Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Detecting and Defending Against Certificate Attacks with Origin-Bound CAPTCHAs

  • Conference paper
  • First Online:
Security and Privacy in Communication Networks (SecureComm 2018)

  • 818 Accesses

Abstract

Published reports have highlighted various attacks on secure Public Key Infrastructure (PKI)-based SSL/TLS protocols. A well-known example of such an attack, that exploits a flaw in the Certificate Authority (CA) model of the PKI, is the compelled Man-in-the-Middle (MITM) attack, in which governments or affiliated agencies compel a CA to issue false but verifiable certificates for popular websites. These certificates are then used to hijack secure communication for censorship and surveillance purposes. Such attacks significantly undermine the confidentiality guarantees provided by SSL and the privacy of Internet users at large.

To address this issue, we present Origin-Bound CAPTCHAs (OBCs), which are dual CAPTCHA tests that elevate the difficulty of launching such attacks and make their deployment infeasible especially in cases of mass surveillance. An OBC is linked to the public key of the server and by solving the OBC, the client can use the certificate to authenticate the server and verify the confidentially of the link. Our design is distinguished from prior efforts in that it does not require bootstrapping but does require minor changes at the server side. We discuss the security provided by an OBC from the perspective of an adversary who employs a human work force and presents the findings from a controlled user study that evaluates tradeoffs in OBC design choices. We also evaluate a software prototype of this concept that demonstrates how OBCs can be implemented and deployed efficiently with 1.2-3x overhead when compared to a traditional TLS/SSL implementation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    An “OBC-patch” could mean a change to the TLS protocol or installation of a shim layer that works in tandem with the TLS-protocol and is responsible for dealing with the OBC. We are in favor of the latter approach.

References

  1. CertLock - SecureW2. https://www.securew2.com/products/certlock/

  2. Securimage PHP Captcha. https://www.phpcaptcha.org/

  3. Heise SSL Guardian: Protection against unsafe SSL certificates (2008). www.h-online.com/security/features/Heise-SSL-Guardian-746213.html

  4. Comodo report of incident (2011). https://www.comodo.com/ComodoFraud-Incident-2011-03-23.html.

  5. Google 2-Step Verification, September 2016. https://www.google.com/landing/2step/

  6. Node.js, July 2016. https://www.nodejs.org/en/

  7. Sites using CAPTCHAS, July 2016. https://wappalyzer.com/categories/captchas

  8. Abts, D., Felderman, B.: A guided tour of data-center networking. Commun. ACM 55(6), 44–51 (2012)

    Article  Google Scholar 

  9. Alicherry, M., Keromytis, A.D.: DoubleCheck: multi-path verification against man-in-the-middle attacks. In: IEEE Symposium on Computers and Communications, ISCC 2009, pp. 557–563. IEEE (2009)

    Google Scholar 

  10. Balfanz, D., Hamilton, R.: Transport layer security (TLS) channel IDs. IETF Draft (2013)

    Google Scholar 

  11. Bursztein, E., Aigrain, J., Moscicki, A., Mitchell, J.C.: The end is nigh: generic solving of text-based CAPTCHAs. In: 8th USENIX Workshop on Offensive Technologies (WOOT 2014) (2014)

    Google Scholar 

  12. Bursztein, E., Bethard, S., Fabry, C., Mitchell, J.C., Jurafsky, D.: How good are humans at solving CAPTCHAs? A large scale evaluation. In: IEEE Symposium on Security and Privacy, pp. 399–413 (2010)

    Google Scholar 

  13. Bursztein, E., Moscicki, A., Fabry, C., Bethard, S., Mitchell, J.C., Jurafsky, D.: Easy does it: more usable CAPTCHAs. In: Proceedings of the 32nd Annual ACM Conference on Human Factors in Computing Systems, pp. 2637–2646. ACM (2014)

    Google Scholar 

  14. captchas.net: Free captcha-service. http://captchas.net/

  15. Dietz, M., Czeskis, A., Balfanz, D., Wallach, D.S.: Origin-bound certificates: a fresh approach to strong client authentication for the web. Presented as part of the 21st USENIX Security Symposium (USENIX Security 2012), pp. 317–331 (2012)

    Google Scholar 

  16. Evans, C., Palmer, C., Sleevi, R.: Public key pinning extension for HTTP. Technical report (2015)

    Google Scholar 

  17. Ferraro Petrillo, U., Mastroianni, G., Visconti, I.: The design and implementation of a secure CAPTCHA against man-in-the-middle attacks. Secur. Commun. Netw. 7(8), 1199–1209 (2014)

    Article  Google Scholar 

  18. Gao, H., et al.: Robustness of text-based completely automated public turing test to tell computers and humans apart. IET Inf. Secur. 10(1), 45–52 (2016)

    Article  Google Scholar 

  19. Gao, S., Mohamed, M., Saxena, N., Zhang, C.: Emerging image game CAPTCHAs for resisting automated and human-solver relay attacks. In: Proceedings of the 31st Annual Computer Security Applications Conference. ACSAC (2015)

    Google Scholar 

  20. Karapanos, N., Capkun, S.: On the effective prevention of TLS man-in-the-middle attacks in web applications. In: 23rd USENIX Security Symposium (USENIX Security 2014), pp. 671–686 (2014)

    Google Scholar 

  21. Karapanos, N., Marforio, C., Soriente, C., Capkun, S.: Sound-proof: usable two-factor authentication based on ambient sound. In: 24th USENIX Security Symposium (USENIX Security 2015), pp. 483–498 (2015)

    Google Scholar 

  22. Karlof, C., Shankar, U., Tygar, J.D., Wagner, D.: Dynamic pharming attacks and locked same-origin policies for web browsers. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 58–71. ACM (2007)

    Google Scholar 

  23. Kim, T.H.J., Huang, L.S., Perring, A., Jackson, C., Gligor, V.: Accountable key infrastructure (AKI): a proposal for a public-key validation infrastructure. In: Proceedings of the 22nd International Conference on World Wide Web, pp. 679–690. ACM (2013)

    Google Scholar 

  24. Osadchy, M., Hernandez-Castro, J., Gibson, S., Dunkelman, O., Pérez-Cabo, D.: No bot expects the DeepCAPTCHA! Introducing immutable adversarial examples, with applications to CAPTCHA generation. IEEE Trans. Inf. Forensics Secur. 12(11), 2640–2653 (2017)

    Article  Google Scholar 

  25. Roosa, S.B., Schultze, S.: Trust darknet: control and compromise in the internet’s certificate authority model. IEEE Internet Comput. 17(3), 18–25 (2013)

    Article  Google Scholar 

  26. Shultze, S.: Diginotar hack highlights critical failures of our SSL web security model, September 2011. https://freedom-to-tinker.com/blog/sjs/diginotar-hack-highlights-critical-failures-our-ssl-web-security-model

  27. Soghoian, C., Stamm, S.: Certified lies: detecting and defeating government interception attacks against SSL (short paper). In: Danezis, G. (ed.) FC 2011. LNCS, vol. 7035, pp. 250–259. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-27576-0_20

    Chapter  Google Scholar 

  28. Syta, E., et al.: Keeping authorities “honest or bust” with decentralized witness cosigning. arXiv preprint arXiv:1503.08768 (2015)

  29. Szalachowski, P., Matsumoto, S., Perrig, A.: PoliCert: Secure and flexible TLS certificate management. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 406–417. ACM (2014)

    Google Scholar 

  30. von Ahn, L., Blum, M., Hopper, N.J., Langford, J.: CAPTCHA: using hard AI problems for security. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 294–311. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_18

    Chapter  Google Scholar 

  31. Wendlandt, D., Andersen, D.G., Perrig, A.: Perspectives: improving SSH-style host authentication with multi-path probing. In: USENIX Annual Technical Conference, vol. 200 (2008)

    Google Scholar 

Download references

Acknowledgements

We would like to thank all the anonymous reviewers of the program committee for their valuable insights on the paper. This work was partially funded by the National Science Foundation (NSF) under Grant No. CNS-1514503. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of NSF.

Author information

Authors and Affiliations

  1. Purdue University, West Lafayette, USA

    Adil Ahmad

  2. Lahore University of Management Sciences (LUMS), Lahore, Pakistan

    Faizan Ahmad & Fareed Zaffar

  3. Apple Inc., Cupertino, USA

    Lei Wei

  4. SRI International, Menlo Park, USA

    Vinod Yegneswaran

Authors
  1. Adil Ahmad
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Faizan Ahmad
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Lei Wei
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Vinod Yegneswaran
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Fareed Zaffar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Adil Ahmad .

Editor information

Editors and Affiliations

  1. Klaus Advanced Computing Building, Georgia Institute of Technology, Atlanta, GA, USA

    Raheem Beyah

  2. Singapore Management University, Singapore, Singapore

    Bing Chang

  3. School of Information Systems, Singapore Management University, Singapore, Singapore

    Yingjiu Li

  4. Pennsylvania State University, University Park, PA, USA

    Sencun Zhu

Rights and permissions

Reprints and permissions

Copyright information

© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ahmad, A., Ahmad, F., Wei, L., Yegneswaran, V., Zaffar, F. (2018). Detecting and Defending Against Certificate Attacks with Origin-Bound CAPTCHAs. In: Beyah, R., Chang, B., Li, Y., Zhu, S. (eds) Security and Privacy in Communication Networks. SecureComm 2018. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 255. Springer, Cham. https://doi.org/10.1007/978-3-030-01704-0_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-01704-0_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-01703-3

  • Online ISBN: 978-3-030-01704-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation