Panorama: Multi-Path SSL Authentication using Peer Network Perspectives
BS in Computer Engineering
Computer Engineering Department
SSL currently uses certificates signed by Certificate Authorities (CAs) to authenticate connections. e.g. Google will pay a CA to sign a certificate for them, so that they can prove that they're not someone pretending to be Google. Unfortunately, this system has had multiple problems, and many believe that an alternative needs to be found.
One of the ideas for alternatives is using multiple "network perspectives" to authenticate a server. The idea behind this is that, though playing man-in-the-middle (MITM) with one connection is easy, it should be difficult for an adversary to do so with many connections, especially if they take different network paths (e.g. from different countries).
There have already been projects that have implemented this structure by using dedicated "notaries" that a client could request certificate info from for a particular server ("What's www.google.com's certificate look like?"). Panorama drops the need for notaries, by using connected clients to preform the job of notaries.
This document is currently not available here.