Experiences deploying multi-vantage-point domain validation at let's encrypt

Henry Birge-Lee; Liang Wang; Daniel McCarney; Roland Shoemaker; Jennifer Rexford; Prateek Mittal

Experiences deploying multi-vantage-point domain validation at let's encrypt

Henry Birge-Lee, Liang Wang, Daniel McCarney, Roland Shoemaker, Jennifer Rexford, Prateek Mittal

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

An attacker can obtain a valid TLS certificate for a domain by hijacking communication between a certificate authority (CA) and a victim domain. Performing domain validation from multiple vantage points can defend against these attacks. We explore the design space of multi-vantage-point domain validation to achieve (1) security via sufficiently diverse vantage points, (2) performance by ensuring low latency and overhead in certificate issuance, (3) manageability by complying with CA/Browser forum requirements, and requiring minimal changes to CA operations, and (4) a low benign failure rate for legitimate requests. Our open-source implementation was deployed by the Let's Encrypt CA in February 2020, and has since secured the issuance of more than half a billion certificates during the first year of its deployment. Using real-world operational data from Let's Encrypt, we show that our approach has negligible latency and communication overhead, and a benign failure rate comparable to conventional designs with one vantage point. Finally, we evaluate the security improvements using a combination of ethically conducted real-world BGP hijacks, Internet-scale traceroute experiments, and a novel BGP simulation framework. We show that multi-vantage-point domain validation can thwart the vast majority of BGP attacks. Our work motivates the deployment of multi-vantage-point domain validation across the CA ecosystem to strengthen TLS certificate issuance and user privacy.

Original language	English (US)
Title of host publication	Proceedings of the 30th USENIX Security Symposium
Publisher	USENIX Association
Pages	4311-4327
Number of pages	17
ISBN (Electronic)	9781939133243
State	Published - 2021
Event	30th USENIX Security Symposium, USENIX Security 2021 - Virtual, Online Duration: Aug 11 2021 → Aug 13 2021

Publication series

Name	Proceedings of the 30th USENIX Security Symposium

Conference

Conference	30th USENIX Security Symposium, USENIX Security 2021
City	Virtual, Online
Period	8/11/21 → 8/13/21

All Science Journal Classification (ASJC) codes

Computer Networks and Communications
Information Systems
Safety, Risk, Reliability and Quality

Cite this

@inproceedings{a2a80f840eae45d89a0ec9e4f1966125,

title = "Experiences deploying multi-vantage-point domain validation at let's encrypt",

abstract = "An attacker can obtain a valid TLS certificate for a domain by hijacking communication between a certificate authority (CA) and a victim domain. Performing domain validation from multiple vantage points can defend against these attacks. We explore the design space of multi-vantage-point domain validation to achieve (1) security via sufficiently diverse vantage points, (2) performance by ensuring low latency and overhead in certificate issuance, (3) manageability by complying with CA/Browser forum requirements, and requiring minimal changes to CA operations, and (4) a low benign failure rate for legitimate requests. Our open-source implementation was deployed by the Let's Encrypt CA in February 2020, and has since secured the issuance of more than half a billion certificates during the first year of its deployment. Using real-world operational data from Let's Encrypt, we show that our approach has negligible latency and communication overhead, and a benign failure rate comparable to conventional designs with one vantage point. Finally, we evaluate the security improvements using a combination of ethically conducted real-world BGP hijacks, Internet-scale traceroute experiments, and a novel BGP simulation framework. We show that multi-vantage-point domain validation can thwart the vast majority of BGP attacks. Our work motivates the deployment of multi-vantage-point domain validation across the CA ecosystem to strengthen TLS certificate issuance and user privacy.",

author = "Henry Birge-Lee and Liang Wang and Daniel McCarney and Roland Shoemaker and Jennifer Rexford and Prateek Mittal",

note = "Funding Information: We would like to thank Let{\textquoteright}s Encrypt for their extensive collaboration in this project. We are particularly grateful to the Let{\textquoteright}s Encrypt site reliability engineering team for facilitating our data collection, the engineers that worked to integrate multiVA, and Josh Aas for his feedback on the paper and collaboration on our Open Technology Fund and International Republican Institute grants. Additionally, we want to thank Amogh Dhamdhere for his assistance with the bdrmap tool and the PEERING testbed team for helping to facilitate our ethical BGP attacks. We are also grateful for support from the Open Technology Fund and International Republican Institute through their Securing Domain Validation project, the National Science Foundation under grant CNS-1553437 and CNS-1704105, and DARPA under grant FA8750-19-C-007. Finally, we would like to thank the USENIX Security reviewers for their feedback and Paul Pearce for shepherding our paper. Publisher Copyright: {\textcopyright} 2021 by The USENIX Association. All rights reserved.; 30th USENIX Security Symposium, USENIX Security 2021 ; Conference date: 11-08-2021 Through 13-08-2021",

year = "2021",

language = "English (US)",

series = "Proceedings of the 30th USENIX Security Symposium",

publisher = "USENIX Association",

pages = "4311--4327",

booktitle = "Proceedings of the 30th USENIX Security Symposium",

}

Birge-Lee, H, Wang, L, McCarney, D, Shoemaker, R, Rexford, J & Mittal, P 2021, Experiences deploying multi-vantage-point domain validation at let's encrypt. in Proceedings of the 30th USENIX Security Symposium. Proceedings of the 30th USENIX Security Symposium, USENIX Association, pp. 4311-4327, 30th USENIX Security Symposium, USENIX Security 2021, Virtual, Online, 8/11/21.

TY - GEN

T1 - Experiences deploying multi-vantage-point domain validation at let's encrypt

AU - Birge-Lee, Henry

AU - Wang, Liang

AU - McCarney, Daniel

AU - Shoemaker, Roland

AU - Rexford, Jennifer

AU - Mittal, Prateek

N1 - Funding Information: We would like to thank Let’s Encrypt for their extensive collaboration in this project. We are particularly grateful to the Let’s Encrypt site reliability engineering team for facilitating our data collection, the engineers that worked to integrate multiVA, and Josh Aas for his feedback on the paper and collaboration on our Open Technology Fund and International Republican Institute grants. Additionally, we want to thank Amogh Dhamdhere for his assistance with the bdrmap tool and the PEERING testbed team for helping to facilitate our ethical BGP attacks. We are also grateful for support from the Open Technology Fund and International Republican Institute through their Securing Domain Validation project, the National Science Foundation under grant CNS-1553437 and CNS-1704105, and DARPA under grant FA8750-19-C-007. Finally, we would like to thank the USENIX Security reviewers for their feedback and Paul Pearce for shepherding our paper. Publisher Copyright: © 2021 by The USENIX Association. All rights reserved.

PY - 2021

Y1 - 2021

N2 - An attacker can obtain a valid TLS certificate for a domain by hijacking communication between a certificate authority (CA) and a victim domain. Performing domain validation from multiple vantage points can defend against these attacks. We explore the design space of multi-vantage-point domain validation to achieve (1) security via sufficiently diverse vantage points, (2) performance by ensuring low latency and overhead in certificate issuance, (3) manageability by complying with CA/Browser forum requirements, and requiring minimal changes to CA operations, and (4) a low benign failure rate for legitimate requests. Our open-source implementation was deployed by the Let's Encrypt CA in February 2020, and has since secured the issuance of more than half a billion certificates during the first year of its deployment. Using real-world operational data from Let's Encrypt, we show that our approach has negligible latency and communication overhead, and a benign failure rate comparable to conventional designs with one vantage point. Finally, we evaluate the security improvements using a combination of ethically conducted real-world BGP hijacks, Internet-scale traceroute experiments, and a novel BGP simulation framework. We show that multi-vantage-point domain validation can thwart the vast majority of BGP attacks. Our work motivates the deployment of multi-vantage-point domain validation across the CA ecosystem to strengthen TLS certificate issuance and user privacy.

AB - An attacker can obtain a valid TLS certificate for a domain by hijacking communication between a certificate authority (CA) and a victim domain. Performing domain validation from multiple vantage points can defend against these attacks. We explore the design space of multi-vantage-point domain validation to achieve (1) security via sufficiently diverse vantage points, (2) performance by ensuring low latency and overhead in certificate issuance, (3) manageability by complying with CA/Browser forum requirements, and requiring minimal changes to CA operations, and (4) a low benign failure rate for legitimate requests. Our open-source implementation was deployed by the Let's Encrypt CA in February 2020, and has since secured the issuance of more than half a billion certificates during the first year of its deployment. Using real-world operational data from Let's Encrypt, we show that our approach has negligible latency and communication overhead, and a benign failure rate comparable to conventional designs with one vantage point. Finally, we evaluate the security improvements using a combination of ethically conducted real-world BGP hijacks, Internet-scale traceroute experiments, and a novel BGP simulation framework. We show that multi-vantage-point domain validation can thwart the vast majority of BGP attacks. Our work motivates the deployment of multi-vantage-point domain validation across the CA ecosystem to strengthen TLS certificate issuance and user privacy.

UR - http://www.scopus.com/inward/record.url?scp=85106935926&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85106935926&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:85106935926

T3 - Proceedings of the 30th USENIX Security Symposium

SP - 4311

EP - 4327

BT - Proceedings of the 30th USENIX Security Symposium

PB - USENIX Association

T2 - 30th USENIX Security Symposium, USENIX Security 2021

Y2 - 11 August 2021 through 13 August 2021

ER -

Experiences deploying multi-vantage-point domain validation at let's encrypt

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Other files and links

Fingerprint

Cite this