Title

Panorama: Multi-Path SSL Authentication using Peer Network Perspectives

Author(s) Information

William P. Harris, California Polytechnic State University - San Luis ObispoFollow

Department - Author 1

Computer Engineering Department

Degree Name - Author 1

BS in Computer Engineering

Date

6-2015

Primary Advisor

Zachary Peterson

Abstract/Summary

SSL currently uses certificates signed by Certificate Authorities (CAs) to authenticate connections. e.g. Google will pay a CA to sign a certificate for them, so that they can prove that they're not someone pretending to be Google. Unfortunately, this system has had multiple problems, and many believe that an alternative needs to be found.

One of the ideas for alternatives is using multiple "network perspectives" to authenticate a server. The idea behind this is that, though playing man-in-the-middle (MITM) with one connection is easy, it should be difficult for an adversary to do so with many connections, especially if they take different network paths (e.g. from different countries).

There have already been projects that have implemented this structure by using dedicated "notaries" that a client could request certificate info from for a particular server ("What's www.google.com's certificate look like?"). Panorama drops the need for notaries, by using connected clients to preform the job of notaries.

URL: https://digitalcommons.calpoly.edu/cpesp/172