Server Location Verification (SLV) and Server Location Pinning: Augmenting TLS Authentication

@article{Abdou2017ServerLV,
  title={Server Location Verification (SLV) and Server Location Pinning: Augmenting TLS Authentication},
  author={AbdelRahman Abdou and Paul C. van Oorschot},
  journal={ArXiv},
  year={2017},
  volume={abs/1608.03939}
}
We introduce the first known mechanism providing realtime server location verification. Its uses include enhancing server authentication by enabling browsers to automatically interpret server location information. We describe the design of this new measurement-based technique, Server Location Verification (SLV), and evaluate it using PlanetLab. We explain how SLV is compatible with the increasing trends of geographically distributed content dissemination over the Internet, without causing any… Expand
EVLA: Extended-Validation Certificates with Location Assurance
TLDR
This paper proposes Extended-Validation Certificates with Location Assurance (EVLA), a blockchain-based system that increases the security of EV certificates through checking and asserting that a CA and a given entity indeed have met during the certification process. Expand
Secure Client and Server Geolocation over the Internet
TLDR
A technical overview of Client Presence Verified (CPV) and Server Location Verification (SLV)---two recently proposed techniques designed to verify the geographic locations of clients and servers in realtime over the Internet. Expand
Strengthening Password-Based Web Authentication Through Multiple Supplementary Mechanisms
TLDR
This thesis contributes to the reinforcement of password-based authentication by pursuing parallel mechanisms that improve security without further burdening users, and expands on the concept of mimicry resistance, a dimension that has been overlooked in the design and study of web authentication schemes. Expand
Towards Sustainable Evolution for the TLS Public-Key Infrastructure
TLDR
This work proposes a framework that supports the deployment of multiple PKI enhancements, with the ability to accommodate new, yet unforeseen, enhancements in the future, and enlists the cloud as a "centralized" location where multiple enhancements can be accessed with high availability. Expand
Is Real-time Phishing Eliminated with FIDO? Social Engineering Downgrade Attacks against FIDO Protocols
TLDR
This work crafted a phishing website that mimics Google login’s page and implements a FIDO-downgrade attack, and found that, while registering F IDO as their second authentication factor, 55 % of participants fell for real-time phishing, and another 35% would be susceptible to the attack in practice. Expand
Exploring Website Location as a Security Indicator
TLDR
The results suggest that website location can be used as an effective indicator for users' security assessments, and a security indicator to alert the user to changes in website locations is designed. Expand
Location Verification Assisted by a Moving Obstacle for Wireless Sensor Networks
TLDR
Simulation results show that the proposed scheme achieves high probability of detecting malicious nodes and low probability of treating legitimate nodes as malicious, and the accuracy of the analysis is verified. Expand
A lightweight and cost effective edge intelligence architecture based on containerization technology
TLDR
This paper suggests and evaluates an architecture on the basis of the distributed edge/cloud integration paradigm and explains all of its advantages which lie in the combination of affordability and several other benefits provided by the fact that data processing is conducted by the edge devices instead of the central server. Expand
Identification of IP addresses using fraudulent geolocation data
IP geolocation information is used all over the internet, but is easily faked. A number of different internet organisations do this – from bulletproof hosting providers attempting to conceal theExpand
Retrospective IP Address Geolocation for Geography-Aware Internet Services
TLDR
The results show that it is safe to retrospectively locate IP addresses by a couple of years, but there are differences between IPv4 and IPv6. Expand
...
1
2
...

References

SHOWING 1-10 OF 63 REFERENCES
SALVE: server authentication with location verification
TLDR
This paper develops a TLS extension that enables the client to verify the server's location in addition to its certificate, and develops a solution that achieves location-based server authentication by using secure DNS resolution and by leveraging LCS for location measurements. Expand
CPV: Delay-Based Location Verification for the Internet
TLDR
Client Presence Verification is devised, a delay-based verification technique designed to verify an assertion about a device’s presence inside a prescribed geographic region, which mitigates Internet path asymmetry using a novel method to deduce one-way application-layer delays to/from the client's participating device, and mines these delays for evidence supporting/refuting the asserted location. Expand
The SSL landscape: a thorough analysis of the x.509 PKI using active and passive measurements
TLDR
A comprehensive analysis of X.509 certificates in the wild reveals that the quality of certification lacks in stringency, due to a number of reasons among which incorrect certification chains or invalid certificate subjects give the most cause for concern. Expand
When HTTPS Meets CDN: A Case of Authentication in Delegated Service
TLDR
To address the delegation problem when HTTPS meets CDN, a lightweight solution based on DANE (DNS-based Authentication of Named Entities), an emerging IETF protocol complementing the current Web PKI model is proposed and implemented. Expand
Visual Spoofing of SSL Protected Web Sites and Effective Countermeasures
TLDR
Evidence is provided that most web browsers have severe weaknesses in the browser-to-user communication (graphical user interface), which attackers can exploit to fool users about the presence of a secure SSL/TLS connection and make them disclose secrets to attackers. Expand
SoK: SSL and HTTPS: Revisiting Past Challenges and Evaluating Certificate Trust Model Enhancements
TLDR
This work survey and categorize prominent security issues with HTTPS and provides a systematic treatment of the history and on-going challenges, intending to provide context for future directions. Expand
Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing
TLDR
PerSPECTIVES explores a promising part of the host authentication design space: Trust-on-first-use applications gain significant attack robustness without sacrificing their ease-of-use. Expand
Policy-Sealed Data: A New Abstraction for Building Trusted Cloud Services
TLDR
Policy-sealed data can provide greater confidence to Eucalyptus customers that their data is not being mismanaged, and Excalibur uses attribute-based encryption, which reduces the overhead of key management and improves the performance of the distributed protocols employed. Expand
Dynamic pharming attacks and locked same-origin policies for web browsers
TLDR
Two locked same-origin policies for web browsers are proposed, one of which can be deployed today and interoperate seamlessly with the vast majority of legacy web servers, and the other a simple incrementally deployable opt-in mechanism for legacy servers using policy files. Expand
Forced Perspectives: Evaluating an SSL Trust Enhancement at Scale
TLDR
It is demonstrated that through local and server caching, a single Convergence deployment can meet the requirements of millions of SSL flows while imposing under 0.1% network overhead and requiring as little as 108 ms to validate a certificate, making Convergence a worthwhile candidate for further deployment and adoption. Expand
...
1
2
3
4
5
...