Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Off-path attacks against PKI

 
: Dai, Tianxiang; Shulman, Haya; Waidner, Michael

:

Lie, D. ; Association for Computing Machinery -ACM-:
CCS 2018, ACM SIGSAC Conference on Computer and Communications Security. Proceedings : Toronto, Canada, October 15 - 19, 2018
New York: ACM, 2018
ISBN: 978-1-4503-5693-0
S.2213-2215
Conference on Computer and Communications Security (CCS) <2018, Toronto>
Englisch
Konferenzbeitrag
Fraunhofer SIT ()

Abstract
The security of Internet-based applications fundamentally relies on the trustwortiness of Certificate Authorities (CAs). We practically demonstrate for the first time that even a very weak attacker, namely, an off-path attacker, can effectively subvert the trustworthiness of popular commercially used CAs. We demonstrate an attack against a COMODO CA which uses Domain Validation (DV) for authenticating domain ownership. The attack exploits DNS Cache Poisoning and tricks the CA into issuing fraudulent certificates for domains the attacker does not legitimately own namely certificates binding the attackers public key to a victim domain. We set up a demonstration of a live attack at https://pki.cad.sit.fraunhofer.de.

: http://publica.fraunhofer.de/dokumente/N-520007.html