Scribd Logo
Upload

Welcome to Scribd!

  • Yeet

    Uploaded by

    artur_papp
    5 views1 page
    We proposed two countermeasures to mitigate BGP attacks on PKI: multiple vantage point verification to prevent localized route hijacking by verifying domain control from multiple locations, and a live BGP monitoring system using a novel route age heuristic to detect and prevent short-lived attacks by requiring they remain active for hours to issue bogus certificates. We analyzed the full scope of potential BGP attacks on PKI, successfully executed them, evaluated the current vulnerability, and demonstrated our countermeasures to be effective defenses.

    Original Description:

    Original Title

    yeet - Copy (4)

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    We proposed two countermeasures to mitigate BGP attacks on PKI: multiple vantage point verification to prevent localized route hijacking by verifying domain control from multiple locations, and a live BGP monitoring system using a novel route age heuristic to detect and prevent short-lived attacks by requiring they remain active for hours to issue bogus certificates. We analyzed the full scope of potential BGP attacks on PKI, successfully executed them, evaluated the current vulnerability, and demonstrated our countermeasures to be effective defenses.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    5 views1 page

    Yeet

    Uploaded by

    artur_papp
    We proposed two countermeasures to mitigate BGP attacks on PKI: multiple vantage point verification to prevent localized route hijacking by verifying domain control from multiple locations, and a live BGP monitoring system using a novel route age heuristic to detect and prevent short-lived attacks by requiring they remain active for hours to issue bogus certificates. We analyzed the full scope of potential BGP attacks on PKI, successfully executed them, evaluated the current vulnerability, and demonstrated our countermeasures to be effective defenses.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    of 1

    Countermeasures against BGP attacks: We pro-

    posed and developed two countermeasures to mitigate


    the threat of BGP attacks: multiple vantage point veri-
    fication and a live BGP monitoring system.
    • Multiple Vantage Point Verification: We propose
    to perform domain control verification from multi-
    ple locations on the Internet (vantage points) to pre-
    vent localized BGP attacks. We calculate the best
    locations for vantage points and quantify the result-
    ing security benefit.
    • Live BGP Monitoring System: We design and im-
    plement (in the Let’s Encrypt’s CA) a monitoring
    system with a novel route age heuristic to prevent
    short-lived BGP attacks [19] that can quickly lead
    to a bogus certificate before the attack is noticed.
    Our heuristic is designed for CAs and forces adver-
    saries to keep attacks active for several hours, giving
    network operators time to react.
    Some of the BGP attacks were briefly discussed in a
    short abstract [16]. In this paper, we go further by an-
    alyzing the complete attack surface of BGP attacks on
    PKI and performing all the attacks in the wild — with
    success. We also measure the vulnerability of the current
    PKI to these attacks, and propose/evaluate two effective
    countermeasures to defend against the attacks.

    You might also like