Skip to main content

Bamboozling Certificate Authorities with BGP

Author(s): Birge-Lee, Henry; Sun, Yixin; Edmundson, Anne; Rexford, Jennifer; Mittal, Prateek

Download
To refer to this page use: http://arks.princeton.edu/ark:/88435/pr1g26s
Full metadata record
DC FieldValueLanguage
dc.contributor.authorBirge-Lee, Henry-
dc.contributor.authorSun, Yixin-
dc.contributor.authorEdmundson, Anne-
dc.contributor.authorRexford, Jennifer-
dc.contributor.authorMittal, Prateek-
dc.date.accessioned2021-10-08T19:51:11Z-
dc.date.available2021-10-08T19:51:11Z-
dc.date.issued2018en_US
dc.identifier.citationBirge-Lee, Henry, Yixin Sun, Anne Edmundson, Jennifer Rexford, and Prateek Mittal. "Bamboozling Certificate Authorities with BGP." In 27th USENIX Security Symposium (2018): pp. 833-849.en_US
dc.identifier.urihttps://www.usenix.org/conference/usenixsecurity18/presentation/birge-lee-
dc.identifier.urihttp://arks.princeton.edu/ark:/88435/pr1g26s-
dc.description.abstractThe Public Key Infrastructure (PKI) protects users from malicious man-in-the-middle attacks by having trusted Certificate Authorities (CAs) vouch for the domain names of servers on the Internet through digitally signed certificates. Ironically, the mechanism CAs use to issue certificates is itself vulnerable to man-in-the-middle attacks by network-level adversaries. Autonomous Systems (ASes) can exploit vulnerabilities in the Border Gateway Protocol (BGP) to hijack traffic destined to a victim's domain. In this paper, we rigorously analyze attacks that an adversary can use to obtain a bogus certificate. We perform the first real-world demonstration of BGP attacks to obtain bogus certificates from top CAs in an ethical manner. To assess the vulnerability of the PKI, we collect a dataset of 1.8 million certificates and find that an adversary would be capable of gaining a bogus certificate for the vast majority of domains. Finally, we propose and evaluate two countermeasures to secure the PKI: 1) CAs verifying domains from multiple vantage points to make it harder to launch a successful attack, and 2) a BGP monitoring system for CAs to detect suspicious BGP routes and delay certificate issuance to give network operators time to react to BGP attacks.en_US
dc.format.extent833 - 849en_US
dc.language.isoen_USen_US
dc.relation.ispartof27th USENIX Security Symposiumen_US
dc.rightsFinal published version. This is an open access article.en_US
dc.titleBamboozling Certificate Authorities with BGPen_US
dc.typeConference Articleen_US
pu.type.symplectichttp://www.symplectic.co.uk/publications/atom-terms/1.0/conference-proceedingen_US

Files in This Item:
File Description SizeFormat 
CertAuthor.pdf828.04 kBAdobe PDFView/Download


Items in OAR@Princeton are protected by copyright, with all rights reserved, unless otherwise indicated.