Detecting and Defending Against Certificate Attacks with Origin-Bound CAPTCHAs.
SecureComm (2)(2018)
摘要
To address this issue, we present Origin-Bound CAPTCHAs (OBCs), which are dual CAPTCHA tests that elevate the difficulty of launching such attacks and make their deployment infeasible especially in cases of mass surveillance. An OBC is linked to the public key of the server and by solving the OBC, the client can use the certificate to authenticate the server and verify the confidentially of the link. Our design is distinguished from prior efforts in that it does not require bootstrapping but does require minor changes at the server side. We discuss the security provided by an OBC from the perspective of an adversary who employs a human work force and presents the findings from a controlled user study that evaluates tradeoffs in OBC design choices. We also evaluate a software prototype of this concept that demonstrates how OBCs can be implemented and deployed efficiently with 1.2-3x overhead when compared to a traditional TLS/SSL implementation.
更多查看译文
关键词
Compelled-certificate attacks, Man-in-the-middle attacks, CAPTCHAs
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络