikely to degrade server performance or user experience. In short, we provide a robust and practical mechanism to enhance server authentication and protect web applications from MITM attacks against SSL/TLS.

 

 

 

Firefox DVCert add-on (JavaScript-only)

Firefox for Mobile DVCert add-on (Javascript-only)

 

 

PHP DVCert test code

 

 

 

We used ProVerif, an automatic cryptographic protocol verifier, to formally characterize DVCert. Using ProVerif, we successfully demonstrated that DVCert does not leak password information (i.e., resilience to offline attacks). Below are the pi-calculus model for PAK and DVCert protocols. These files are used as input to ProVerif. In addition, we include log files containing ProVerif's evaluation results for each protocol.

  • pak.pv (PAK protocol pi-calculus model)

  • pak.log (ProVerif output for PAK)

  • dvcert.pv (DVCert protocol pi-calculus model)

  • dvcert.log (ProVerif output for DVCert)

 

 

 

Please send any questions, comments and recomendations to idacosta 'at' gatech.edu

See my webpage for additional contact information. Thanks.