SALVE
| Autor: | Claudio Soriente, Srdjan Capkun, Aanjhan Ranganathan, Ramya Jayaram Masti, Der-Yeuan Yu |
|---|---|
| Rok vydání: | 2016 |
| Předmět: |
FOS: Computer and information sciences
Service (systems architecture) Computer Science - Cryptography and Security Revocation business.industry Computer science 020206 networking & telecommunications Throughput 02 engineering and technology Certificate Backward compatibility Certificate authority 0202 electrical engineering electronic engineering information engineering 020201 artificial intelligence & image processing Data center business Cryptography and Security (cs.CR) Mobile device Computer network |
| Zdroj: | MobiCom |
| DOI: | 10.1145/2973750.2973766 |
| Popis: | The Location Service (LCS) proposed by the telecommunication industry is an architecture that allows the location of mobile devices to be accessed in various applications. We explore the use of LCS in location-enhanced server authentication, which traditionally relies on certificates. Given recent incidents involving certificate authorities, various techniques to strengthen server authentication were proposed. They focus on improving the certificate validation process, such as pinning, revocation, or multi-path probing. In this paper, we propose using the server's geographic location as a second factor of its authenticity. Our solution, SALVE, achieves location-based server authentication by using secure DNS resolution and by leveraging LCS for location measurements. We develop a TLS extension that enables the client to verify the server's location in addition to its certificate. Successful server authentication therefore requires a valid certificate and the server's presence at a legitimate geographic location, e.g., on the premises of a data center. SALVE prevents server impersonation by remote adversaries with mis-issued certificates or stolen private keys of the legitimate server. We develop a prototype implementation and our evaluation in real-world settings shows that it incurs minimal impact to the average server throughput. Our solution is backward compatible and can be integrated with existing approaches for improving server authentication in TLS. 14 pages. This paper will be presented at the 22nd ACM International Conference on Mobile Computing and Networking (MobiCom 2016). Related paper: https://eprint.iacr.org/2015/230 |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|