This research was presented at the 10th Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs 2017):
Digital certificates play an important role in secure and private communication using TLS. Thus, vulnerabilities in the process of issuing digital certificates (identity verification) can have devastating consequences for the security and privacy of online communications. In this talk, we explore the impact of BGP hijack and interception attacks on the domain verification process of obtaining a certificate. These attacks allow adversaries to obtain fake certificates for a victim's domain. While these attacks have been outlined in recent work, no study has yet to measure the effectiveness of these attacks on real-world certificate authorities. In this paper we perform these BGP interception attacks and measure the responses of some of the top certificate authorities. We also propose a new BGP attack this is more effective than those previously studied. Our results show that none of these certificate authorities have measures in place to prevent issuing certificates using intercepted routes which allows an attacker to obtain a certificate for a domain it does not control. In addition, this study presents two countermeasures (with reference implementations) and performs a detailed analysis of the false-positive rate of these countermeasures. Our results show that with a 0.3% false-positive rate the vast majority of attacks can be prevented.
Read the full talk proposal here
View our talk and our live demo of an attack: